302
◾
Ethical Hacking and Penetration Testing Guide
So, we have successfully managed to decrypt the key, which is C3:6E:E8:F7:82. Just remove
the colons from the output and you will be left with the original wep key,
which in this case is
C36EE8F782.
Cracking a WPA/WPA2 Wireless Network Using Aircrack-ng
As WEP has been deprecated since early 2001, WPA was introduced as an industry standard,
which used TKIP for encryption of data. Later, WPA2 became an industry standard since it
introduced
AES encryption, which is more powerful than TKIP; however, it also supports TKIP
encryption. The WPA/WPA2 key that we would use to authenticate on a wireless network is used
to generate another unique key.
Five additional parameters would be added to our key to generate a unique key.
The param-
eters are the SSID of the network authenticator, Nounce (ANounce), supplicant Nounce
(SNounce), authenticator MAC address (access point MAC), and suppliant MAC address (Wi-
Fi client MAC).
From a hacker’s perspective, we can use a brute force or dictionary
attack or rainbow tables to
crack a WPA/WPA2 network, obviously a dictionary attack is much less time consuming than
other attacks; therefore it should be your first preference. The success rate of this attack depends
upon the wordlist you would use. Another requirement for this attack to work is the four-way
handshake, which takes place between
a client and an access point, which we will capture using
the deauthentication attack.
Let’s see how we can use aircrack-ng to crack a WPA/WPA2 network:
Step 1
—First of all, ensure that your network card is inside the monitoring mode.
Step 2
—Next, we would listen on the mon0 interfaces for other access points having encryp-
tion set to either wpa or wpa2. We would use the “airmon-ng mon0” command to do it.
Our target AP would be Shaxter, which uses WPA as their encryption type. We will take a
note of its BSSID and the channel that it’s on, this information would
be useful in the upcoming
steps.
BSSID: F4:3E:61:92:68:D7
Channel: 6
