Cracking WEP &WPA/WPA2 Wi-Fi Passwords
Wi-Fi has different security standards such as WEP, WPA, WPA2, and currently not so widely used WPA3. These security standards decide how strong is the security of the Wi-Fi and also how easily the Wi-Fi passwords will be cracked. If you notice that a Wi-Fi network has WEP security then be happy because it is for sure crackable and if its a WPA or WPA2 we need to do some extra work but it still can be cracked
This blog is written as a part of the Master Certificate in Cyber Security that I am pursuing from HackerU.
As the WPA/WPA2 attacks are going to be Brute force attacks or as it is called dictionary attacks we should also know how much time each password type takes to be cracked.
This also depends on your GPU spec (if you are using one) and resources allocated to the kali virtual machine.
We will be starting from WPA/WP2 cracking and then moving on to WEP cracking
Let's get on to cracking
Pre-requisites
- Kali Linux
- Aircrack-ng suite ( pre-installed in kali)
- Wi-Fi adapter (monitor mode compatible)
Process
Step 1- Enabling monitor mode
Enable monitor mode on your wireless adapter so it can monitor all the wireless traffic
iwconfig
airmon-ng start wlan0
WPA/WPA2
Step 2- Monitor wireless connection and capture packets
Start airodump-ng to monitor all the wireless connections and single out the target.
airodump-ng wlan0
STEP 3 -Dumping Data packets & capturing Handshake
airodump-ng wlan0 --bssid <target_mac_address> -c 1--write <filename>
Capturing data packets from the network ASUS_X00TD and writing them into a file name asus1. Here bssid means the target MAC address and C means the channel number.
Now we have to wait for a device to connect to the target so we can capture the handshake which we use to crack the password. If no new device is connecting to the target we can disconnect the existing clients on the target by performing a Deauthentication attack. Open a new terminal and write the following command for the de-auth attack.
aireplay-ng -0 1 -a <target_MAC_address>-c <client_MAC_address>wlan0
- -0 means deauthentication
- 1 is the number of deauths to send (you can send multiple if you wish)
Step 4-Cracking the WPA/WPA2 password
Using the wordlist rockyou.txt to perform a brute force attack and as we can see we have cracked the password i.e. is liverpool.
aircrack-ng <.cap_file> -w <wordlist_location/wordlist.txt>
If you want to create a custom wordlist you can use the CUPP tool to do so.
Now let's crack some WEP passwords which is like child's play.
WEP
STEP 1 is the same as WPA/WPA2 process.
STEP 2 -Dumping data packets
airodump-ng wlan0 --bssid <target_MAC_address> -c <channel> --<filename>
STEP 3 -Cracking Password
How easily we have cracked WEP password which is 6MK”q .
aircrack-ng <file.cap>
Hope you found this helpful. If you liked this article or if it helped you in any way. Please leave some claps. And I wouldn’t mind 50 of them ;)