Wpa with kali linux

Hacking Wi-Fi with Kali Linux

My home Wi-Fi password has always been rather simple and memorable. It makes it easy to give out to guests, input on devices without keyboards, and remember when needed. I always knew it was a little insecure, but how insecure?

In this post I’ll be showing you how you can put your home WPA2 Wi-Fi network password to the test with free open-source tools and less than £30 worth of hardware.

Prerequisites

For this to work we’re going to need:

• A modern computer capable of running virtualisation software.
• A WiFi network adapter which supports running in ‘monitor mode’. I used this one.
• A download of Kali Linux. Downloads here.

My setup

I’m going to be using a pre-built OVA (Open Virtual Appliance) of Kali linux on my Mac with VMware Fusion. Kali can be booted and run as a physical OS however I find it much easier and quicker to use the virtual appliance.

If you’re a Windows user take a look at using Hyper-V (free) or VMware Workstation (paid). For Mac OS my recommendation is VMware Fusion.

Step 1 – Setting up Kali

As mentioned before I will be running Kali within a virtual machine on Mac OS. This step of the guide will reflect Mac OS however the steps should be somewhat similar on Windows.

Download the latest virtual appliance from the Offensive Security website here.

I downloaded Kali Linux Vm 64 Bit [OVA]. For Hyper-V take a look at the dedicated Hyper-V tab.

Within the VMware Fusion options menu select Import.

Select the downloaded OVA file. At the configurator screen leave all options as default and select continue until the wizard completes.

Now start the virtual machine. If prompted, upgrade the virtual machine version.

At the boot screen press enter to boot Kali linux.

Step 2 – Hardware Setup

At this stage we’re going to need a suitable WiFi adapter. The adapter must be capable of running in ‘monitor’ mode, a special mode in which the WiFi card will forward all nearby WiFi traffic to your computer without needing to associate with a network.

I ended up purchasing the Alfa Networks AWUS036NHA adapter available on Amazon here.

Some other suitable adapters are:

When plugging the WiFi adapter in, be sure to select the option to pass it through to the Kali virtual machine.

Step 3 – Obtain the password hash

We will now use command line tools included with Kali linux to capture the WPA handshake between a WiFi access point and client. With the captured handshake we will then be able to launch a brute-force attack in the next step.

Open Terminal within Kali linux and run the command:

A list of network adapters will be returned. In the case of my virtual machine the Alfa WiFi adapter is the only adapter present with an interface name of ‘wlan0’. Let’s set airmon to listen on the adapter wlan0

root@kali:~# airmon-ng start wlan0 

Airmon-ng should now start listening to WiFi traffic with adapter wlan0.

To check the command worked, run the command ‘airmon-ng’ again. The interface name should now have ‘mon’ appended to show it’s in monitoring mode.

Now, let’s find something to hack!

root@kali:~# airodump-ng wlan0mon 

The name’s of nearby WiFi networks will be listed. Make a note of the BSSID for the network which you intend to target. In my case this will be the ‘Coady’ network.

Once you have noted the BSSID, press Ctrl + C to close airodump-ng.

We now need to point ‘airodump-ng’ at a specific network BSSID in order to capture a handshake.

root@kali:~# **airodump-ng -c 6 –bssid (Your BSSID Here) -w /root/Desktop/ wlan0mon** 

Something similar to below will be shown:

Now we wait patiently for a WPA handshake to occur. This happens when a device first joins a WiFi network. Once we have captured one “WPA Handshake” will be shown in the top right corner as seen here:

Tip: It is possible to force currently connected WiFi devices to disconnect and reconnect with the command:
airplay-ng –deauth 10 -a (network BSSID) wlan0mon

The captured WPA handshake will be stored on the desktop of our Kali virtual machine in the form of a .cap file which we will use in the next step to crack the password.

Step 4 – Cracking the password

In this step we will conducting a dictionary attack against the .cap file we generated in the previous step.

First we’ll need a dictionary file. This is a file which contains tens of thousands of possible passwords which our software will try in-turn in an attempt to guess the password.

I would recommend downloading Brannon Dorsey’s ‘rockyou.txt’ dictionary file on Github. To do this, open Terminal and type:

root@kali:~# curl -L -o rockyou.txt https://github.com/brannodorsey/naive-hashcat/releases/download/data/rockyou.txt 

I then moved the downloaded rockyou.txt file to my desktop and ran the following command:

root@kali:~# aircrack-ng -a2 -b 44:D9:E7:F7:DC:CE -w /root/Desktop/rockyou.txt /root/Desktop/-03.cap 

The above command consists of a few variables, namely:

• -a2 sets the mode to WPA2. For WPA1 or WEP drop this completely.
• -b is the BSSID
• -w is the path to both the dictionary .txt file and the .cap file.

Once the process starts you will see an output similar to below as airmon-ng uses the dictionary file to try and guess the password.

If the password is found it will be shown like below:

So, there we have it! My home WiFi password has been for many years “pendulum”. It was cracked in less than a minute which was a real wake up call.

Since then I’ve taken steps to increase the security of my home WiFi and will certainly be putting any future networks to the test.

Finishing up

In this post I detailed one of the many possible ways of attempting to crack the password of a WiFi network. We used a pre-built dictionary file full of potential passwords and tried them one-by-one automatically until we got a match.

Unfortunately networks protected with a password not included within the dictionary file won’t be cracked by this method. Instead in an upcoming instalment I’ll show how computer graphics cards (GPU’s ) can be utilised to attempt almost every possible password combination and drasticaly speed up the process of cracking.

Until then, thanks for reading!

Источник

Kali Linux WPA and WPA2 Attacks

This article will give you an overview of Wi-Fi and Wi-Fi hacking. We will begin with a basic introduction of Wi-Fi and hacking.

Introduction

Wireless fidelity, or Wi-Fi, is a type of technology employed to provide connectivity to a computer network without a cable or hardwired connection. Wi-Fi works within the 2.4 Ghz to 5 Ghz range and should not interfere with cellphones, broadcast radio, television, or handheld radios. Wi-Fi functions by transmitting data over radio waves between a client device and a device called a router. A router can transmit data to systems internally, or externally to the Internet. Wi-Fi is neither more nor less secure than a traditional hard-wired network but is instead a completely different interface. The most important thing to remember is that Wired Equivalent Privacy (WEP) was released in 1997 and is easy to break into. WEP can be broken in minutes or less. Your modern devices will not work with the WEP network and most routers no longer support it. The updated WEP can also be broken into through hacking methods.

Hacking

Simply put, to crack or break into someone’s personal information is known as hacking. Hackers can easily access to your personal device or computer. They can crack your passcodes and get access to your wireless network. They can bypass the security of the wireless network and break in, no matter what type of encryption the user is using.

Typically, if you want to break in into someone’s wireless network, you will first need to know about the encryption being used. As mentioned earlier, the WPE type network has not been secure for quite some time. It can generally be broken into in a matter of minutes. The same is true with the WPA network if you use a weak password. However, if you use a strong password, it is relatively secure, except for WPS7 PIN. This is a hardware base vulnerability that a lot of routers use, allowing hackers to get the pin that provides complete access to the router. This is usually an eight-digit number written at the bottom of the router. You can derive this number by following the steps below.

Open Kali Linux Terminal

The first step is to simply open the Kali Linux terminal. To do so, press ALT+CTRL+T. You can also press on the terminal app icon to open the terminal.

Enter Command for aircrack-ng Installation

The next step is to install aircrack-ng. Enter the following command to do so:

Enter Password to Log In

Enter your root password to enable access. After entering the login password, press the Enter button to continue.

Install aircrack-ng

Soon after logging in, press the Y button. This will enable the installation of aircrack-ng.

Turn on airmon-ng

Airmon-ng is the software used to convert the managed mode into the monitor mode. Use the following command to turn on airmon-ng:

Find Monitor Name

The next step is to find the monitor name to continue hacking. You can view the monitor name in the interface column. In some cases, you may not be able to view the monitor name. This error occurs if your card is not supported.

Begin Monitoring the Network

Enter the following command to begin the monitoring process:

If you are targeting some other network, then you should replace ‘wlan0’ with the correct network name.

Enable Monitor Mode Interface

The following command is used to enable the monitor mode interface:

Kill Processes that Return Errors

Your system may cause some interference. Use the following command to remove this error.

Review Monitor Interface

The next step is to review the monitor name. In this case, it is named ‘wlan0mon.’

Get Names of All Routers

The names of all available routers will appear after you enter the following command.

Find the Name of the Router

You will first need to find the name of the specific router that you want to hack.

Ensure that the Router Uses WPA or WPA2 Security

If the WPA name appears on the screen, then you can continue hacking.

Note the MAC address and channel number.

This is the basic information about the network. You can view them on the left side of the network.

Monitor the Selected Network

Use the following command to monitor the details of the network you want to hack.

Wait for Handshake

Wait until you see ‘WPA HANDSHAKE’ written on your screen.

Exit the window by pressing CTRL+C. A cap file will appear on your computer screen.

Rename the cap File

For your ease, you can edit the name of the file. Use the following command for this purpose:

Convert File into hccapx Format

You can convert the file into hccapx format easily with the help of the Kali converter.

Use the following command to do so:

Install naive-hash-cat

Now, you can crack the password by using this service. Use the following command to begin cracking.

Run naive-hash-cat

To run the naive-hash-cat service, enter the following command:

Wait for the Network Password to Be Cracked

As soon as the password is cracked, it will be mentioned in the file. This process can take months or even years to complete. Enter the following command when this process gets completed to save the password. The cracked password is shown in the last screenshot.
[cc lang=”bash” width=”780″]
$ aircrack-ng -a2 -b MAC -w rockyou.txt name.cap
[cc]

Conclusion

By using Kali Linux and its tools, hacking can become easy. You can easily get access to the passwords by just following the steps listed above. Hopefully, this article will help you to crack the password and become an ethical hacker.

About the author

Younis Said

I am a freelancing software project developer, a software engineering graduate and a content writer. I love working with Linux and open-source software.

Источник