How To Crack WPA2 WiFi Password With AirCrack-NG - WiFi Pentesting Video 2024

00:00

[Music]

00:08

so in this video we're going to be

00:09

capturing some handshakes doing some

00:11

Wireless cracking Wireless penetration

00:13

testing so if you guys are new to the

00:16

Channel please like subscribe and share

00:18

if you're returning let's have some fun

00:20

so before we actually get into it I just

00:23

want to let you guys know in order to

00:25

perform this task you need to have an

00:27

external wireless card like an alpha

00:30

Panda whatever your choices TP Link

00:32

whatever you want to choose to use

00:34

that's up to you I have an alpha card

00:37

and I have other videos to set it up and

00:41

plug it in and install the drivers so

00:43

I'm not going to go over that here so

00:45

once you actually have it installed what

00:47

you can do is just run

00:49

LS

00:51

USB and you can see make sure your

00:53

wireless card is there mine is right

00:55

there so I just wanted to put that out

00:59

there before you guys say oh it's not

01:00

working I don't get the same options as

01:03

you you know because you need to have

01:05

these tools excuse me you need to have

01:07

these drivers and the right

01:10

access um the right access points and

01:13

the right uh cards in order to perform

01:16

this so I just wanted to put that out

01:18

there before I forget and get these

01:20

crazy messages saying it's not working

01:21

when I'm doing on my laptop but you know

01:24

you need an external uh card all right

01:27

so first thing we can do is do an IW

01:30

config just to just to make sure we have

01:33

our access point uh our card in monitor

01:36

mode so what is Monitor mode so you have

01:39

two modes right you have manage mode so

01:41

you can get onto the internet you can

01:43

you know all the default by default

01:45

everything's in manage mode right so

01:47

when you put it in monitor mode that

01:48

means you're allowed to listen for

01:51

packets you're listen you know you're

01:53

able to ingest packets and you know

01:55

sniff the sniff the networks I guess you

01:57

can say right so so if it's in manage

02:01

mode excuse me monitor mode you're good

02:04

if it's in manage mode what you can do

02:06

is run a command air airmon

02:10

NG start and then whatever uh whatever

02:14

interface you're on so I'm on W land

02:16

zero so you just do that and then you

02:19

can just run it again and you should be

02:21

in monitor mode and those are the you

02:23

know a few preliminary steps you should

02:25

take to make sure you're good to go so

02:28

now what we need to do is stop C

02:29

capturing packets and we can use a tool

02:32

called Arrow dump NG this is the only

02:35

you know at crack NG Suite so you know

02:38

just learn how to use this if you're

02:40

definitely interested in Wireless

02:41

hacking so you do Arrow dump

02:44

NG not that so Arrow dump NG Wireless of

02:51

w land zero so now I want to go ahead

02:54

and just control C I want to stop that

02:57

so up here what it's doing up here is

03:00

which Al which is known as uh Channel

03:03

hopping it's hopping the channels jump

03:05

jumping from one channel to the next

03:07

channel to next channel so you know we

03:10

can see here in this in this row right

03:13

here with the Channel 6 1 11 9 two Etc

03:17

so you probably guessed it right the

03:20

network that I'm going to be targeting

03:22

is my own which is infos packing WAP

03:25

also it stands for um uh Wireless access

03:31

point I almost said something else by

03:34

accident but yeah so this is the

03:36

information that we have gathered so

03:38

let's go ahead I'm just going to copy

03:40

this for

03:41

now and let me go ahead and throw it in

03:45

here and I can make this larger just for

03:50

just for lat right so we'll we'll have

03:52

this for

03:53

lat okay so now once we have this

03:57

information what we can do is take it a

03:59

step further and we can actually Target

04:01

just our Network right so this is our

04:05

Network right here we just got it right

04:06

so let's go ahead and just run Arrow

04:08

dump NG again Arrow dump NG and then

04:12

what I want to do is- C Channel I want

04:15

Channel 2 because this is the channel

04:17

I'm on right and then the word L uh the

04:23

the output file that I want to put it

04:25

out to I can put it to uh capture

04:30

capture pack I don't know capture pack

04:33

okay so now we can do a uh- d and what I

04:38

want to do is associate my access point

04:41

right if that makes any sense so what I

04:43

want to do is copy

04:47

this let me go ahead and hit space and

04:49

go ahead and paste this here and then we

04:51

have to do W land zero right that's what

04:54

I'm doing so now this is only going to

04:56

Target my network specifically it's not

04:59

gonna you know it's not going to jump

05:00

around to the other networks or anything

05:02

like that so we don't have any access uh

05:06

any stations connected I do have a

05:08

station I probably got disconnected oh

05:09

there it is all right so I do have my

05:12

iPhone connected so this is my

05:14

iPhone right here so the next thing we

05:17

need to do is we need to De authenticate

05:20

right we can do a deauthentication

05:22

attack in order to get the four-way

05:24

handshake right so now this is just just

05:27

chilling out here so what we can do is

05:29

come over here and what we can do is air

05:32

play NG I have it

05:35

here okay so

05:38

deauthentication zero for unlimited

05:41

times- a we have our access point right

05:46

and then and then the client right so

05:49

this is my client that I'm going to be

05:51

removing which is my iPhone and then I'm

05:54

going to be using my WL Zer as my

05:56

interface so now this is going to Go De

06:00

authenticate this obviously can take

06:02

some time let's go back here this can

06:04

take some time depending on how far your

06:06

access point is from you how many how

06:08

many uh uh clients are connected so

06:13

obviously this is the process I want to

06:15

make this a little quicker so what I'm

06:16

want to do is I'm going to actually go

06:18

on my iPhone disable my wireless

06:20

reenable wireless so then it can

06:22

intercept that traffic all right so let

06:24

me do that really quick let me go ahead

06:27

and turn this off turn this back

06:30

on associate myself and then we should

06:34

get it

06:35

shortly once

06:38

uh let's give this a

06:44

second let me go ahead and shut this off

06:49

again turn it

06:51

on and uh let's give this a moment

07:00

all right so what I'm going to do it's

07:02

probably because this is doing the be

07:04

off so I want to go ahead and cancel

07:06

this now oops I don't want that one this

07:10

one now what we could probably do is

07:12

come back here and here we go okay so

07:17

that's pretty much the process so we

07:19

just you know we sped the process up we

07:21

uh we cheated a little bit right so we

07:23

can just go ahead and control C this we

07:26

already got the the four-way handshake

07:29

up here

07:30

so now if we do an LS here we have a few

07:34

captures so we have the most important

07:37

thing is the pcap file right so this

07:40

pcap file is super important to us

07:42

because in order to do a dictionary

07:45

attack or offline Brute Force attack or

07:47

whatever kind of attack that we want to

07:49

do we need this file in order to do so

07:52

right so what we can do is if you want

07:55

to get a little nerdy for a second we

07:57

can open ourself a wire shark and look

07:59

at it so let's do that let's do wire

08:02

shark and then

08:05

capture okay so let's pop open this bad

08:09

boy in wire shark so we can look at the

08:12

protocol that it's running on which is e

08:14

EA P so e a p o we can look at the

08:19

four-way handshake here and we can look

08:22

over we can see message 1 2 3 4 and

08:26

these are all the messages that we that

08:29

we see here you you know you can do this

08:31

you can get a little nerdy this is my

08:33

this is my phone this is the Asus is my

08:36

actually that my actual access point and

08:39

all that good stuff so you can get a

08:40

little nerdy and and look into here but

08:44

um yeah so that's that's pretty much you

08:46

know how you can look into the packet

08:48

level so now what we can do which is the

08:51

most fun part so I have I want to do an

08:54

LS really quick I have this password.txt

08:57

so if I do a word count on password

09:00

.txt it's only

09:02

174 words so it's going to be super

09:04

quick right maybe you're using Rock you.

09:07

txt maybe you're using a sec list maybe

09:10

you're using your own that you found on

09:12

the internet wherever you you know

09:14

wherever you found your word list but

09:17

what I want to do now is use aircraft so

09:20

aircraft and is the tool that we're

09:22

going to use to crack the password right

09:25

so we're going look at capture.

09:28

cap okay and then we're going to do DW

09:31

which is for the word list in my case

09:33

it's going to be password.txt when I hit

09:36

enter here it's going to go try to cack

09:38

that password and that was super quick

09:41

and not even a second so my password now

09:45

is try to hack me 2023 bang right so

09:49

this is my password so that was pretty

09:51

much the process of let's go back you

09:54

know we learned how to make sure our our

09:58

um our is in monitor mode scan the

10:01

networks capture the files capture the

10:03

handshake and then crack the handshake

10:05

so hopefully this been informative for

10:07

you folks I really thank you so much for

10:08

viewing please like subscribe and share

10:12

and so much more to you know so much

10:13

more to come so stay tuned thank you