How To Crack WPA2 WiFi Password With AirCrack-NG - WiFi Pentesting Video 2024
Summary
TLDRThis video covers wireless penetration testing, specifically focusing on capturing handshakes and cracking Wi-Fi passwords using tools like Aircrack-ng. The host demonstrates how to use an external wireless card, switch it to monitor mode, and capture network traffic. Viewers learn to capture a four-way handshake, open packet data in Wireshark, and perform a dictionary attack to crack the network's password. The video is a practical guide for those interested in wireless hacking, with step-by-step instructions and useful tips for beginners.
Takeaways
- 🔌 You need an external wireless card, such as an Alpha or TP-Link, to perform wireless penetration testing.
- 🖥️ Use the command `lsusb` to ensure your wireless card is properly recognized and installed.
- 🔄 Switch the wireless card to monitor mode using the `airmon-ng start <interface>` command to capture packets.
- 📶 Monitor mode allows packet sniffing, while managed mode is for typical internet use.
- 📡 Use `airodump-ng` to capture packets from surrounding wireless networks by channel hopping.
- 🎯 To target a specific network, you need to specify the channel and use `airodump-ng` with the network's details.
- 📱 To capture a handshake, deauthenticate a client device using `aireplay-ng` to force it to reconnect and capture the traffic.
- 🖱️ The handshake data is stored in a `.pcap` file, which is crucial for conducting further attacks like dictionary or brute-force attacks.
- 🔍 You can use Wireshark to analyze the packet captures and inspect the four-way handshake messages.
- 🔐 Use the `aircrack-ng` tool to crack the captured handshake using a wordlist, which can reveal the network's password.
Q & A
What is the main topic of the video?
-The video is about wireless penetration testing, specifically capturing handshakes and cracking Wi-Fi passwords using tools like Airodump-NG and Aircrack-NG.
Why is an external wireless card necessary for this process?
-An external wireless card is necessary because it allows for monitor mode, which is essential for capturing packets and performing wireless attacks. Internal laptop cards usually don't support this mode.
What is monitor mode, and why is it important?
-Monitor mode is a setting that allows a wireless card to listen to all network traffic on a given frequency without being connected to the network. It is important because it enables the capture of packets, which is critical for wireless hacking.
How can you check if your wireless card is in monitor mode?
-You can check if your wireless card is in monitor mode by running the command 'iwconfig.' If the card is in managed mode, you can switch it to monitor mode using 'airmon-ng start' followed by the interface name.
What is Airodump-NG, and how is it used in this process?
-Airodump-NG is a tool from the Aircrack-NG suite used for capturing network packets. In this process, it is used to collect information from wireless networks, including SSIDs, channels, and connected devices.
What is channel hopping, and why is it performed?
-Channel hopping refers to the process of scanning different channels in quick succession to capture traffic from various networks. It is performed to find networks and devices operating on different channels.
What is a four-way handshake, and why is it important for Wi-Fi cracking?
-A four-way handshake is the process by which a client and access point authenticate with each other in a WPA/WPA2 network. Capturing this handshake is crucial for attempting to crack the Wi-Fi password using dictionary or brute-force attacks.
How can a deauthentication attack help in capturing the four-way handshake?
-A deauthentication attack forces a device (like a phone) to disconnect from the Wi-Fi network. When the device reconnects, a new four-way handshake is generated, which can then be captured.
What role does a wordlist play in cracking the Wi-Fi password?
-A wordlist is used in a dictionary attack where the captured handshake is compared against a list of possible passwords. The correct password is found when one of the words in the list matches the hash from the handshake.
What is the final step in this Wi-Fi cracking process?
-The final step is using Aircrack-NG to attempt to crack the password by comparing the captured handshake file with the wordlist. If the correct password is in the list, Aircrack-NG will reveal it.
Outlines
📡 Getting Ready for Wireless Cracking
The speaker introduces the video, focusing on wireless penetration testing and cracking handshakes. They emphasize the need for an external wireless card, like an Alpha or TP-Link, and demonstrate how to check its installation using the `LSUSB` command. The speaker also discusses the importance of monitor mode for listening to packets and explains the difference between manage mode (for internet access) and monitor mode (for packet sniffing). Commands such as `IWconfig` and `airmon-ng start` are used to ensure the wireless card is in monitor mode before proceeding.
📶 Capturing Wireless Network Packets
In this section, the speaker explains how to capture wireless packets using the `Airodump-ng` tool. They demonstrate how to target a specific network by channel hopping and scanning the surrounding networks. The speaker identifies their own network, explains the process of filtering out only the desired network using its channel, and specifies the command structure for focused data collection. The goal is to gather network information and prepare for the next steps in packet analysis and deauthentication.
📱 Deauthentication and Handshake Capture
The speaker discusses the process of performing a deauthentication attack to capture a four-way handshake, which is necessary for wireless cracking. They demonstrate how to use `Airplay-ng` to deauthenticate a connected device, in this case, their iPhone. By disabling and re-enabling Wi-Fi on their phone, they speed up the handshake capture process. Once the handshake is captured, the speaker notes the importance of the `.pcap` file generated from the process, which will be used in further cracking attempts.
🔓 Cracking the Handshake with a Wordlist
In this final section, the speaker introduces the process of cracking the captured handshake using a wordlist. They explain how to open the `.pcap` file in Wireshark for deeper analysis of the handshake protocol, including the four key messages exchanged. The speaker then uses the `Aircrack-ng` tool to attempt password cracking with a small wordlist (`password.txt`). The cracking process is quick, revealing the password 'try to hack me 2023.' The video concludes with a review of the steps taken, encouraging viewers to like, subscribe, and stay tuned for more content.
Mindmap
Keywords
💡Wireless Cracking
💡External Wireless Card
💡Monitor Mode
💡Aircrack-ng
💡Handshake
💡Deauthentication Attack
💡Dictionary Attack
💡PCAP File
💡Wireshark
💡Wordlist
Highlights
Introduction to wireless cracking and penetration testing.
Importance of an external wireless card like Alpha or TP-Link for wireless testing.
Running the command 'lsusb' to verify if the wireless card is properly installed.
Explanation of monitor mode versus managed mode for wireless cards.
Command 'airmon-ng start' to enable monitor mode on the wireless interface.
Using 'airodump-ng' for capturing network packets and identifying access points.
Explanation of channel hopping during packet capturing to gather information from multiple channels.
Focusing on a specific network by targeting its channel and writing captured data to an output file.
Performing a deauthentication attack to force devices to reconnect and capture a 4-way handshake.
Using 'aireplay-ng' for deauthentication to disconnect and capture handshake from a specific device.
Opening the captured handshake in Wireshark to inspect the handshake protocol (EAP).
Visualizing the 4-way handshake in Wireshark, breaking down messages 1 through 4.
Using a dictionary attack or offline brute-force attack on the captured handshake.
Cracking the password with 'aircrack-ng' using a wordlist (in this case, password.txt).
Conclusion of the process: monitoring mode, packet capturing, deauthentication, handshake cracking.
Transcripts
[Music]
so in this video we're going to be
capturing some handshakes doing some
Wireless cracking Wireless penetration
testing so if you guys are new to the
Channel please like subscribe and share
if you're returning let's have some fun
so before we actually get into it I just
want to let you guys know in order to
perform this task you need to have an
external wireless card like an alpha
Panda whatever your choices TP Link
whatever you want to choose to use
that's up to you I have an alpha card
and I have other videos to set it up and
plug it in and install the drivers so
I'm not going to go over that here so
once you actually have it installed what
you can do is just run
LS
USB and you can see make sure your
wireless card is there mine is right
there so I just wanted to put that out
there before you guys say oh it's not
working I don't get the same options as
you you know because you need to have
these tools excuse me you need to have
these drivers and the right
access um the right access points and
the right uh cards in order to perform
this so I just wanted to put that out
there before I forget and get these
crazy messages saying it's not working
when I'm doing on my laptop but you know
you need an external uh card all right
so first thing we can do is do an IW
config just to just to make sure we have
our access point uh our card in monitor
mode so what is Monitor mode so you have
two modes right you have manage mode so
you can get onto the internet you can
you know all the default by default
everything's in manage mode right so
when you put it in monitor mode that
means you're allowed to listen for
packets you're listen you know you're
able to ingest packets and you know
sniff the sniff the networks I guess you
can say right so so if it's in manage
mode excuse me monitor mode you're good
if it's in manage mode what you can do
is run a command air airmon
NG start and then whatever uh whatever
interface you're on so I'm on W land
zero so you just do that and then you
can just run it again and you should be
in monitor mode and those are the you
know a few preliminary steps you should
take to make sure you're good to go so
now what we need to do is stop C
capturing packets and we can use a tool
called Arrow dump NG this is the only
you know at crack NG Suite so you know
just learn how to use this if you're
definitely interested in Wireless
hacking so you do Arrow dump
NG not that so Arrow dump NG Wireless of
w land zero so now I want to go ahead
and just control C I want to stop that
so up here what it's doing up here is
which Al which is known as uh Channel
hopping it's hopping the channels jump
jumping from one channel to the next
channel to next channel so you know we
can see here in this in this row right
here with the Channel 6 1 11 9 two Etc
so you probably guessed it right the
network that I'm going to be targeting
is my own which is infos packing WAP
also it stands for um uh Wireless access
point I almost said something else by
accident but yeah so this is the
information that we have gathered so
let's go ahead I'm just going to copy
this for
now and let me go ahead and throw it in
here and I can make this larger just for
just for lat right so we'll we'll have
this for
lat okay so now once we have this
information what we can do is take it a
step further and we can actually Target
just our Network right so this is our
Network right here we just got it right
so let's go ahead and just run Arrow
dump NG again Arrow dump NG and then
what I want to do is- C Channel I want
Channel 2 because this is the channel
I'm on right and then the word L uh the
the output file that I want to put it
out to I can put it to uh capture
capture pack I don't know capture pack
okay so now we can do a uh- d and what I
want to do is associate my access point
right if that makes any sense so what I
want to do is copy
this let me go ahead and hit space and
go ahead and paste this here and then we
have to do W land zero right that's what
I'm doing so now this is only going to
Target my network specifically it's not
gonna you know it's not going to jump
around to the other networks or anything
like that so we don't have any access uh
any stations connected I do have a
station I probably got disconnected oh
there it is all right so I do have my
iPhone connected so this is my
iPhone right here so the next thing we
need to do is we need to De authenticate
right we can do a deauthentication
attack in order to get the four-way
handshake right so now this is just just
chilling out here so what we can do is
come over here and what we can do is air
play NG I have it
here okay so
deauthentication zero for unlimited
times- a we have our access point right
and then and then the client right so
this is my client that I'm going to be
removing which is my iPhone and then I'm
going to be using my WL Zer as my
interface so now this is going to Go De
authenticate this obviously can take
some time let's go back here this can
take some time depending on how far your
access point is from you how many how
many uh uh clients are connected so
obviously this is the process I want to
make this a little quicker so what I'm
want to do is I'm going to actually go
on my iPhone disable my wireless
reenable wireless so then it can
intercept that traffic all right so let
me do that really quick let me go ahead
and turn this off turn this back
on associate myself and then we should
get it
shortly once
uh let's give this a
second let me go ahead and shut this off
again turn it
on and uh let's give this a moment
all right so what I'm going to do it's
probably because this is doing the be
off so I want to go ahead and cancel
this now oops I don't want that one this
one now what we could probably do is
come back here and here we go okay so
that's pretty much the process so we
just you know we sped the process up we
uh we cheated a little bit right so we
can just go ahead and control C this we
already got the the four-way handshake
up here
so now if we do an LS here we have a few
captures so we have the most important
thing is the pcap file right so this
pcap file is super important to us
because in order to do a dictionary
attack or offline Brute Force attack or
whatever kind of attack that we want to
do we need this file in order to do so
right so what we can do is if you want
to get a little nerdy for a second we
can open ourself a wire shark and look
at it so let's do that let's do wire
shark and then
capture okay so let's pop open this bad
boy in wire shark so we can look at the
protocol that it's running on which is e
EA P so e a p o we can look at the
four-way handshake here and we can look
over we can see message 1 2 3 4 and
these are all the messages that we that
we see here you you know you can do this
you can get a little nerdy this is my
this is my phone this is the Asus is my
actually that my actual access point and
all that good stuff so you can get a
little nerdy and and look into here but
um yeah so that's that's pretty much you
know how you can look into the packet
level so now what we can do which is the
most fun part so I have I want to do an
LS really quick I have this password.txt
so if I do a word count on password
.txt it's only
174 words so it's going to be super
quick right maybe you're using Rock you.
txt maybe you're using a sec list maybe
you're using your own that you found on
the internet wherever you you know
wherever you found your word list but
what I want to do now is use aircraft so
aircraft and is the tool that we're
going to use to crack the password right
so we're going look at capture.
cap okay and then we're going to do DW
which is for the word list in my case
it's going to be password.txt when I hit
enter here it's going to go try to cack
that password and that was super quick
and not even a second so my password now
is try to hack me 2023 bang right so
this is my password so that was pretty
much the process of let's go back you
know we learned how to make sure our our
um our is in monitor mode scan the
networks capture the files capture the
handshake and then crack the handshake
so hopefully this been informative for
you folks I really thank you so much for
viewing please like subscribe and share
and so much more to you know so much
more to come so stay tuned thank you
Посмотреть больше похожих видео
Perform Wireless Attacks | CEHv12 Practical ILabs Walkthrough
HD 1080DPI 2 WiFi IoT Hacking Demo Guide
How to Use Wifite in Kali Linux: Automated Wireless Penetration Testing Tool
WiFi Password Cracking in 6 Minutes and 4 Seconds
The All About Wifi Hacking Techniques, Tips and Tricks in 2024.
Hack WiFi with a Raspberry Pi and Kali Linux
5.0 / 5 (0 votes)