Wireless networks are all around and people often needs to keep their networks private and secure. There is a set of best practices to do so and a good way of testing how secure our networks are (i.e., WLAN, Wifi) is to carry out wifi auctions.
 Normally, networks are protected using an encryption technology which uses a password chosen by the network owner.
Normally, networks are protected using an encryption technology which uses a password chosen by the network owner.
In this article, we will try to obtain the passwords of our networks as if we were an external attacker to verify whether our networks are secure enough or not.
Basically, there are 3 types of attacks:
Brute force: check all the possible passwords (not recommended for long passwords > 10 chars). Checking 1000 passwords per second, it will take 1 day in the worst case to decode an 8 digit password.
Dictionary: check only some character combinations. You can only check the most common combinations and save time.
Statistical: If it is possible (like in WEP encryption) you can guess the password from the data packets and IVs you capture using some heuristics.
 Normally, networks are protected using an encryption technology which uses a password chosen by the network owner.
Normally, networks are protected using an encryption technology which uses a password chosen by the network owner.In this article, we will try to obtain the passwords of our networks as if we were an external attacker to verify whether our networks are secure enough or not.
Basically, there are 3 types of attacks:
Brute force: check all the possible passwords (not recommended for long passwords > 10 chars). Checking 1000 passwords per second, it will take 1 day in the worst case to decode an 8 digit password.
Dictionary: check only some character combinations. You can only check the most common combinations and save time.
Statistical: If it is possible (like in WEP encryption) you can guess the password from the data packets and IVs you capture using some heuristics.
Requirements:
- Linux with airdump, aircrack, aireplay installed
- Wifi chipset that enables monitoring and injection (in new computers the integrated wifi chipsets do not allow that so you will need an USB Wifi device). Your can test that using this command: aireplay-ng -9 interface_name (you can also indicate -e bssid -a accesspointMAC). If it returns “injection working” is that the interface supports it.
- Wifi chipset that enables monitoring and injection (in new computers the integrated wifi chipsets do not allow that so you will need an USB Wifi device). Your can test that using this command: aireplay-ng -9 interface_name (you can also indicate -e bssid -a accesspointMAC). If it returns “injection working” is that the interface supports it.
 Basic commands (some require being admin, sudo su):
- ifconfig: shows all the network interfaces enabled in our computer.
- ifconfig interface_name up/down: activate/deactivate any network interface (e.g., wlan1).
- iwconfig: shows all the wireless interfaces available in our computer.
- airmon-ng start/stop interface_name: enable/disable the monitor mode in any of the interfaces (e.g., wlan1). This creates and starts a monitor interface (e.g., mon0).
- macchanger -m 00:11:22:33:44:55 interace_name: Normally you use a monitor mode interface (mon0). To change the MAC first you need to disable the interface, then change the mac and finally enable it again (use ifconfig up/down).
- sudo airodump-ng mon0 (to check the MAC address of the target network station)
- sudo airodump-ng mon0 –bssid SSID -c channel –write captured_packets_filename
- aircrack-ng captured_packets_filename
NOTE: When you finish don’t forget to stop the devices you have in monitor mode (mon0 and wlan1) before checking the found password.
Warning :- Only for the educational purpose
Warning :- Only for the educational purpose






 
 
 
 
 
