Hack Yourself First
As we have gone through previous of my post we have learnt half how to hack here is the next.......
Lab 2 – Capture IVs and Crack WEP Passwords
Before beginning this lab, configure the wireless access point to use WEP encryption.The goal of this lab is to capture IVs and use the captured IVs to reconstruct the WEP key. This is a multi-step process in which IVs are generated using the Aireplay-ng and IVs are captured using Airodump-ng. Start by identifying the target access point using Airodump-ng.
monitor interface and specifying the channel when restarting it.
Next, configure Airodump-ng to capture the IV packets from the target access point. To prevent capturing unnecessary packets, use the -c flag to specify the channel and the --bssid flag to specify the BSSID of the access point. Use the -w flag to save the captured packets to a file.
To capture IVs, use the aireplay-ng command with the -3 flag, which causes Aireplay-ng to
listen for and inject ARP request packets. The BSSID of the target access point and the MAC
address of a host associated with the access point must be supplies as well. If there are no hosts
associated with the access point, it is possible to do a fake authentication to associate a MAC
address to the access point.
The output of Airodump-ng in the other terminal should show the captured frames.
Once a sufficient number of packets have been captured, use Aircrack-ng to crack the WEP key. Specify the BSSID of the target access point using the -b flag and specify the pcap file that Airodump-ng saved packets to earlier.
The key was successfully retrieved.
Lab 3 – Capture and Crack WPA/WPA2 Passwords
Before beginning this lab, configure the wireless access point to use WPA2 encryption with a password of Password1234.The goal of this lab is to capture the four-way authentication handshake and use the data in the handshake to brute-force the WPA password. Start by identifying the target access point using Airodump-ng.
Next, configure Airmon-ng to listen on the same channel as the target AP. To change channels,stop the monitor interface and restart it with the required channel.
Next, configure Airodump-ng to capture the handshake from the target access point. When a handshake has been captured, the WPA handshake message will show at the top right corner.To only capture the target handshake, specify the channel and BSSID of the target access point.
If it is taking too long to capture a handshake, use Aireplay-ng to deauthenticate a client on the network and capture the handshake when the client reautheticates. Open a new terminal window so that Airmon-ng can continue to run and capture the handshake.
Finally, use Aircrack-ng to crack the WPA password stored in the handshake file. To crack the
password Aircrack-ng needs a word list, which is specified using the -w flag. In addition, Aircrackng will accept words on STDIN using -w -. This means words can be piped in from another program like John the Ripper or Hashcat. Kali has a few wordlists in /usr/share/wordlists. The RockYou list is excellent but must be unzipped before it can be used. Unzip the RockYou password file by typing gunzip /usr/share/wordlists/rockyou.txt.gz in one of the open terminals.
Lab 4 – Cracking WEP and WPA/WPA2 the Easy Way
Before beginning this lab, configure the wireless access point to use WPA2 encryption with a password of Password1234.The goal of this lab is to use the Wifite.py script to simplify the process of capturing and cracking WEP and WPA/WPA2 passwords. Start by running the Wifite.py script and letting it monitor until the target network is identified. Specify a wordlist by using the -dict flag. If no wordlist is specified then Wifite.py will save any captured WPA/WPA2 handshakes but will not attempt to crack them.
Once the target network is in the list, hit CTRL+C then select the target network.
After selecting the target network, Wifite.py will attempt to capture IVs or an authentication handshake depending on the encryption used by the target. If the target supports WPS, then Wifite.py will attempt to crack the WPS key before attempting to capture and crack the WPA/WPA2 key. The WPS attack can be stopped typing CTRL-C.
NOW IT IS COMPLETED enjoy it.............