
#CRACK WPA2 KALI AIRCRACK PASSWORD#
You can see how many password lists are just in the metasploit folder by typing the following command: ls /usr/share/wordlists/metasploit You may use any password list you want, but keep in mind that the list has to have the same word written in the list for this to work. Kali ships out of the box many password lists, but for this excessive we chose to use a nmap.lst file. It won’t work that easily on passwords that have special character’s or a lot of numbers, but if your list is comprehensive enough and contains hundreds of thousands or millions of different words and number combinations, you increase the likelihood of getting a matching password with the actual crack. So as we stated before, dictionary attack relies on having a likely password pre-written in the list. But now we will move on into the actual cracking part. Unfortunately Wireshark is unable to show us the key from the first login session. From Wireshark we can see in the Info -column, that it contains all the keys of the handshake, stated with (Message 1 of 4), (Message 2 of 4) and so on. EAPOL stands for Extensible Authentication Protocol Over Lan and is an encapsulation protocol to hide the credentials. Now we can filter Wireshark to only show the four-way handshake by typing in the filter bar eapol. Now that we have our pcap file with the WPA handshake, let’s open up Wireshark and from the top left corner open the File WPAcracktest-01.cap or whatever you named it. You can confirm the the WPAcracktest pcap file has been created by typing in ls and checking if there is a -01.cap in the home directory. Now if you go back to the airodump tab, you can see on the top right that it has collected the WPA handshake, and has stored it in the WPAcracktest file that we created before.
#CRACK WPA2 KALI AIRCRACK MAC#
You can also target a specific device for deauthentication with the -c command = -c standing for client and then adding the the client’s mac address after that. Open up a new terminal window with CTRL + SHIFT + T and type in the following command to send a deauthentication packet: aireplay-ng -deauth 1 -a wlan1mon -ignore-negative-one You can get the handshake by just waiting for any new client to connect to the router, or you can send a deauthentication packet in a broadcast signal to force all clients to reconnect. In order to perform the dictionary attack, we need to capture the four-way WPA handshake from the router. The output of the command should show the familiar interface again, which lists all the devices connected to the router in the “STATION” column. Now let’s start up airodump again, and order it to only follow our router’s traffic with the following command: airodump-ng -bssid -channel -write wlan1mon Most vulnerable victims of this attacks are Wi-Fi’s that have their password set to something simple, such as “cat”, “dog”, “airplane”, “football” and so on – like the words in a dictionary.įirstly we need to connect to our Access Point, set it’s wireless security to WPA/WPA2 and set it’s version to WPA-PSK. Since the point of this attack is to show the vulnerabilities of poor passwords, we will set out password to be abcdefgh Dictionary attack is a technique to break through an authentication mechanism by trying to figure out it’s decryption key or passphrase by trying out hundreds, thousands or even billions of likely possibilities.



One of the things that we will try out with breaking through WPA and WPA2, is by using a dictionary attack.
