Basic Linux networking skills and command line capabilities.Network card that supports packet injection, such as an Intel IGN-5100 based device.Wireless network encrypted with a WPA passphrase (your own) that you can test.System with aircrack-ng installed, or a Backtrack 3 CD.Tools you will need to accomplish this task: Please note that not all the screenshotsĬontain the exact same data which is given in the example, they are In this example, we used an Intel IGN5100 card, and all the commands issued are given in quotes, with the result of the commands being listed in grey.Īfter each step, a screenshot is given so you may compare your output Try testing this on your own network with 1 or more computers connected and see just how easily this can be accomplished. In order to forcefully capture a 4-way handshake, you will need to deauthenticate a client computer that is actively using services, forcing it to exchange the WPA key and in turn capturing the handshake that can be decrypted. The WPA attack does not work on wireless networks which have no clients connected to it. In the process of re-exchanging the encrypted WPA key, you will capture a handshake. By watching a wireless network to see which computers are already authenticated using services, you can forcefully deauthenticate those clients and force them to reconnect back up. The question arises: How do you capture a 4-way TKIP handshake without sitting and watching traffic for hours and hours, waiting for a client to connect to a network? The solution is simple. This is particularly disturbing, because it would only take an attacker but a few moments to drive by a wireless access point and capture a single handshake, then go crack the key at their own leisure. Once you have captured this handshake, you can run an offline dictionary attack and break the key. If you happen to be capturing data, you can save a packet of the encrypted handshake taking place. The idea is that when a client connects to a WPA secured network, the wireless access point and client computer will "handshake" and mutually exchange a PSK (Pre Shared Key) in a 4-way exchange. Please note that this method only works with WPA-PSK networks using TKIP. In fact, it is much simpler to break a WPA key, because it only takes 1 captured packet. While breaking WEP keys requires you to run an attack and brute force a key while connected to an access point, WPA does not. This method of breaking WPA keys is a little different than attacking a WEP secured network.
The goal of this tutorial is to demonstrate how easily your own WPA key can be disclosed. Using aircrack-ng against WPA encryption (Tutorial)
0 kommentar(er)
