Operating System to be used is The KALI LINUX.
WiFi protected setup (WPS) is a flaw feature added to WiFi. It allows WPA and WPA2 security to be bypassed and effectively broken in many situations. Many access point they have a Wifi Protected Setup enabled by default.
5. The last step is cracking the WPA2 password using reaver.
WiFi protected setup (WPS) is a flaw feature added to WiFi. It allows WPA and WPA2 security to be bypassed and effectively broken in many situations. Many access point they have a Wifi Protected Setup enabled by default.
Requirements:
1. Wireless card (support promiscuous mode)
2. Access point with WPA2 and WPS enabled.
WiFi hacking steps:
- Open our terminal (CTRL+ALT+T) and type airmon-ng. This command will lists our wireless card that attached with our system.
- The next step we need to stop our wireless monitor mode by running airmon-ng stop wlan0 .
- Now we ready to capture the wireless traffic around us. By running airodump-ng wlan0 our wireless interface will start capturing the data.
Information:
- BSSID (Basic Service Set Identification): the MAC address of access point.
- PWR: Signal level reported by the card.
- Beacons: Number of announcements packets sent by the AP
- #Data: Number of captured data packets (if WEP, unique IV count), including data broadcast packets.
- #/s: Number of data packets per second measure over the last 10 seconds.
- CH: Channel number (taken from beacon packets).
- MB: Maximum speed supported by the AP. If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and higher rates are 802.11g.
- ENC: Encryption algorithm in use.
- CIPHER: The cipher detected. TKIP is typically used with WPA and CCMP is typically used with WPA2.
- AUTH: The authentication protocol used.
- ESSID: Shows the wireless network name. The so-called “SSID”, which can be empty if SSID hiding is activated.
4. From the step 3 above, we can find access point with encryption algorithm WPA2 and note the AP channel number. Now we will find out whether target AP has WPS enabled or not. Lets enter:
wash -i wlan0 -c 8 -C -s
If the WPS Locked status is No, then we ready to crack and move to step 5.
"reaver -i <your_interface> -b <wi-fi victim MAC address> –fail-wait=360"
Because we already get the information from step 3 above, so my command look like this:
reaver -i wlan0 -b E0:05:C5:5A:26:94 –fail-wait=360
Note: It may take upto 5 hours to crack 19 characters WPA2 password
Conclusions:
- WPA and WPA2 security implemented without using the Wi-Fi Protected Setup (WPS) feature are unaffected by the security vulnerability.
- To prevent this attack, just turn off our WPS/QSS feature on our access point.
Enregistrer un commentaire