WLAN Hacking – WPA-PSK handshake. The deauth atack with Aireplay-ng -0 wants to disconect the client from Access Point and after reconnecting get by tapping the handshake. But the process fails. Now what? Be aware that there is another (maybe better and easier) way how to get the data for crack WPA. Wireshark is a strong application and the technology that will be described can be used in other ways like for universal sniffing of the net traffic. The process can be combined and you might already know where I am aiming. Combination of Wi-Fi card (chipset Atheros, Prism), drivers with Monitor mode support and promiscuity all together means the possibility of listen in of complete net traffic in the ether.
And you don’t have too be connected to the wireless net. Yes, as a result of this combination is the same thing that can be done by monitoring with Windows application CommView or AiroPeek. Just choose the right sniffing filters and you catch just what you need. At the same time this is the answer to old questions from discussions, from forum and other places where the unsucsesful (interaktive) test to get handshake was being solved.
Catching Handshake – Crack WPA
The process works on drivers hostap, madwifi a madwifi-ng. At first we switch the card into the monitor mode. There exists few methods, application airmon-ng does it with madwifi-ng this way
sudo airmon-ng start wifi0 10
If you use wlanconfig I suggest scratch out the interface at first
sudo wlanconfig ath0 destroy
and then create it again
sudo wlanconfig ath0 create wlandev wifi0 wlanmode monitor
If you want to monitor the only canal by the command
sudo iwconfig ath0 channel 10
set the canal number on which Wireshark is going to listen
Set off the application Wireshark. In the interface configuration unmark (according to original setting) automatical scrolling of catched datas in the main window, MAC translation and hiding referential window (according to your preference). Try to filter the data right from the beginning. Don´t forget that in heavily populated area your sobor will be overfilled shortly by catching all the traffic :) For filtration and displaying WPA autentizations (handshake) in Wireshark use filter
You are not losing the other data. The filter is only hiding unasked datas. To display them just cancel the filter. The monitoring can be runed for random time and if the interactive technology doesn’t work this will be the only way.
The card can be swithched back into mode managed by command
sudo wlanconfig ath0 create wlandev wifi0 wlanmode managed
Or fully cancel the interface
sudo wlanconfig [int] destroy
Use the passive tapping if the interactive hack with aireplay-ng fails, mdk or you are not sure how to get the handshake from ether. The card on chip Atherosu is rather stable. But if you use MDK it gets stuck time to time, mainly after a longer period :)
Interactive teq – Syntax for Aireplay-ng & MDK
sudo airmon-ng wifi0 start [X]
sudo airodump-ng -c 6 --bssid 00:0A:A2:D0:E6:3A -w soubor ath0
sudo aireplay-ng -0 5 -a 00:0A:A2:D0:E6:3A -c 00:0B:A2:D0:E6:3B ath0
If you are using special exploit tool mdk you can use for example
./mdk3 ath0 m -t 00:3B:A2:D0:E6:3A
I will probably add some pictures.. but the process is so easy that I think it isn’t necessary :) What is going to be added for sure in this text is the key crack by control sum, so don’t forget to check the Airdump.net.
Everything about WiFi hacking is detaily described in tutorial Hacking wireless networks, some tricks about sniffing can be found in Capturing and data analysys. How to crack WPA-PSK with alternative way.
All the application for WEP, WPA pentest you can download at download section (download.airdump.net -> DIR software/wep-crack)
- The Wireless Adapters and Applications
- The Intuitive WiFi hacking GUI app for Ubuntu Linux
- Cracking WPA-PSK secured Wireless Networks
- Aireplay-ng Packet Injection Windows CommView Hack
- WEP cracking Intel Centrino, OmniPeek + winAircrack
- Destruction Mode Charon 2 GUI
- Wireless Hacking – Ultimate Ubuntu Guide
- Sniffing networks and data analysis
- Packet Injection wifi Intel 4965 AGN patch
- Aircrack 1.0 BETA .lzm BackTrack