Differences

This shows you the differences between two versions of the page.

--- get_wifi_password [2017/09/10 22:17] – [How to prevent this kind of attack] Santi
+++ get_wifi_password [2019/01/04 13:06] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
-===== How to get a Wifi password using Aircrack-ng =====
+===== WiFi password attack =====
+{{ wiki:aircrack_ng.jpg}}
 In this tutorial we are going to show how you can get a WiFi password from any visible APs around you. We will use the Aircrack-ng tool and, because we are going to use [[http://www.kali.org|Kali Linux]] distribution, we haven't given any detail about the installation of this tool. In Kali, every tool wee need is already installed.
@@ Line 68: / Line 70: @@
 In the screehshot above you can see the list of the visible APs so you only have to select wich one you want to try to get its password. You will need its MAC address (you have it at the left of the screenshot) and the channel (CH column).
+So, we are going to try to discover, in this case, the handshake of our own WiFI AP because the goal of this tutorial is to protect our infrastructure, not to try to steal a password from someone.
+We have to search the name of our Wireless connection and take note of the MAC address. Our AP is called //eircom-09843703 2.4G// so we write the proper MAC:
 <code bash>
-santi@kalibook:$ airodump-ng -c 1 --bssid A1:B2:C3:D4:E5:F6 -w WPAcrack wlan0mon --ignore-negative-one
+santi@kalibook:$ airodump-ng -c 1 --bssid F4:8E:92:36:EB:F8 -w WPAcrack wlan0mon --ignore-negative-one
 </code>
+Now, we will see how airodump searching for the handshake:
+<figure>
+{{ wiki:searching_handshake.png }}
+<caption>airodump trying to get the handshake</caption></figure>
+When airodump has found the handshake it shows it on the left top corner of the screen and it continues working. When you see the handshake written in the corner you can stop airodump pressing ''Ctrl-C''
+<figure>
+{{ wiki:handshake_found.png }}
+<caption>airodump has found the handshake</caption></figure>
+Once we have the handshake we have two choices:
+  * Crack the password (not possible if the WiFi connection use WPA/WPA2 encryption)
+  * Try to discover the password using a dictionary attack
+By the moment we will try to discover the WiFi password by dictionary attack. To do that, first, we need a dictionary. Because we are using Kali we can found some dictionaries in the ''/usr/share/wordlists''. For example, in this case, we will use ''rockyou.txt.gz''. You can found other dictionary in some links in [[extra:resources|Resources]]
+First, we need to gunzip the file:
 <code bash>
-santi@kalibook:$ aircrack-ng -w dictionary.dic -b 00:11:22:33:44:55 WPAcrack.cap
+santi@kalibook:$ gunzip rockyou.txt.gz
 </code>
+And now we can execute aircrack-ng with the dictionary file, the MAC address of the AP and the file that airodump has created once it has found the handshake. Normally, the file is named ''WPAcrack-XX.cap'' where ''XX'' is the number of the different attempts you had done previously.
+<code bash>
+santi@kalibook:$ aircrack-ng -w rockyou.txt -b F4:8E:92:36:EB:F8 WPAcrack-01.cap
+</code>
+We will see how aircrack-ng is searching the password trying with every word in the dictionary.
+<figure>
+{{ wiki:searching_key.png }}
+<caption>Aircrack-ng is searching the WiFi password</caption></figure>
+Once aircrack has found the password (if it did it), it will show it in the center of the screen. Then, you have the password to connect to this WiFi connection.
+<figure>
+{{ wiki:key_found.png }}
+<caption>Aircrack-ng has found the WiFi password</caption></figure>
 ===== How to prevent this kind of attack =====
 As you can see in the example above, it is not very difficult to perform an attack to get a WiFi password if the connection is not properly configured. We must notice the following aspects:
-  * Only select WPA/WPA2-PSK encryption methods
+  * You must select only WPA/WPA2-PSK encryption methods. In this way you can prevent that someone crack your WiFi password
-  * Change default password for a real stronger password. You must use letters, numbers, capital letters and special characters (like !, ., ?). You can check if your password is strong enough in some websites like [[https://password.kaspersky.com|Kaspersky Secure Password Check]]
+  * You must change default password for a real stronger password. You must use letters, numbers, capital letters and special characters (like !, ., ?). In this way you can prevent the dictionary attack. You can check if your password is strong enough in some websites like [[https://password.kaspersky.com|Kaspersky Secure Password Check]]
-  * You also can change the SSID of your Wifi connection. Notice that some companies put similar names to all WiFi routers they provide. In this case, it is easy to know which type of router you have and to look for, for example, an specific vulnerability on it.
+  * You also can change the SSID of your Wifi connection. Notice that some companies put similar names to all WiFi routers they provide. In this case, it is easy to know which type of router you have and to look for, for example, an specific vulnerability on it. An attacker can obtain passwords from an specific password generator that generates them following the same seed that the company of your router.
 ----
 (c) 2017 Hacking Tony