How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security

Cyber Security
AhmadYar
BS Computer Science
Bahauddin Zakariya University Multan (BZU)
Sahiwal Campus.
Email ahmadyark1@gmail.com
Mobile +92303 9464551

Content
• Aircrack-ng
• WEP
• WAP
• WAP2
• Practical Implementation
12/18/2018ahmadyark1@gmail.com 3

What is Aircrack-ng?
• Aircrack-ng is the primary application with the aircrack-ng suite, which
is used for password cracking.
• It's capable of using techniques to crackWEP and dictionary cracks for
WPA andWPA2 after capturing the WPA handshake.

Wired Equivalency Privacy (WEP)
• Developed in the late 1990’s as the first encryption algorithm for the 802.11
standard, WEP was designed with one main goal in mind:
• to prevent hackers from snooping on wireless data as it was transmitted
between clients and access points (APs). From the start, however, WEP
lacked the strength necessary to accomplish this.

WEP Continue..
• Cyber security experts identified several severe flaws inWEP in 2001,
eventually leading to industry wide recommendations to phase out the use
ofWEP in both enterprise and consumer devices.
• After a large-scale cyber attack executed againstT.J. Maxx in 2009 was
traced back to vulnerabilities exposed by WEP.

What isWPA ?
• Stands for "Wi-Fi Protected Access.“
• WPA is a security protocol designed to create secure wireless (Wi-Fi)
networks. It is similar to the WEP protocol, but offers improvements in the
way it handles security keys and the way users are authorized.

Continue..
• For an encrypted data transfer to work, both systems on the beginning and
end of a data transfer must use the same encryption/decryption key. While
WEP provides each authorized system with the same key,WPA uses the
temporal key integrity protocol (TKIP), which dynamically changes the key
that the systems use.This prevents intruders from creating their own
encryption key to match the one used by the secure network.

Continue…
• WPA also implements something called the Extensible Authentication
Protocol (EAP) for authorizing users.
• Instead of authorizing computers based solely on their MAC address, WPA
can use several other methods to verify each computer's identity. This
makes it more difficult for unauthorized systems to gain access to the
wireless network.

WPA2
• Developed by the U.S. government to protect classified data.
• As the successor toWPA, the WPA2 standard was ratified by the IEEE in
2004 as 802.11i.
• AlthoughWPA2 still has vulnerabilities, it is considered the most secure
wireless security standard available.

Continue…
• WPA2TKIP with Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (CCMP)
• Also meant to be backward-compatible, WPA2 supportsTKIP as a fallback if
a device cannot support CCMP.

Continue…
• CCMP protects data confidentiality by allowing only authorized network
users to receive data, and it uses cipher block chaining message
authentication code to ensure message integrity.

Tools Used
1. Wi-Fi Booster
2. VMware Workstation
3. Kali Linux

Wi-Fi Booster
1. Make broadband wireless in possible coverage
2. Strengthen radio signal to increase the effective range and coverage area
for effective range and coverage area forWi-Fi communication.
3. Install easily, just plug in and play.
4. Save lots of wiring costs

VMwareWorkstation
1. Secure way to run multiple operating systems at the same time.
2. It is an integral component of any serious technical professional’s toolkit.
3. It offers the broadest host and guest operating system support, the richest
user operating system support, the richest user experience, and the most
comprehensive experience, and the most comprehensive feature set.

Kali Linux
• Kali Linux is a Debian-derived Linux distribution designed for digital
forensics and penetration testing. It is maintained and funded by Offensive
Security Ltd

Wireless Attacks tools
• Airbase-ng
• Aircrack-ng
• Airdecap-ng and Airdecloak-ng
• Aireplay-ng
• Airmon-ng
• Airodump-ng
• airodump-ng-oui-update
• Airolib-ng
• Airserv-ng
• Airtun-ng
• Asleap
12/18/2018
ahmadyark1@gmail.com
17

Process
• Install aVMware workstation on your Computer
• Open theVMware workstation and install Kali Linux on it
• After completing installation
• Go toVM>Removable Device
• And now connect yourWi-Fi Booster orWi-Fi Receiver on it.

Penetration Of AWireless Network StartsWith
Logging Into Kali
• If you haven’t already login to Kali, the default login information
is: root(Username) and toor (Password)
12/18/2018
ahmadyark1@gmail.com
19

WPA Handshake?
• How do hackers or remote attackers obtain the WPA or
WPA2Handshake from a wireless access point easily?
By launching a Wi-Fi bomb they can force all users to disconnect the access
point for a few seconds. Their software will automatically reconnect and this
way they sniff the connection handshake.

How WIFI works?
• Wi-Fi transmits signal in the form of packets in air so we need to capture all
the packets in air so we use airodump to dump all the packets in air .After
that we should see that if any one is connected to the victim Wi-Fi. If anyone
is not connected the Wi-Fi, cracking is not possible as we need a wpa
handshake. We can capture handshake by sending DE authentication
packets to client connected toWi-Fi. Aircrack cracks the password.

“iwconfig” command
This command is need to know the name of the wireless adapter
connected to the computer because computer has many adapters
connected.

“airmon-ng check kill” command
• This script can be used to enable monitor mode on wireless interfaces. It
may also be used to go back from monitor mode to managed mode.
Entering the airmon-ng command without parameters will show the
interfaces status.

12/18/2018
ahmadyark1@gmail.com 25

“airmon-ng start wlan0” command
• This command will enable the monitor mode on the Wi-Fi card. So while
using interface in any terminal or command line use “wlan0mon”.

”airodump-ng wlanOmon” command
• This will display all the access points in your surroundings and also the
clients connected to that access points
• All the user using this Wi-Fi router.

“airodump-ng -c channel –bssid [bssid of Wi-Fi] -w [path to
write the data of packets] wlan0mon[interface]” command
• -bssid in my case bssid is indicated with red mark.
• -c channel is the channel of victim Wi-Fi in my case it is 10(see in previous
screenshot for channel number)
• -w It is used to write the captured data to a specified path in my case it is
‘/root/Desktop/hack’.
• Interface in my case is wlan0mon

“aireplay-ng –deauth 10 -a [router bssid]
interface” command
•In this step we DE authenticate the connected clients
to theWi-Fi
•All the users connected toWi-Fi router disconnects.

•After this the client tries to connect to theWi-Fi
again. At that time, we will capture the packets
which sends from client. From this result, we
will get wpa handshake.

Create wordlist

“Crunch 8 8 1234abcd –o wordlist” command

“aircrack-ng -b [bssid of router] -w [path to word list]
[path to capture packets]” command
12/18/2018ahmadyark1@gmail.com
39

12/18/2018ahmadyark1@gmail.com
40

How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security

Similar to How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security (20)

Recently uploaded

Recently uploaded (20)

How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security