Wi-Fi Hacking 101 – How to Hack WPA2 and Defend Against These Attacks.pdf

18 ОКТЯБРЯ 2022 ГОДА / #ЭТИЧЕСКИЙ ВЗЛОМ
Взлом Wi-Fi 101 – Как
взломать WPA2 и
защититься от этих атак
Дэниел Ивуго
Добро пожаловать в мир взлома Wi-Fi, все. 💻.
В моей предыдущей статье мы говорили о некоторых базовых
навыках и хитростях Linux. В этой статье вы изучите базовую
процедуру взлома Wi-Fi с использованием этих навыков.
Вы узнаете, например, как:
1. Следите за сетями Wi-Fi вокруг вас
2. Выполнить DOS-атаку
3. Защитите себя от атак Wi-Fi
Отказ от ответственности: Это исключительно в
образовательных целях (и, конечно же, для небольшого
развлечения). Ни при каких обстоятельствах или под
влиянием неразумных друзей не используйте взломы, о
Учитесь программировать — бесплатная учебная программа продолжительностью
3000 часов
Форум Пожертвовать
Русский

которых вы узнаете здесь, в отношении организаций,
отдельных лиц или вашего, возможно, раздражающего
соседа. Вы совершаете преступление, и вас либо оштрафуют,
либо отправят в тюрьму, либо просто поставят в неловкое
положение ваших родителей.
И теперь, когда мы покончили с этим прекрасным введением,
давайте продолжим.🙃
Что мы рассмотрим:
Вот краткое изложение того, что содержит это руководство:
1. Введение
2. Что такое пакет?
3. Как взломать WPA2
Предварительные требования
Как перевести сетевую карту в режим монитора
Как искать цель
Как перехватывать пакеты квитирования
Как выполнить DOS-атаку
Как получить пароль (надеюсь)
4. Способы защиты от атак Wi-Fi
5. Заключение
Введение
3000 часов
Русский

Маршрутизатор ¦ Кредит: Unsplash.com
Точность беспроводной связи (Wi-Fi) - распространенная
технология, которую многие из нас используют в
повседневной жизни. Будь то в школе, дома или просто за
просмотром Netflix, все реже можно увидеть, чтобы кто-то
выполнял действия, связанные с Интернетом, без него.
Но вы когда-нибудь пытались взломать Wi-Fi? 🤔(Я уверен,
что у вас было искушение 😏).
Чтобы что-то взломать, вам нужно знать, как это работает. Это
означает, что вам нужно понимать, как работает технология в
первую очередь. Итак, давайте начнем с основ: пакета.
Что такое пакет?
Базовый пакет. Кредит: ResearchGate.com
3000 часов
Русский

Пакет - это базовая единица / строительный блок данных в
компьютерной сети. Когда данные передаются с одного
компьютера на другой, они разбиваются и отправляются
пакетами.
Представьте пакеты как строительные блоки Lego. Вы
(компьютер) получаете полный набор (полные данные) по
частям (пакетами) от продавца (другого компьютера). Затем
вы соберете блоки вместе, чтобы создать фигуру на основе
приведенных инструкций, чтобы наслаждаться ею (или, в
данном случае, чтобы все данные имели смысл).
Пакет, также известный как дейтаграмма, состоит из двух
основных частей:
1. Заголовок
2. Полезная нагрузка / данные
Заголовок содержит информацию о пакете. Это помогает сети
и принимающему компьютеру узнать, что с ним делать,
например, IP-адреса источника и назначения.
Полезная нагрузка - это основное содержимое, содержащееся
в пакете. Также стоит упомянуть, что пакеты могут быть
зашифрованы, чтобы их данные не могли быть прочитаны,
если они будут получены злоумышленником.
In a network, packets are a requirement for packet switching.
Packet switching means breaking down data into packets and
sending them to various computers using different routes. When
received, the computers can then assemble these packets to make
sense of it all. The Internet is the largest known packet switching
network on earth.
3000 часов
Русский

Now let's see how we can apply this knowledge to wireless
networks.
How to Crack WPA2
A bunch of random code. Credit: Unsplash.com
Wi-Fi can use a number of various protocols to give you a secure
internet connection. From the least to most secure, they are:
1. Open
2. WEP (Wired Equivalent Privacy)
3. WPA2 (Wi-Fi Protected Access 2)
4. WPA3 (Wi-Fi Protected Access 3)
An open network is pretty much as the name implies – open. It has
no password and practically anyone can connect to it.
WEP is an old protocol, rarely in use and requires a password like its
successors.
WPA2 is the most commonly used protocol around the world.
WPA3 is a newest and the most secure protocol known till date. But
it is rarely used and only available on newer devices.
3000 часов
Русский

Prerequisites
Wi-Fi works by constantly sending packets of data to your
authenticated device. In order to hack it, you’ll need:
1. A Linux machine (Preferably Kali Linux)
2. A wireless adapter
To install Kali from scratch, you can follow this tutorial.
If you haven’t already, you’ll need to install a tool called Aircrack-ng
on your machine. To install it, just type in the command below.
sudo apt install aircrack-ng
How to Put the Network Card into Monitor
Mode
You first want to get information about the target. This is what
hackers call reconnaissance.
In order to do that you need to first change your wireless card from
‘managed’ mode to ‘monitor’ mode. This will turn it from a mere
network card to a wireless network reader.
First you need to find out the name of your wireless card. Plug in
your adapter and run the iwconfig command to find out. It’s
usually the last one on the list.
3000 часов
Русский

iwconfig. Credit: Daniel Iwugo
As you can see, mine is wlan1 . Now run the following commands:
sudo airmon-ng check rfkillsudo
airmon-ng start <network interface>
sudo indicates the need for root privileges, check rfkill stops
processes that could hinder the card from going into monitor mode,
and start tells airmon-ng which network card to execute on.
Replace the <network interface> with the name of your wireless
card.
airmon-ng is a script that instantly changes your card to monitor
mode. You actually can do this manually or make a script of your
own but I personally prefer something rather simple.
How to Look for the Target
To see what networks are around you, run the following command:
sudo airodump-ng <network interface>
3000 часов
Русский

Airodump. Credit: Daniel Iwugo
airodump-ng is a part of the aircrack-ng suite that allows a
network card to view the wireless traffic around it.
As you can see we get a lot of information. But let's take a quick look
at the ESSID (Extended Service Set Identifier) column. Also known
as the AP (Access Point) name, this column shows the name of the
target network, which in my case will be ‘Asteroid’.
You want to concentrate on the target AP and ignore the rest. To do
this, press Ctrl+C to cancel the current scan and this time, append
the bssid of the network with the bssid flag as shown below.
sudo airodump-ng <network interface> --bssid <AP>
Airodump in action. Credit: Daniel Iwugo
The BSSID stands for Basic Service Set Identifier, a fancy name for
the MAC address of the device. You use it to identify the device on a
network, along with the ESSID (Name of the AP). Technically, you
could just use the ESSID flag instead but different APs could have
the same name. However, no two APs can ever have the same
BSSID.
3000 часов
Русский

Below is a code snippet of what you would type to get info about the
AP using the ESSID only.
sudo airodump-ng <network interface> --bssid <AP ESSID>
Note: If the name has a space, enclose it with quotes. For example, -
-bssid “Asteroid 1” .
You’ll notice I highlighted the MAC address of a client connected to
the AP under the ‘Station’ column. To its left is the MAC address of
the AP it is connected to.
How to Capture the Handshake Packets
The next step is to capture the handshake packets (Remember
packets? 👀). Handshake packets are the first four packets sent
from the AP when an authenticated device connects to an AP.
This means we have two options:
1. Wait for a device to connect to the AP
2. De-authenticate the device and then let it connect to the AP
The second one sounds a lot more fun so let’s go for it.
3000 часов
Русский

An LED keyboard. Credit: Unsplash.com
How to Perform a DOS Attack
You can use aireplay-ng or mdk4 to disconnect devices from APs
for a time. This is called a de-authentication attack or a wireless
DOS (Denial-Of-Service) attack.
Now here’s the game plan:
1. Setup airodump-ng to capture packets and save them
2. De-authenticate the device for some time while airodump-
ng is running
3. Capture the handshake
Got all that? Good. Let’s roll. 👨‍💻👩‍💻
First, run the command to capture and save packets:
sudo airodump-ng -c <channel number> --bssid <AP BSSID> <network
Airodump capturing packets. Credit: Daniel Iwugo
3000 часов
Русский

Here, we're using the -c flag to specify the channel to search, the -
-bssid flag for the MAC address of the AP, and the -w flag to give a
path you want to save the captured packets to.
Quick lesson: Channels reduce the chances of APs interfering with
each other. When running airodump-ng , you can identify the
channel number under the CH column.
While that is running, you’re going to run your de-authentication
attack against the device connected to it using the command:
sudo aireplay-ng -a <BSSID of the AP> --deauth <time> <network in
The -a flag specifies the MAC address of the AP, --deauth
specifies how long you want the attack to run in seconds, followed
up by the network card.
A de-authentication attack involves using your own network card to
send packets to interrupt communication between the AP and the
client. It’s not perfect and sometimes the client may connect back,
but only for a short time.
If your Wi-Fi is acting crazy and you seem to be disconnecting and
connecting randomly back to it, you may be experiencing a de-
authentication attack.
In the command above, you’re targeting the AP and running the
attack. Note that you can instead attack any device connected to
the AP and you should get the same result. All you need to do is to
change the -a flag to the MAC address of any device connected.
3000 часов
Русский

While the DOS attack is underway, check on your airodump scan.
You should see at the right top : WPA handshake: <mac address> .
Once you have verified that, you can stop the replay attack and the
airodump-ng scan.
Carrying out the replay attack to get the handshake. Credit: Daniel Iwugo
How to Obtain the Password (Hopefully)
In the final steps, you are going to run a bunch of generated Pairwise
Master Keys (PMKs) against the captured packets to get the
password. Let me break it down.
A PMK is basically an algorithmic combination of a word and the
APs name. Our intention is to continuously generate PMKs using a
wordlist against the handshake. If the PMK is valid, the word used to
generate it is the password. If the PMK is not valid, it skips to the
next word on the list.
I’m going to use the rockyou wordlist located in the
/usr/share/wordlists directory. I think this is only found in Kali so
if you have a different OS, you might make one of your own
manually or generate one using crunch .
3000 часов
Русский

If it isn’t already extracted, just run the command:
sudo gunzip /usr/share/wordlists/rockyou.txt.gz
Quick history lesson: The rockyou wordlist is a bunch of passwords
gotten from one of the most infamous cybersecurity data breaches
that affected a company of the same name. It contains
approximately 14 million unique passwords that were used in over
32 million accounts and as such, is one of the most dependable
wordlists on the planet.
Now run the command:
sudo aircrack-ng <captured file with .cap> -w <path to wordlist>
Password cracking. Credit: Mercury
Alright, everyone – mission accomplished 😎.
The password was, well… ‘password’. Pretty disappointing from a
security perspective, but I set this network up just for fun for the
purposes of this tutorial. In reality, this could take minutes to hours
depending on the length and strength of the password.
3000 часов
Русский

To clean up, simply remove the file captures, close your terminals,
and run the command service NetworkManager restart to change
your network card back to managed mode so you can connect to the
Wi-Fi.
Mitigations Against WiFi Attacks
A basic personal workspace setup ¦ Credit: Wallpaperflare.com
Basic Wi-Fi security should cover this attack from a defensive
perspective. Using WPA3 which is a newer protocol is your best bet
against such an attack. To mitigate against de-authentication
attacks, use an ethernet connection if possible.
Assuming that option is not on the table, you can use a strong
passphrase (not a password) to minimise the attackers chances of
getting it. A passphrase is a string of words simply used as a
password. Passphrases tend to be longer than passwords, easier to
remember, and are a rarer practice. Therefore, they will hardly be
found in wordlists.
For example, ‘mercury’ is more likely to be found in a wordlist than
‘mercurylovespluto’. The later is a 15-character passphrase and as
simple as it is, it would be hard for an attacker to find, guess, or
generate.
3000 часов
Русский

Another mitigation would be to disable WPS (Wi-Fi Protected
Setup) and avoid under any circumstance using a router that uses
the WEP protocol. You’d just be asking for unwanted attention as
it’s a lot easier to hack both of these than WPA2.
Conclusion
Let’s summarise what you’ve learned:
1. Change the wireless adaptor to monitor mode using airmon-
ng
2. Scan for the target AP using airodump-ng and capture the
packets
3. Perform a DOS attack on the AP to get the handshake
packets
4. End the DOS once you have verified you captured the
necessary packet
5. Use aircrack-ng to generate PMKs to run against the
handshake packets
Sometimes, the password may not be in the wordlist. In that case,
there are many other ways to get the password such as an Evil Twin
Attack or variations of what you have learned here. I also encourage
you to practice this and many other attacks you discover out there,
as this helps make you a master hacker.
Remember, this is strictly for educational purposes. Only perform
this on others with their consent, or on your own devices.
And with that, we have come to the end of this article. Hope you
enjoyed it. And as I always say, Happy hacking! 🙃
3000 часов
Русский

ADVERTISEMENT
Resources
1. A little more explanation on the handshake theory
2. More details on packets
3. WPA2 vs WPA3
Acknowledgements
Thanks to Anuoluwapo Victor, Chinaza Nwukwa, Holumidey Mercy,
Favour Ojo, Georgina Awani, and my family for the inspiration,
support and knowledge used to put this post together. You’re my
unsung heroes.
Cover photo credit: Lego Gentlemen working on a router from
Wallpaperflare.com
Daniel Iwugo
Just another guy fascinated by the world of Hacking, Cybersecurity and
the Internet
If you read this far, tweet to the author to show them you care.
Tweet a thanks
Learn to code for free. freeCodeCamp's open source curriculum has
helped more than 40,000 people get jobs as developers.
Get started
3000 часов
Русский

freeCodeCamp is a donor-supported tax-exempt 501(c)(3) charity organization (United States
Federal Tax Identification Number: 82-0779546)
Our mission: to help people learn to code for free. We accomplish this by creating thousands of
videos, articles, and interactive coding lessons - all freely available to the public. We also have
thousands of freeCodeCamp study groups around the world.
Donations to freeCodeCamp go toward our education initiatives, and help pay for servers,
services, and staff.
You can make a tax-deductible donation here.
Trending Guides
Exponents in Python
sizeof Operator in C
Dijkstra’s Algorithm
enumerate() in Python
What is an Algorithm?
Parse a Boolean in JS
Python Datetime.now()
Int to String in Java
Python Length of List
Escape a String in JS
What is SQL?
HTML New Line
Python Slicing
JavaScript Range
JS Check for Null
Java List Example
Merge Arrays in JS
JS Modulo Operator
What is a REST API?
JavaScript Encoding
JavaScript Get Request
JS .reverse() Function
Python String to Datetime
What is Prim’s Algorithm?
3000 часов
Русский

Visual Studio vs VSCode
Python Lambda Functions
Python Remove from String
Different Casings Explained
Principle of Least Privilege
Data Structures & Algorithms
Our Charity
About Alumni Network Open Source Shop Support Sponsors Academic Honesty
Code of Conduct Privacy Policy Terms of Service Copyright Policy
3000 часов
Русский

Wi-Fi Hacking 101 – How to Hack WPA2 and Defend Against These Attacks.pdf

Recommended

Recommended

More Related Content

Similar to Wi-Fi Hacking 101 – How to Hack WPA2 and Defend Against These Attacks.pdf

Similar to Wi-Fi Hacking 101 – How to Hack WPA2 and Defend Against These Attacks.pdf (20)

Wi-Fi Hacking 101 – How to Hack WPA2 and Defend Against These Attacks.pdf