Presentation is loading. Please wait.

Presentation is loading. Please wait.

Crack WPA Lab Last Update 2014.06.11 1.0.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com.

Similar presentations


Presentation on theme: "Crack WPA Lab Last Update 2014.06.11 1.0.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com."— Presentation transcript:

1 Crack WPA Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.

2 Objective In this lab we will see how to recover the WPA and WPA2 PSK using the tools included with Kali Linux Copyright 2014 Kenneth M. Chipps Ph.D. 2

3 Source This lab is based on the article –Tutorial: How to Crack WPA/WPA2 from the aircrack-ng.org website Copyright 2014 Kenneth M. Chipps Ph.D. 3

4 Equipment Used In this example the wireless network will be created using a Linksys WAP610N access point To recover the key, tools included with Kali Linux will be run from a Virtual Box virtual machine The wireless NIC attached to the computer running the virtual machine is an Alfa AWUS036H Copyright 2014 Kenneth M. Chipps Ph.D. 4

5 Equipment Used This NIC was selected as it is supported natively by both Windows and Linux It also works well for this purpose with the Kali Linux tools A computer with a wireless NIC will be needed to connect to the access point in order to generate the authentication handshake Copyright 2014 Kenneth M. Chipps Ph.D. 5

6 Configure the Access Point For this example the access point needs to be set to –WPA PSK or WPA2 PSK as the security mode –AES as the encryption method –password as the preshared key –Channel 6 –802.11b Copyright 2014 Kenneth M. Chipps Ph.D. 6

7 Configure the Access Point Copyright 2014 Kenneth M. Chipps Ph.D. 7

8 Configure the Access Point Copyright 2014 Kenneth M. Chipps Ph.D. 8

9 Install the NIC Plug the Alfa NIC into the computer with just the base operating system running Let the operating system install the driver and activate the NIC Copyright 2014 Kenneth M. Chipps Ph.D. 9

10 Create the Virtual Machine Start Virtual Box Using the normal procedures create a virtual machine using these settings –Operating System Ubuntu 32 bit –Memory 1024 –Hard Drive Size 16 Copyright 2014 Kenneth M. Chipps Ph.D. 10

11 Install Kali Linux Copy Kali Linux to a location on the computer where you can find it Start the virtual machine created above When it asks for the location of the operating system file, click on the small file folder and select the location of the Kali Linux iso file Wait for Kali Linux to load and run Copyright 2014 Kenneth M. Chipps Ph.D. 11

12 Attach NIC to Kali Linux As the wireless NIC is a USB device it must be attached to this virtual machine To do this in Virtual Box from the Kali Linux virtual machine menu bar select –Devices USB Devices –The name of the wireless NIC The device driver for the virtual machine will be loaded Copyright 2014 Kenneth M. Chipps Ph.D. 12

13 Attach NIC to Kali Linux The wireless NIC will appear in Kali Linux Copyright 2014 Kenneth M. Chipps Ph.D. 13

14 Key Recovery Method WPA and WPA2 PSK are perfectly acceptable methods to use to restrict access to an based wireless network in the appropriate environment if you use a strong enough passphrase Any common phrase will be included in a dictionary that can be used to mount a brute force attack as we will do here Copyright 2014 Kenneth M. Chipps Ph.D. 14

15 Key Recovery Method Mounting such an attack can take from minutes to days depending on how strong the passphrase is The method used here is to utilize aireplay-ng to capture the four way handshake used when a device wants to connect to the access point Copyright 2014 Kenneth M. Chipps Ph.D. 15

16 Key Recovery Method The WEP method of deciphering the static key using initialization vectors will not work here since the since the key is not static in WPA and WPA2 Copyright 2014 Kenneth M. Chipps Ph.D. 16

17 Cracking Steps The steps required to break WPA and WPA2 PSK are –Start the wireless interface in monitor mode on the channel being used by the access point –Start airodump-ng on the channel with a filter based on the access point’s MAC address to collect the authentication handshake –Run aircrack-ng to crack the key using the authentication handshake Copyright 2014 Kenneth M. Chipps Ph.D. 17

18 Start NIC in Monitor Mode The NIC needs to be in monitor mode so that it can hear all wireless frames instead of just the ones addressed to it To do this start a terminal session Stop the NIC by entering where wlan0 is the name of the NIC you are using as displayed from the Linux command line using the iwconfig program –airmon-ng stop wlan0 Copyright 2014 Kenneth M. Chipps Ph.D. 18

19 Start NIC in Monitor Mode Run iwconfig again to be sure there are no other wireless NICs running Start the NIC in monitor mode –airmon-ng start wlan0 6 where 6 is the channel number the access point is using The OS should report that the NIC is in monitor mode Copyright 2014 Kenneth M. Chipps Ph.D. 19

20 Start NIC in Monitor Mode It may take a minute or so Copyright 2014 Kenneth M. Chipps Ph.D. 20

21 Start NIC in Monitor Mode Copyright 2014 Kenneth M. Chipps Ph.D. 21

22 Start NIC in Monitor Mode If it also lists some processes that need to be turned off so that they do not interfere with this process turn them off using the kill command For example in my case –kill 2479 –kill 2509 –kill 3381 Copyright 2014 Kenneth M. Chipps Ph.D. 22

23 Expand the Wordlist The dictionary file that the capture file will be run against must be expanded before aircrack-ng can use it Run these commands –cd /usr/share/wordlists –gzip –d rockyou.txt.gz The result should be a file named –rockyou.txt Copyright 2014 Kenneth M. Chipps Ph.D. 23

24 Capture the Handshake Let’s capture the four way handshake Start another terminal session Run this command all on one line –airodump-ng –c 6 --bssid 00:23:69:7B:10:10 – w psk wlan0 Boot another computer Have it connect to the access point –This process may take seconds or days Copyright 2014 Kenneth M. Chipps Ph.D. 24

25 Capture the Handshake Copyright 2014 Kenneth M. Chipps Ph.D. 25

26 Recover the Key To extract the passphrase open a terminal and run this command –aircrack-ng –w /usr/share/wordlists/rockyou.txt –b 00:23:69:7B:10:10 ~/psk*.cap In this case as the aircrack-ng terminal screen shows the passphrase is –password Copyright 2014 Kenneth M. Chipps Ph.D. 26

27 Finish the Lab Stop all of the programs running in the terminal windows by using Ctrl C Close all of the terminal windows Logout of Kali Linux Stop the virtual machine Copyright 2014 Kenneth M. Chipps Ph.D. 27


Download ppt "Crack WPA Lab Last Update 2014.06.11 1.0.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com."

Similar presentations


Ads by Google