Password Cracking on WiFi

Download 22,59 Mb. Pdf ko'rish
bet	198/225
Sana	14.05.2024
Hajmi	22,59 Mb.
	#232856

1 ... 194 195 196 197 198 199 200 201 ... 225

Bog'liq
learningkalilinux

218 | Chapter 7: Wireless Security Testing

Password Cracking on WiFi
The purpose of performing password cracking on a WiFi network is to get the pass‐
phrase used to authenticate against the AP. Once we have the passphrase, we can get
access to the network, which we shouldn’t have access to. From the standpoint of
working with an employer or client, if you are capable of cracking the password, a
malicious attacker will be able to as well. This could mean vulnerabilities in the
encryption mechanism used or it could mean a weak passphrase. Either way, this is
something that the business should resolve to prevent unauthorized access to the net‐
work.
A few tools can be used to perform password attacks against WiFi networks. Keep in
mind that you could be working against two encryption mechanisms: WEP and
WPA. It’s less likely you will run across a WEP network, but you may still see them. If
you do, you should strongly encourage your client or employer to do what they can to
replace the AP and network. You may find they are stuck with it for legacy reasons, so
218 | Chapter 7: Wireless Security Testing

it’s worth keeping that in mind. The other encryption mechanism that you will run
across is some form of WPA. Again, you shouldn’t see WPA, but instead you should
see WPA2. If you run across WPA, you should strongly encourage that it be replaced
with WPA2.
besside-ng
The first tool we will take a look at is
besside-ng
. Before we do that, though, we’re
going to scan for BSSIDs again, though we’ll do it in a different way. We’re going to
use another tool from the
aircrack-ng
package. This tool puts your wireless interface
into monitor mode and in the process creates another interface that can be used to
dump traffic on. To enable monitor mode, we use
airmon-ng start wlan0
when the
wireless interface is
wlan0
. Once
airmon-ng
is started, the interface
wlan0mon
is cre‐
ated.
airmon-ng
will tell you the name of the interface that’s created, since yours may
be different. Once we have monitor mode enabled, we can use
airodump-ng
wlan0mon
to monitor the traffic with the radio headers, which is enabled by
airmon-
ng
.
Example 7-6
shows the output from
airodump-ng
.
Example 7-6. Using airodump-ng
CH
10
][
Elapsed:
6
mins
][
2018-02-25 19:41
BSSID PWR Beacons
#Data, #/s CH MB ENC CIPHER AUTH ESSID
78:28:CA:09:8E:41 -1
0
16
0
1
-1 WPA 70:3A:CB:52:AB:FC -10
180
259
0
1
54e. WPA2 CCMP PSK CasaC
18:D6:C7:7D:EE:11 -29
198
121
0
1
54e. WPA2 CCMP PSK CasaC
70:3A:CB:4A:41:3B -44
162
92
0
11
54e. WPA2 CCMP PSK CasaC
C4:EA:1D:D3:78:39 -46
183
0
0
6
54e WPA2 CCMP PSK Centu
50:C7:BF:82:86:2C -46
118
0
0
5
54e. WPA2 CCMP PSK TP-Liq
C4:EA:1D:D3:80:19 -49
57
39
0
6
54e WPA2 CCMP PSK Centuq
q
BSSID STATION PWR Rate Lost Frames Probe
(
not associated
)
1A:BD:33:9B:D4:59 -20
0
-
1
0
6
(
not associated
)
26:D6:B6:BE:08:7A -42
0
-
1
0
6
(
not associated
)
44:61:32:D6:46:A3 -46
0
-
1
0
90
CasaChien
(
not associated
)
64:52:99:50:48:94 -48
0
-
1
0
12
WifiMyqGdo
(
not associated
)
F4:F5:D8:A2:EA:AA -46
0
-
1
0
3
CasaChien
78:28:CA:09:8E:41 94:9F:3E:01:10:FB -28 0e-
0
79
53
Sonos_lHe9q
70:3A:CB:52:AB:FC 94:9F:3E:01:10:FA -26
36
-24
0
101
70:3A:CB:52:AB:FC C8:DB:26:02:89:62 -1 0e-
0
0
3
70:3A:CB:52:AB:FC 94:9F:3E:00:FD:82 -36
0
-24
0
27
18:D6:C7:7D:EE:11 44:61:32:8C:02:9A -46
0
- 1e
240
117
CasaChien
This gives us the list of BSSIDs as well as the encryption details. We know that most
of them are using WPA2 with the Counter Mode Cipher Block Chaining Message

Download 22,59 Mb.

1 ... 194 195 196 197 198 199 200 201 ... 225

Download 22,59 Mb.

Pdf ko'rish