that would include the relevant radio headers, though you would need to tell
airodump-ng
that you wanted to write out the files. Otherwise, you would just get
output to the screen. You would pass
-w
and a prefix to the command. The prefix is
used to create the files, including a
.cap
file.
Once you have your
.cap
file, you also need a password file. Fortunately, Kali has sev‐
eral of them in
/usr/share/wordlists
. You can also download others from online sour‐
ces. These are dictionaries that would have to include the password or passphrase
used by the wireless network. Just as with any password attack, you won’t be success‐
ful unless the actual password is in the dictionary you are using. This is because the
brute-force attack will compare what was captured against what was generated from
the password. Once you have those elements, you could take a run at cracking the
passwords with something like the following command:
cowpatty -r test-03.cap
-
f
/usr/share/wordlists/nmap.lst -s TP-Link_862C
.
Aircrack-ng
We’ve been using tools from the Aircrack-ng suite but we haven’t talked about using
aircrack-ng
to crack passwords. It’s a powerful tool that can crack WEP and WPA
passwords. What
aircrack-ng
needs is a large collection of packets that can be used to
crack against. What
aircrack-ng
does is a statistical analysis from the packets captured
by using a password file to compare against. The short version of what could be a
much longer description (and if you are interested in a longer version, you can read
the
documentation
) is that it’s all math and not just hashing and comparing. The pro‐
gram does a byte-by-byte analysis to obtain the passphrase used.
