ObjectiveTest the security of your WiFi password by attacking it
DistributionsThis will work with any Linux distribution, but it's recommended that you use Kali.
RequirementsA working Linux distribution with a WiFi adapter and root privileges.
- # - requires given linux commands to be executed with root privileges either directly as a root user or by use of
- $ - requires given linux commands to be executed as a regular non-privileged user
IntroductionMost people have terrible passwords, and WiFi is no exception. Your WiFi password is your primary line of defense against unwanted access to your network. That access can result in a whole host of other nasty things because an attacker can monitor the traffic on your network and even gain direct access to your computers.
The best way to prevent such an intrusion is to use the same tools an attacker would to test the security of your WiFi password.
Install Aircrack-ngThis guide is going to use the Aircrack suite of tools. They're already installed on Kali, so you won't have to do anything. If you're on another distro, they're in your repositories.
$ sudo apt install aircrack-ng
BLUE SKY STUDIOS are looking for Linux Administrator to maintain and support the Studio's 450+ production Linux workstations, including daily interactions with the Studio’s digital animation artists.
LOCATION: Greenwich, Connecticut, USA
Scan For Your NetworkFirst, find out what the name of your wireless interface is with
ip a. Once you have it, you can use
airmon-ngto create a virtual monitoring interface on it.
$ sudo airmon-ng start wlan0The result of the command will give you the name of the new virtual interface. It tends to be
Dump the results of the monitor into a terminal, so you can see them.
$ sudo airodump-ng mon0You can see a table of data pertaining to wireless networks in your area. You only need information about your own network. Look for it, and note the BSSID and the channel that it's on.
Dump The Results To A FileNext, you're going to log the results of a scan to a file. That capture log will be needed by Aircrack to run a brute force attack on the network later. To get your capture, you're going to run the same command as before, but you'll specify your BSSID, channel, and the log location.
$ sudo airodump-ng -c 1 --bssid XX:XX:XX:XX:XX:XX -w Documents/logs/wpa-crack mon0Fill in your actual information before running the command, and leave it running.
Disconnect A ClientOpen a new terminal. You're going to use this one to disconnect one of the clients on your network. Take a look at the lower table in your other window running
airodump-ng. It contains the BSSID of your network along with the BSSIDs of the clients. Pick one, and use the following linux command with that information.
$ sudo aireplay-ng -0 0 -c CLIENT BSSID -a NETWORK BSSID mon0You may need to add the
--ignore-negative-oneflag to the command. That command will run indefinitely, continuously disconnecting that client. In the first line of the
airodump-ngwindow, look for a message concerning a handshake to appear at the end of the line. It'll be harder to see if you had to run
--ignore-negative-onebecause a message about that will occupy the same space, causing the handshake message to flash for a second before being overwritten.
After only a couple of minutes, you can safely stop the disconnect requests and the dump. You can stop sooner if you see a handshake message.
Get A WordlistBrute force attacks run down a wordlist, testing each possibility. So, in order to carry one out, you'll need a wordlist to test with. Kali Linux comes with a few already. If you're on a different distro, you can find some online, but the best way to get them is from Kali. It's worth loading a live CD or a VM just to pull them off.
On Kali, they're located in
/usr/share/wordlists. The one this guide will cover is
rockyou.txt, but you can use any of the ones there.
If you really want to be obsessively thorough, you can use Crunch to create your own wordlists. Beware, they can be absolutely massive.
Attack!Now that you have your wordlist and your capture, you're ready to carry out the attack. For this one, you'll be using the actual
aircrack-ngcommand and passing it the wordlist and the capture.
$ sudo aircrack-ng -w rockyou.txt Documents/logs/wpa-crack-01.capIt can take a seriously long time to go through this list, so be patient. If you have a more powerful desktop, there's nothing wrong with installing Aircrack on it, and transferring both files there.
When Aircrack finished, it'll let you know if it found the password or not. If it did, it's time to change your password.
Closing ThoughtsRemember this process should only ever be used to test your own security. Using it on someone else's network is illegal.
Always use strong passphrases with as many characters as possible and include special characters and numbers. Avoid common dictionary words if possible.