Aircrack-ng
Aircrack-ng WEP Attack
understand your pcap
it will prompt you to select the network, and then it will try to recover the key
if your attack is successful the key will look something like this
WEP Key Decrypt Wireshark Capture
with key in hand go to: Edit | Preferences
Expand Protocols tree, and then scroll and select the IEEE 802.11
Make sure the Wireshark Ignore the Protection bit option is set to No.
Make sure Enable decryption is selected
To specify a key to use in decryption, click the Edit... button to open the WEP and WPA Decryption Keys dialog
add your key by pressing the
+buttonHit Ok twice and your packets will be decrypted
Four way Handshake Cracking
Easy to filter on handshake traffic with
eapolWireshark filterIf you have the 4 way handshake it can be cracked with
if that is failing due to the password not being in the wordlist you can easily add permutation to it
hcxpcapngtool for Hashcat
before being utilizing hashcat to crack to crack a handshake we need to conver it with hcxpcapngtool
examining the file
there was only one handshake captured, however we can see two hashes.
the first one is the PMKID and the second is the the four way handshake hash
Note: The PMKID hash is outputted to the file even if that AP DOES NOT support PMKID. That means hashcat will never crack the hash if the AP does not support PMKID.
the PMKID hash can be filtered out
Hashcat Mask Attack
Many AP companies will have passwords with only partial variations, save yourself the time with a mask attack
-m 22000 is for WPA2-PSK
Last updated
