How I managed to hack an WPA2 network in 10 minutes?

Introduction:

WPA2 is an common network security used in many place, it was released to ensure better security and robusteness compared to WPA. However with modern attack methodology , wpa2 is considered an vulnerable network. It contains several security issues such as 4-Way handshake attack , DHCP spoofing , MAC spoofing,etc.

In this tutorial, you will learn how to hack an WPA2 Wi-Fi network in less than 10 minutes.

Preparing your environment:

To proceed this attack, you will need to have an wireless adaper which supports packet sniffing. If your Wireless adapter is not compatible to perform these attacks, consider purchasing an external wireless adaper.

I will be using Linux for this attack, if you want the full experience of learning, I would suggest any debian based linux.

Once your’re ready with everything, move to the next steps.

Enabling monitor mode

To hack an Wi-Fi network, we should monitor the available network in the surrounding. To do that, we enable network monitoring mode in our wireless adapter. Usually our network adapters will be in managed mode, which allow us to connect to internet . When we switch to monitor mode, we may not be able to connect to any network service but its not a issue. We will also see how to enable managed mode and connect to the network in the end of this tutorial.

type the following command on your linux terminal, I suggest to change your user to root for the best experience.

iwconfig

This command displays information about the wireless extensions available in your wireless adapter. If all the outputs in right side are “no wireless extention” , you may not be able to proceed with the next steps.

Command to check available Network Adapters

Use the above image as your reference, you need to note the name of the interface. In my case , its wlan0. Now I need to change the mode from managed to monitor mode.

Type the following commands now

ifconfig <your_interface_name> down

airmon-ng check kill

airmon-ng start <your_interface_name>

ifconfig <your_interface_name> up

Commands to Enable Monitor mode

Make sure to replace the <your_network_interface> to the network interface stated in your device.

You may have noticed you are not able to connect to internet anymore, it’s because the NetworkManager service is killed. Its not a reason to worry about so lets move on with our next steps.

Packet sniffing

Since we enabled monitor mode successfully, we can start capturing packets. To do that , type the following command.

airodump-ng <your_network_interface>

This will start capturing all the network packets flowing through your surrounding. It provides various information about the network such as bssid, channel , encryption , essid and much more.

Once you figure out your target network from the list, note the bssid and channels.

Targeting an network

Since we got the bssid and channel of our target network , we can start attacking the wireless network with it. In this tutorial, we will be attacking the nwtrok through 4-way handshake attack. Proceed with the next commands to do the attacks.

airodump-ng <your_network_interface> --bssid <target_network_bssid> 
--channel <target_network_channel> --write <output>

This will provide further information about the network, information includes details about the connected device in the network.

• BSSID | MAC address of the access point.
• PWR | Signal level reported by the card.
• Beacons | Number of announcements packets sent by the AP.
• Data | Number of captured data packets (if WEP, unique IV count), including data broadcast packets.
• #/s | Number of data packets per second measure over the last 10 seconds.
• CH | Channel number (taken from beacon packets).
• MB | Maximum speed supported by the AP.
• ENC | Encryption algorithm in use.
• CIPHER | The cipher detected. One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104.
• AUTH | The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2), or OPN (open for WEP).
• ESSID | Shows the wireless network name.

To execute the 4-way handshake attack successfully, we should wait till an device connects to the network.

Another way is to send deauth packets to the device which is connected to the network already. This attack is called deauthentication attack where an attacker sends large number of deauth packets to the target client and kick them out of the wifi network. As soon as the deauth attack stops, the target client connects back to the Wifi which allow us to capture the 4-Way handshake.

To run deauth attack, run the following command

aireplay-ng --deauth 10 -a <BSSID> -D 

This command will send deauth packets to all devices connected to the target network. Make sure to replace <BSSID> with target networks bssid.

Upon completion of this command, you will notice “WPA Handshake XX:XX:….” in your terminal , check the below image for reference.

WPA handshake captured successfully

Once you see this message on the top, you can turn off the scans and proceed with password attack. You will need to create an wordlist file before you launch the attack. You can generate an wordlist file from crunch easily so make sure to check on it!

Once you created your wordlist file, type the following command to run the password attack using aircrack-ng

aircrack-ng -w <wordlist> <output>.cap

This will run the password attack and if the Wi-Fi password is in the wordlist, you will see it in no time, if the password is not in the wordlist, the attack might become unsuccessful.

Conclusion

WPA2 Hacking is same as an bruteforce attack, if we have proper hardware resource and good wordlist file, the attack will become successful. If we dont have them it fails.

I really hope you have learned something useful from this blog. Consider giving an follow for supporting my contents and thanks for reading till the end.

I will soon upload an video tutorial on how to perform this attack, I will update the link in the blog as soon as I upload it!