Aircrack- ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools
4. What is Aircrack-ng?
• Aircrack-ng is the primary application with the aircrack-ng suite, which
is used for password cracking.
• It's capable of using techniques to crackWEP and dictionary cracks for
WPA andWPA2 after capturing the WPA handshake.
12/18/2018ahmadyark1@gmail.com 4
5. Wired Equivalency Privacy (WEP)
• Developed in the late 1990’s as the first encryption algorithm for the 802.11
standard, WEP was designed with one main goal in mind:
• to prevent hackers from snooping on wireless data as it was transmitted
between clients and access points (APs). From the start, however, WEP
lacked the strength necessary to accomplish this.
12/18/2018ahmadyark1@gmail.com 5
6. WEP Continue..
• Cyber security experts identified several severe flaws inWEP in 2001,
eventually leading to industry wide recommendations to phase out the use
ofWEP in both enterprise and consumer devices.
• After a large-scale cyber attack executed againstT.J. Maxx in 2009 was
traced back to vulnerabilities exposed by WEP.
12/18/2018ahmadyark1@gmail.com 6
7. What isWPA ?
• Stands for "Wi-Fi Protected Access.“
• WPA is a security protocol designed to create secure wireless (Wi-Fi)
networks. It is similar to the WEP protocol, but offers improvements in the
way it handles security keys and the way users are authorized.
12/18/2018ahmadyark1@gmail.com 7
8. Continue..
• For an encrypted data transfer to work, both systems on the beginning and
end of a data transfer must use the same encryption/decryption key. While
WEP provides each authorized system with the same key,WPA uses the
temporal key integrity protocol (TKIP), which dynamically changes the key
that the systems use.This prevents intruders from creating their own
encryption key to match the one used by the secure network.
12/18/2018ahmadyark1@gmail.com 8
9. Continue…
• WPA also implements something called the Extensible Authentication
Protocol (EAP) for authorizing users.
• Instead of authorizing computers based solely on their MAC address, WPA
can use several other methods to verify each computer's identity. This
makes it more difficult for unauthorized systems to gain access to the
wireless network.
12/18/2018ahmadyark1@gmail.com 9
10. WPA2
• Developed by the U.S. government to protect classified data.
• As the successor toWPA, the WPA2 standard was ratified by the IEEE in
2004 as 802.11i.
• AlthoughWPA2 still has vulnerabilities, it is considered the most secure
wireless security standard available.
12/18/2018ahmadyark1@gmail.com 10
11. Continue…
• WPA2TKIP with Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (CCMP)
• Also meant to be backward-compatible, WPA2 supportsTKIP as a fallback if
a device cannot support CCMP.
12/18/2018ahmadyark1@gmail.com 11
12. Continue…
• CCMP protects data confidentiality by allowing only authorized network
users to receive data, and it uses cipher block chaining message
authentication code to ensure message integrity.
12/18/2018ahmadyark1@gmail.com 12
13. Tools Used
1. Wi-Fi Booster
2. VMware Workstation
3. Kali Linux
12/18/2018ahmadyark1@gmail.com 13
14. Wi-Fi Booster
1. Make broadband wireless in possible coverage
2. Strengthen radio signal to increase the effective range and coverage area
for effective range and coverage area forWi-Fi communication.
3. Install easily, just plug in and play.
4. Save lots of wiring costs
12/18/2018ahmadyark1@gmail.com 14
15. VMwareWorkstation
1. Secure way to run multiple operating systems at the same time.
2. It is an integral component of any serious technical professional’s toolkit.
3. It offers the broadest host and guest operating system support, the richest
user operating system support, the richest user experience, and the most
comprehensive experience, and the most comprehensive feature set.
12/18/2018ahmadyark1@gmail.com 15
16. Kali Linux
• Kali Linux is a Debian-derived Linux distribution designed for digital
forensics and penetration testing. It is maintained and funded by Offensive
Security Ltd
12/18/2018ahmadyark1@gmail.com 16
18. Process
• Install aVMware workstation on your Computer
• Open theVMware workstation and install Kali Linux on it
• After completing installation
• Go toVM>Removable Device
• And now connect yourWi-Fi Booster orWi-Fi Receiver on it.
12/18/2018ahmadyark1@gmail.com 18
19. Penetration Of AWireless Network StartsWith
Logging Into Kali
• If you haven’t already login to Kali, the default login information
is: root(Username) and toor (Password)
12/18/2018
ahmadyark1@gmail.com
19
20. WPA Handshake?
• How do hackers or remote attackers obtain the WPA or
WPA2Handshake from a wireless access point easily?
By launching a Wi-Fi bomb they can force all users to disconnect the access
point for a few seconds. Their software will automatically reconnect and this
way they sniff the connection handshake.
12/18/2018ahmadyark1@gmail.com 20
21. How WIFI works?
• Wi-Fi transmits signal in the form of packets in air so we need to capture all
the packets in air so we use airodump to dump all the packets in air .After
that we should see that if any one is connected to the victim Wi-Fi. If anyone
is not connected the Wi-Fi, cracking is not possible as we need a wpa
handshake. We can capture handshake by sending DE authentication
packets to client connected toWi-Fi. Aircrack cracks the password.
12/18/2018ahmadyark1@gmail.com 21
22. “iwconfig” command
This command is need to know the name of the wireless adapter
connected to the computer because computer has many adapters
connected.
12/18/2018ahmadyark1@gmail.com 22
24. “airmon-ng check kill” command
• This script can be used to enable monitor mode on wireless interfaces. It
may also be used to go back from monitor mode to managed mode.
Entering the airmon-ng command without parameters will show the
interfaces status.
12/18/2018ahmadyark1@gmail.com 24
26. “airmon-ng start wlan0” command
• This command will enable the monitor mode on the Wi-Fi card. So while
using interface in any terminal or command line use “wlan0mon”.
12/18/2018ahmadyark1@gmail.com 26
28. ”airodump-ng wlanOmon” command
• This will display all the access points in your surroundings and also the
clients connected to that access points
• All the user using this Wi-Fi router.
12/18/2018ahmadyark1@gmail.com 28
30. “airodump-ng -c channel –bssid [bssid of Wi-Fi] -w [path to
write the data of packets] wlan0mon[interface]” command
• -bssid in my case bssid is indicated with red mark.
• -c channel is the channel of victim Wi-Fi in my case it is 10(see in previous
screenshot for channel number)
• -w It is used to write the captured data to a specified path in my case it is
‘/root/Desktop/hack’.
• Interface in my case is wlan0mon
12/18/2018ahmadyark1@gmail.com 30
33. “aireplay-ng –deauth 10 -a [router bssid]
interface” command
•In this step we DE authenticate the connected clients
to theWi-Fi
•All the users connected toWi-Fi router disconnects.
12/18/2018ahmadyark1@gmail.com 33
35. •After this the client tries to connect to theWi-Fi
again. At that time, we will capture the packets
which sends from client. From this result, we
will get wpa handshake.
12/18/2018ahmadyark1@gmail.com 35