In order for this to work, we need at least one connected client who is talking to the AP, but the more clients that are connected simultaneously the easier it’s going to be to capture a WPA2-PSK authentication handshake. This process could take a bit longer to run, especially if there aren’t a lot of clients connected to the AP. At the bottom of the terminal, the list of connected clients should start to populate. airodump-ng is now only capturing packet for the AP we specified, on the channel we specified. Also, the channel field in the upper left corner isn’t hunting, since we specified the channel on the command line. You’ll notice that this airodump-ng output looks similar to the last output, only the list of APs isn’t populating with more than just the one we specified. airodump-ng -c 1 -bssid 00:15:FF:EE:EE:EE -w capture wlan1mon You don’t need to specify an extension for your output file, as several will be created, each with an appropriate extension, automatically. You’ll use your own values, obtained from our previous airodump-ng session to replace mine. In this example I’m using the values that came from my target AP (with the BSSID slightly obfuscated for privacy reasons). That handshake contains a hashed version of the pre-shared key, which we’ll be bruit-forcing later. What we’re looking to capture specifically is a WPA2-PSK authentication handshake between a client and the AP. The output file will contain all of the captured frames that our monitor mode wireless adapter is able to capture. We’re going to specify the name of the channel that our target AP is running on with the -c switch, the name of the BSSID with the –bssid switch, and the name of an output file with the -w switch. While doing this, we’re also going to specify additional parameters that we didn’t specify before. Once we have that information, we’ll be able to use airodump-ng to target that AP and its connected clients specifically. Since we’re targeting WPA2-PSK in this example, we’ll have to choose an AP whose encryption type is listed as WPA2, and whose AUTH type is PSK.
We’ll need to note the BSSID, ESSID, and channel of the AP. airodump-ng wlan1monįrom this list, we’ll choose an AP to target. To do this, we’ll run airodump-ng in its most basic form, only taking a single parameter – the name of the monitor interface.
Now let’s see what access points are near us, and choose one to target. If you aren’t sure what’s happening here, please refer to the previous article. We’ll start by putting our USB Wi-Fi adapter in monitor mode. Setting Up Our Adapter and Choosing a Target Once we’re able to obtain that PSK, we’ll be able to associate with the access point and begin prodding around whatever network it’s connected to. Now that we have all of that information, we can choose a single AP to be our target for the purposes of trying to break the WPA2 pre-shared key (PSK) that’s configured on the access point. We also looked at the standard output of airodump-ng, and were able to gain a bunch of good information about all of the access points around us, including their ESSID, BSSID, what channel they were operating on, what type of encryption they’re using, and what type of authentication they’re using. Using this logic we get the numbers of handshakes shown in the table below.In my last post we went through setting up an external USB Wi-Fi adapter and went through the configuration steps to put the adapter into monitor mode.
0 kommentar(er)
