3.8
- Automating attacks against WPA/WPA2
- Previously
introduced Gerix Wifi Cracker software helps to automate attacks
against Wi-Fi encryption, both for WEP and WPA/WPA2 versions.
- For
starting Gerix from the "kali" command shell:
- Gerix
is launched:
- In
this practice the AP will be set to WPA2 with AES-CMMP encryption,
being the key A54321z$:
- Clicking
the Configuration tab:
- The
option Enable/Disable Monitor Mode creates the virtual mon0 attached
to the physical interface wlan0:
- Gerix
includes a small real-time log that informs the user about the
performed actions:
- One
good practice from the attacker's point of view is to change the MAC
address, with the purpose of covering tracks of the attack. The
option Set random MAC address does the trick:
- Next,
Gerix is forced to scan available networks in the sorroundings:
- As
usual, the "spaniard" network is choosen for being
attacked:
- Clicking
the WPA tab, the WPA attack is started. The functionality Start
Sniffing and Logging is enabled:
- Gerix
detects the "spaniard" network, with MAC address
00:25:F2:9B:91:23 , using WPA2-CCMP encryption. Also, the client
"roch" whith MAC addresss 28:C6:8E:63:15:6B is detected:
- Because
it is necessary to capture some packets from the WPA handshake
process, a deauthentication set of messages needs to be sent to the
victim, which MAC address is introduced:
- The
deauthentication process starts:
- aireplay-ng sends 4 packets directed to the victim, "roch":
- For starting the bruteforce cracking attack, a dictionary is added: diccionario.txt
- The
attack is launched clicking the tab Aircrack-ng - Crack WPA password:
- After
2 minutes and 13 seconds, the key is found: A54321z$
