- Introduction to Radio Frequency
- Wireless Hacking (WEP and WPA2)
- RFID Hacking (HID Prox and MIFARE)
- Bluetooth Hacking (Bluelog/bluesnarfer/Wireshark/etc)
Many thanks to INIT_SIX for also pointing out a quick way to reduce the size of your WPA handshake captures using pyrit:
pyrit -r /path/to/capture.cap -o /path/to/handshake-only-output.cap strip
Add the “-e” or “-b” switches to filter down to just a single AP by ESSID or BSSID respectively:
pyrit -r capture.cap -o output.cap -b "99:88:77:66:55:44" strip
That’s it! Good hunting!
Many thanks to INIT_SIX for recommending this quick-hit update to the previous WPA wireless attack article. If you find yourself making packet captures and airodump-ng reports that the handshake was captures, but aircrack-ng (or your tool of choice) is having issues, it’s time to break out some manual packet analysis. Let’s verify that capture!
The following is a quick-hit list of commands for attacking a WPA wireless network. It assumes you are using a 2016 variant of Kali linux with the aircrack-ng suite installed and a wireless network card that can be placed into monitor mode (which should be about 100% of them). It also assumes that there is a WPA network with an associated client that is transmitting, and that you are running as a user with sufficient permissions to execute each of these commands.
For the sake of this tutorial the AP will be assumed to have a MAC address of “99:88:77:66:55:44” and the client will be assumed to have a MAC address of “00:11:22:33:44:55”. The wireless network card we will use will be assumed to be “wlan0”.
If a presentation is more your style of learning you can access training on this topic here: Wireless Attacks – WPA & WPS (basic_0x01)