Time for action – cracking WPA-PSK weak passphrase
Follow the given instructions to get started:
Let us first connect to our access point Wireless Lab and set the access point to use WPA-PSK. We will set the WPA-PSK passphrase to abcdefgh, so that it is vulnerable to a dictionary attack:
We start
airodump-ngwith the commandairodump-ng–bssid00:21:91:D2:8E:25–channel11–writeWPACrackingDemo mon0, so that it starts capturing and storing all packets for our network:
Now we can wait for a new client to connect to the access point, so that we can capture the four-way WPA handshake or we can send a broadcast de-authentication packet to force clients to reconnect. We do the latter to speed things up:
As soon as we capture a WPA handshake,
airodump-ngwill indicate it on the top-right corner of the screen with aWPAHandshake:followed by the access point's BSSID:
We can stop
airodump-ngnow. Let's open up thecapfile in Wireshark and view the four-way handshake. Your Wireshark terminal should...
