Aircrack/WPA Cracking
From charlesreid1
Now that we've successfully walked through setting up our router as a WEP access point and cracked it on the Aircrack/WEP Cracking page, let's try attacking a WPA encrypted network.
Note that WPA and WPA2 are different. See below for notes.
The Background
As with the WEP attack we covered, this attack will use aircrack-ng to capture lots and lots of packets, then use those packets to brute-force guess the wireless network's passphrase.
WPA or WPA2?
The two are actually different, and as you'd guess, WPA is the weaker one, WPA2 is stronger and improved. However, as with anything in security, the chain is only as strong as the weakest link, which means that routers with WPA or WPA2 enabled are still vulnerable to WPA attacks.
In fact, my wireless router even recommends that I use a WPA-WPA2 mixed mode!
The Hardware
The hardware for simulating this attack on my home network consisted of:
- a router/wireless access point - this router controls the wireless network being attacked
- a laptop running Kali Linux - this is where the attack is being launched from
- a third party on the network (e.g., a phone or a desktop) - not sure if this is necessary
The Software
You'll need a laptop running Kali, which will have aircrack-ng installed. That should be all the software you need.
The Procedure
Set Router to WPA
Before doing anything else, we'll change the wireless security protocol of the router to either WPA or mixed WPA/WPA2 encryption.
Now let's pick an easy password, for the sake of example. Like, uh, the word password.
Now we've got our WPAWPA2-enabled router with our super-secure password of "password" - time to get to work.