Cracking WiFi WPA2 Handshake

in this video i'm going to show you how to use airmon-ng to discover wireless networks around you then i'm going to show you how to de-authenticate clients from a specific wireless network so that you can capture the four-way handshake open up the four-way handshake within wireshark but also decrypt or hack the wi-fi password now before we continue please consider subscribing to my youtube channel if you enjoy this type of technical hacking content i cover a whole bunch of hacks on my youtube channel and a whole bunch of other technical information so please consider subscribing to

my youtube channel please like this video if you enjoy the content and click on the bell to get notifications okay let's get started now the first thing you need is a wi-fi network adapter that supports monitor mode i often get asked the question why can't i just use my built-in wi-fi adapter and you could if it supports monitor mode and injection mode but this is my recommended or one of my recommended wi-fi network adapters it's an alpha network adapter i recommend this wi-fi adapter because it works seamlessly with kali please note that alpha are not

sponsoring me to say that this is just one of the wi-fi network adapters that i find really useful okay so the first thing you need is a wi-fi network adapter in this example i'm using kali linux or kali linux if you prefer within a virtual machine running on this windows 10 laptop now you could run kali natively if you preferred but in this example i'm simply running it within a virtual machine on windows first thing you need to do is plug in the wi-fi network adapter okay so now that it's plugged in i'm asked by

vmware where do i want to connect it in my example i want to connect it to the kali virtual machine now in a separate video which i've linked here and below i showed you how to get kali up and running within vmware player that's what i'm using here so if you don't have kali linux installed and running then have a look at that video now that the network adapter is plugged in i'm going to open up a terminal window and i'm going to use a command ip address to see ip addresses and interfaces on this

virtual machine this is what we want to see we've got a wireless lan adapter at the moment the state is down but it's important that we see a wi-fi network adapter you can also use the command iwconfig if you prefer and that shows us that we have a wifi network adapter at the moment the mode is managed we're going to change that to monitor mode in a moment but the first thing you want to make sure is that you've got a wi-fi network adapter that's recognized by kali next thing we need is a wi-fi network

to attack so for this demonstration i've got a tp-link router which i've purchased this is a tp-link router that i'm going to use simply for demonstration purposes so this is a network that i own i'm not attacking someone else's network please do not use the information that i'm sharing in this video for non-ethical purposes what i'm sharing here is for educational purposes only i have to say this otherwise i get into trouble so please bear with me only use this for ethical hacking purposes only attack networks that you own or have permission to attack once

again i'm attacking my own network here for demonstration and educational purposes only okay so once again iw config shows us that a wi-fi adapter is connected what i will show you here is i do have this release of kali so cat etsy os release shows me that i'm using kali 20204 you could also use unnamed a to see details of the linux version so once again i'm using kali in this example okay so the next step is to run sudo that gives us root privileges we're going to use airmon-ng to check for any conflicting processes

and kill them we can see that this process was killed now in your example you may see a whole bunch of other processes that get discovered and get killed and that's fine just make sure that you type this command so that you don't have any conflicting processes that interfere with what we're trying to do now to make this easier for you i've put all the commands below this video so if you want to follow along with what i'm doing then please watch the full video but if you need the commands as a reference i've put

them below okay so once again iwconfig shows us that the wireless network interface is in managed mode but what we want to do is put it into monitor mode by using the command sudo amon ng start wlan zero we can see that monitor mode is now enabled iwconfig shows us that the mode has changed from managed mode to monitor mode you can also confirm that by using the command sudo m on ng notice the wireless interface is now wlan 0 mon before it was wlan0 but now it's changed to wlan zero mon okay so now

let's discover the access points and hopefully i'll discover that access point behind me to do that we use the command sudo aerodump w lan zero mon and as you can see a whole bunch of wireless networks are discovered so here are the various ssids or mac addresses of the wireless networks i'll make this a little bit smaller and as you can see at the bottom here various stations have been discovered i've made the font really small i'll press ctrl c to cancel that so ctrl c to break and i'll zoom in the network that i'm

interested in is this network tp-link f3fc notice it's using channel 2 and that's the mac address of the access point so you're going to want to take a note of that i've added that information to my script so channel is to bssid is that scrolling up we can see once again channel is two for this access point mac address is that i'll clear the screen and what you could do is use the command sudo arrow dump ng dash d and the mac address to display only that access point so we can see the bssid we

can see how many beacons are being sent we can see the essid or the name that we as a human would use now i could use a phone as an example to connect to that network so i'll connect to that network and hopefully what we'll see is that our client has connected and there you go we can see that this client has connected to that network okay so i'm going to cancel that and we're going to use the command sudo arrow dump ng dash w this is the name of the file that we're gonna store

the captures in so i'm gonna store the cap file as an example to open with wireshark in a file called hack one the channel that we're gonna attack is two the bssid that we're gonna attack is this and the interface we're gonna use is wlan zero mon so in one window open that up and then in a second window de-authenticate clients from the network so just before i press enter at the moment notice we haven't got anything displayed here we haven't captured the four-way handshake but as soon as i de-authenticate clients and this d auth

zero means we're not going to stop the number of d authentications used against that access point notice a whole bunch of de-authors sent on my phone it's moved from one access point to the other i'll try and connect back to the tp-link network and hopefully what we should see is that a four-way handshake is captured okay so there you go you can see the wpa handshake was captured client is not able to connect to the network but we captured the handshake control c allows me to stop this process so you could simply use that script

as an example to de-authenticate everyone off a network if you wanted to so that's another attack you could do a denial of service attack against an access point just to stop anyone connecting to it but in this example if i type ls what you'll notice is we've got this hack file captured and what i could do now is use wireshark to open up that cap file so a whole bunch of information has been captured but i'm going to search for the handshake and notice here we can see message one message two message three message four

so we've captured the wpa four-way handshake we had some additional messages but here's the full four-way handshake between a tp-link device and my iphone so you could open up the wireshark capture and have a look but notice in message 2 we see wpa key data sent from the iphone to the tp-link access point and that's what we want to crack so the iphone is sending authentication information to the access point we're capturing that and that's what we're going to decrypt okay so i'll close that down now at the moment the wi-fi interface is still in

monitor mode so what i'll do is stop monitor mode iwconfig shows me that the interface is back in managed mode be aware that when you put an interface into monitor mode it'll break your internet connection you won't be able to use that interface for connections onto the internet or other places because it's monitoring traffic another reason to use a vm preps is in this example i've got two network adapters the kali linux virtual machine is actually using the wi-fi adapter of windows to give it internet connectivity but the external alpha adapter is in monitor mode

okay so let's clear the screen so alice once again shows me the files hack 0 1 cap is the file that we want to use for cracking and to do that we're going to use this command a crack ng hack 1 0 1 cap and the word list that i'm going to use is stored in user share word list rock u so just to show you what that is if i go to user share word lists various word lists are stored in this directory in cali you can actually just search for word lists and it

will show you the various word lists available in cali and one of those is the rock you file now this needs to be unzipped so you can use gzip to unzip it and that's what i've done here i showed you how to do that in this video so have a look at that video if you want to see how to unzip the file and use that word list but that's the word list that i'm going to use so let's try and crack that password with the word list and there it is the password that i

used was hello hello now you might say well david that password is too simple this is just for demonstration purposes the rock u word list has millions of passwords in it actual passwords used by people so what i did is just find a password in that word list and i configured this tp-link network with that password in separate videos such as this one i showed you how to use a gpu to crack a non-standard password i'll also create additional videos where i use a very powerful gpu to crack wpa pre-shed keys that are non-standard passwords

but in a lot of cases people use passwords stored in the rock u word list just because people are supposed to do something doesn't mean that that's what they do hopefully you're using a much better password than something simple like this but this is a password in the rocky word list for this demonstration i once again configured that tp link router behind me with this password so you can see this network has this password this is the password of the 5g network but that password i cracked using a gpu in two minutes as an example

so a password like that could be cracked you should be using very long passwords so try and use very long passwords with a mix of characters that makes it really really difficult and almost impossible to crack if your passwords are very long and they're a mix of a whole bunch of characters okay but there you go i've now shown you how to discover wi-fi networks how to select one to attack how to implement an attack to disconnect clients from that wi-fi network so that you can capture the four-way handshake and then i showed you how

to crack the four-way handshake there are better ways for instance using a gpu and hashcat to crack pre-shed keys but again i've shown you that in a separate video i'm david bomble hope you enjoyed this video if you did please like it please consider subscribing to my youtube channel and clicking on the bell to get notifications i want to wish you all the very best you