I wish to start off this tutorial by saying this: Only do this on devices you OWN or have EXPRESS PERMISSION from the owner to do so on. Attempting this on devices that you don’t own is illegal in most countries around the world!

So, this is part 1 of my tutorial on Pwning a network using Kali Linux.

For this part of the tutorial, your going to need a computer containing a wireless chipset capable of injection while in monitor mode, with Kali Linux installed. Your also going to need a Windows partition, since that is where I will be doing the GPU heavy work. (Driver issues)

Here is the page provided by aircrack-ng on hardware that can be used for this tutorial.

So, once you have everything you need installed and set up, open up your Terminal

1

and run airmon-ng

2

As you can see, I currently have wlan1 – this is my network card running in normal mode.
Next you should run airmon-ng start wlan1 (Replace wlan1 with whatever it is on your computer!)

3

You can see I now have wlan1mon [This is my monitor interface] (It’s broken in two, because of the size of my console). It also says Monitor mode was enabled – This is what we want. Make sure you kill the processes it shows to you, or you can encouter errors later on.

Kill 683 793 1045 1046

Next, you need to run airodump-ng [monitor interface] and and you will see this:

4_alt

This is a list of all the networks near you, and what clients it can see are connected to them – plus some that are connected, but we can’t see to what network – it’s probably out of range.

Now, we want to attack Hacking_Example – so lets’ take note of the BSSID and the Channel it is running on – 00:1C:10:BC:4A:77 and Channel 6. (For the purposes of this guide, TKIP vs CCMP won’t make a difference.)

So let’s start sniffing that network specifically:

airodump-ng -c [channel] –bssid [bssid] -w /root/Desktop/ [monitor interface]

5

As you can see, there is a client connected to this network – this is ideal, since we can trick it into reconnecting and giving us the information we need. If there isn’t any clients connected, you should wait until a client connects naturally – Think about when that is likely to happen, and come back then. For example, lets say the household has children, come back right about when school lets out, and monitor. Chances are, one of them has a phone that will connect as they walk in the door.

Since we have a client, the next step is to run this command in a NEW terminal:

aireplay-ng –0 2 –a [router bssid] –c [client bssid] [monitor interface]

6

7
As you can see, we now have a WPA Handshake in the top of the first terminal.
At this point, you can close both terminals, copy the files that were created on your desktop to a USB device or directly to your Windows Partition, as well as copying rockyou.txt from /usr/share/wordlists to your Windows, and Reboot to Windows.

Once your in Windows, feed the .cap file to https://hashcat.net/cap2hccap/ – This will convert your capture file to one that the tool we will be using can use.

If you have an nVidia Video Card, download oclHashcat for nVidia, Same with AMD users.
https://hashcat.net/oclhashcat/

It will give you back a file, a random name, with the extension hccap – rename this to somthing that makes sense, and put it next to your copy of oclHashcat. In my example though, I will be keeping the file up one directory, as I also have my dictionaries in their own directory.

8

9

If you look closely, you can see I used a very weak passwork for this – security1. Most cracks will take MUCH longer, since they won’t generally use weak passwords like this, though sometimes you could get lucky. To give you an idea, rockyou.txt is the most basic wordlist you should have at your disposal – You should look around and get more as many as possible. (I have a 12GB wordlist, and it still doesn’t work reliably.) As always, Google is your Friend.

From here you can connect to the network and tell them (you asked, right?) that they should change their password to a long, non-word-containing password, with numbers and symbols. The longer the better – I can brute force any password that is 10 or fewer characters in less than a day with my Desktop.

Next time, I will be using Kali to break into a computer running Windows XP – Update People!

Also, you guys should check out This website!