Monitor mode is same as promiscuous mode in wired sniffing. Now we are going to start monitor mode on our wireless interface. We can see that we have a wireless interface wlan0. It lists your wireless interfaces just like ifconfig shows wired interfaces. Once you have booted into Kali Linux, open terminal and type command “ iwconfig”. I am running Kali Linux in live USB mode as my laptop has Atheros adapter. ( For this howto, if you are running Kali Linux in Vmware or Virtualbox you need to have a compatible wifi usb adapter). For this howto, I am going to use Kali Linux.
So, today we are going to see WPA/WPA2 password cracking with aircrack. They are by far considered most secure for Wifi networks. Both can be configured to use counter cipher block chaining mode(CCM) though. The only difference between WPA and WPA2 is that they use Rivest Cipher(RC4) and Advanced Encryption Standard(AES) encryption algorithms respectively. Both WPA and WPA2 use temporal key integrity protocol(TKIP) for encryption and pre-shared key(PSK) authentication. WPA uses 128 bit key and 48 bit initialization vector while WEP uses 108 bit key with 24 bit initialization vector. It eliminates all known vulnerabilities in WEP(Wired Equivalent Privacy). It is an encryption system to secure WLAN networks.
This is a tutorial on how to crack WPA WPA2 with aircrack. This attack can be started as shown below. It is all these new IVs which allow you to determine the WEP key. However, each ARP packet repeated by the access point has a new IVs. The program retransmits the same ARP packet over and over.
This, in turn, causes the access point to repeat the ARP packet with a ne- w IV. The program listens for an ARP packet then retransmits it back to the access point.
The classic ARP request replay attack is the most effective way to generate new initialization vectors (IVs), and works very reliably. One such method is ARP request replay attack. It has various methods of creating additional traffic. A feature of aircrack-ng, aireplay-ng helps us to create more traffic. Since I need more traffic to crack the WEP password fast, I can use some Jugaad to create more traffic. Just remember the more IV’s we have, the more the chances of cracking the WEP password. How? As I already told you, I will not tell you the technical jargon of this article for now. This initialization vectors play a key role in cracking the password of this Wi-Fi access point. What I am looking for is the initialization vectors that are used in cracking WEP. All the traffic belonging to the Wi-Fi access point hack me if you can will be saved in the file wep_hc_crack.cap. In the above image, you can see the clients connected to the targeted Wi-Fi Access point.