Wireless Hacking is more efficient if we know the plot or attack flow of your target. There are a lot of wireless hacking tools, they stand for particular exploit and method though. Because nowadays I could not find a one package or framework which is able to hack wireless on all vulnerabilities. We could not just fire random tool to hack the target, right? we need to gain some detail information about target and it’s vulnerabilities. Some tools you may familiar with, to audit or scan target is port scanning using NMap. Nmap is great, it is used for various target from target next to you until other side of the world you’ve never see. But, Nmap only does reconnaissance, for some action you need additional tool to launch attack, Metasploit is the one most popular.
Today i introduce you a tool which is has a rich features, it is AIRGEDDON. Airgeddon is written in bash and multi-use for Linux system to audit wireless networks. Airgeddon is developed by V1s1t0r1sh3r3, thanks to this dude for his great works. You could find his airgeddon project on Github. Alright let’s jump into tutorial.
As listed on airgeddon wiki features page, it has rich features which is hit every kind of attack, such :
- Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing
- DoS over wireless networks using different methods
- Handshake file capturing
- Cleaning and optimizing Handshake captured files
- Offline password decrypting on WPA/WPA2 captured files (dictionary, bruteforce and rule based)
- Evil Twin attacks (Rogue AP)
- Only Rogue/Fake AP version to sniff using external sniffer (Hostapd + DHCP + DoS)
- Simple integrated sniffing (Hostapd + DHCP + DoS + Ettercap)
- Integrated sniffing, sslstrip (Hostapd + DHCP + DoS + Ettercap + Sslstrip)
- Integrated sniffing, sslstrip2 and BeEF browser exploitation framework (Hostapd + DHCP + DoS + Bettercap + BeEF)
- Captive portal with “DNS blackhole” to capture wifi passwords (Hostapd + DHCP + DoS + Dnsspoff + Lighttpd)
- WPS scanning (wash). Self parameterization to avoid “bad fcs” problem
- Custom PIN association (bully and reaver)
- Pixie Dust attacks (bully and reaver)
- Bruteforce PIN attacks (bully and reaver)
- Parameterizable timeouts
- Known WPS PINs attack (bully and reaver), based on online PIN database with auto-update
- Integration of the most common PIN generation algorithms
- WEP All-in-One attack (combining different techniques: Chop-Chop, Caffe Latte, ARP Reply, Hirte, Fragmentation, Fake association, etc.)
- Compatibility with many Linux distributions (see Requirements section)
- Easy targeting and selection in every section
- Drag and drop files on console window for entering file paths
- Dynamic screen resolution detection and windows auto-sizing for optimal viewing
- Controlled Exit. Cleaning tasks and temp files. Option to keep monitor mode if desired
- Multilanguage support and autodetect OS language feature (see Supported Languages section)
- Help hints in every zone/menu for easy use
- Auto-update. Script checks for newer version if possible
- Docker container for easy and quick deployment
- Http proxy auto detection for updates
CRACK ENCRYPTED WPA/WPA2 WIFI PASSWORD USING AIRGEDDON
In this tutorial i will explain steps from installing to cracking the WPA/WPA2 from captured handshake file.
STEP 1 INSTALLING
Download the airgeddon package from github
git clone https://github.com/v1s1t0r1sh3r3/airgeddon
STEP 2 ALLOW PERMISSION
Enter the airgeddon folder and find the launcher, its airgeddon.sh
cd airgeddon/ && chmod +x airgeddon.sh
STEP 3 CHECK DEPENDENCIES
First time run, airgeddon will do check our operating sytem, root access, necessary tools or packages and the update check. You need to install the missing packages in order to make airgeddon running well. Now, launch the airgeddon.sh.
STEP 4 INSTALL MISSING TOOLS
I have 4 missing optional tools on my kali linux, it’s could be different to your kali. I then open a new terminal and install those packages by run this command:
apt install isc-dhcp-server hostapd lighttpd bettercap
STEP 5 RUN AIRGEDDON
Comeback to airgeddon terminal window and hit Enter, airgeddon will detect our wire/less interfaces.
STEP 6 SELECT INTERFACE
Select your desire network interface by hit its number on list. I chose wlan1 on list 3.
STEP 7 CHANGE TO MONITOR MODE
Here you will bring into airgeddon mainmenu, choose option 2 to put interface in monitor mode.
STEP 8 CAPTURE HANDSHAKE
First we i want to capture some handshake, choose options 5. Now you will bring to handshake menu. Choose option 4 to explore and select the target wifi. After that you will be asked to choose whether using aireplay or mdk method to deauth clients to get the handshake. I choose aireplay. When you get the handshake back to the main menu.
STEP 9 CRACK WPA/WPA2
From the main menu choose option 6. Offline WPA/WPA2 Decrypt menu. Then choose option 1. Enter the path of wordlists file, i use the built in kali wordlists, rockyou.txt.
And wait until the key found as seen image below. Violaa, we got the WiFi Password.
And heres come the conclusion. Airgeddon has a lot features which you can explore by your self. What we have done here is just cracked the encrypted WPA/WPA2 wifi password. The main key to succces of cracking is about having a powerful dictionary files.