GenCyber_WEP_cracking (2).docx 1 of 13 Wireless System Administration Wireless Security Audit Tools - WEP/WPA cracking Goal: In this lab you will explore wireless security tools on the Kali suite. These tools will be an introduction to WEP and WPA security.
13
Embed
Wireless System Administration Wireless Security Audit Tools - WEP ...
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
GenCyber_WEP_cracking (2).docx
1 of 13
Wireless System Administration
Wireless Security Audit Tools - WEP/WPA cracking
Goal: In this lab you will explore wireless security tools on the Kali suite. These tools
will be an introduction to WEP and WPA security.
GenCyber_WEP_cracking (2).docx
2 of 13
1 Gather and organize
1.1 Gather required equipment:
• Alfa AWUS036NH
• Linksys WRT54GL or other Access point capable of being configured for both WEP and
WPA security
• Kali Linux on raspberry pi
• Wireless client (a smartphone works well)
2 Setup - Kali
In this section you will start Kali linux on your raspberry pi with the Alfa wireless adapter
attached. This is your “attacking” station.
2.1 Kali
Boot into Kali
2.2 Network Manager
Stop Network Manager - kill it with fire:
# service network-manager stop
2.3 Monitor Mode - airmon-ng
In this section you will place your raspberry pi into monitor mode using airmon-ng. Use man
airmon-ng to find the correct commands.
1. List and kill all possible programs that could interfere with the wireless card when
placing it into monitor mode.
2. Determine your external (USB) Alfa wireless interface:
# iwconfig
GenCyber_WEP_cracking (2).docx
3 of 13
3. Put your external (USB) Alfa wireless interface into monitor mode using airmon-ng.
(Hint: the command used is very similar to the one we used
the earlier this week to scan the wireless)
Note: channel number in the command is going to be the same
channel listed on top of the Linksys AP your are using.
Normally you would perform scans of the wireless
environment to do this yourself, but for time we are
providing the channel for you.
After running the command in step 3 you should have a new monitoring interface.
4. Determine your new wireless interface:
# iwconfig
Note: new interface is usually indicated by wlanXmon from
the iwconfig output. X would be the interface number from
the previous iwconfig output
3 Monitor mode - testing
Testing Monitor mode
Scenario: Making sure the “attacking” station (you raspberry pi) wireless card is in monitor
mode.
3.1 Wireshark
Use wireshark to test your wireless card.
Browse to the wireshark application under Applications >> 09 – Sniffing & Spoofing >>
wireshark
GenCyber_WEP_cracking (2).docx
4 of 13
Select the new monitor interface you created in the previous section. Click on the blue fin in the
top left corner of the application in order to start capturing packets on the monitor interface.
You should be able to see traffic that is produced by devices using the channel you set in the
previous section. This is traffic that is not generated by you raspberry pi. However, most of this
traffic is encrypted and cannot be viewed in plain text currently. You can close wireshark after
this test.
3.2 airodump-ng
Start airodump to take a basic site survey
# airodump-ng newInterface
Look for your ESSID, and verify that it is indeed running WEP
Using ctrl+c will send a break command to the program and end the program when you are
finished.
GenCyber_WEP_cracking (2).docx
5 of 13
3.3 Capture
Try to capture just the channel and look for just WEP encrypted networks