Cracking WPA2

I have a wireless WPA2 network and I decided to test the security of it using the aircrack-ng suite.

airmon-ng worked great with the following syntax:
airmon-ng start wlan0 6Cracking WPA2

wlan0 is the interface, and 6 is the channel

Then I was able to capture packets.
I found that entering the key to the wireless network before someone associates with it (so the handshake is captured by wireshark) was vital. It took a couple times for the decryption process to work. I had to keep playing with it. I then started to want to kick off clients on my network so I could get them to re-associate with the network, so I could decrypt the traffic.

The standard command to use is:
aireplay-ng -0 24 -a 02:62:1F:52:7D:3D -c 08:ED:B9:98:00:77 mon0 –ignore-negative-one
-a is the bssid(mac) of the AP
-c was the mac of the client
mon0 was the interface
and since when I did airmon-ng to channel 6 it seems the channel is listed as -1, so use the –ignore-negative-one option as I know what channel it is locked on to.

Problem I found this did not de-authenticate the clients I wanted it to. I would deauth a bunch of times, then on the machine I was surfing the net like normal.

I found that the following trick de-authed ALL clients 🙂
aireplay-ng -0 24 -a 02:62:1F:52:7D:3D -c 00:00:00:00:00:00 mon0 –ignore-negative-one

Using this technique should allow you to mass de-auth clients.
Enjoy!

Leave a Reply