7. Wireless Attacks

Wireless penetration testing

➡️ A Wireless Penetration Test involves the assessment of a wireless network’s security, including WPA2-PSK and WPA2-Enterprise, by:

• evaluating PSK strength

• reviewing nearby networks

• assessing guest networks

• checking network access to identify vulnerabilities

Tools

• Wireless card (e.g. Alfa ... / Kali compatible adapters)

  • check Best Kali Linux Compatible USB Adapters 2024 – WirelesSHack

• Router

• Laptop

The Hacking process (WPA2 PSK)

➡️ Place

• Place wireless card into monitor mode

➡️ Discover

• Discover information about network - Channel, BSSID, etc

➡️ Select

• Select network and capture data

➡️ Perform

• Perform deauthentication attack (optional)

➡️ Capture

• Capture WPA handshake

➡️ Attempt

• Attempt to crack the handshake to get the password

WPAPS2 Exploit

📌 Check my OpenWrt & WiFi Exploitation home lab done with a TP-Link EAP225 v2 and OpenWrt for a more in depth setup process

Aircrack-ng is a complete suite of command line tools to assess WiFi network security.

• Connect the WiFi adapter to the host computer, and connect to the Kali VM

➡️ airmon-ng

• Place the card into monitor mode

➡️ airodump-ng

• Search the area and discover SSIDs

• Select the network to capture data from

➡️ A Deauthentication (Deauth) Attack is a type of Wi-Fi denial-of-service (DoS) attack where an attacker forcibly disconnects devices from a wireless network by sending fake deauthentication frames to the target device or access point, and capture the handshake when the device re-connects to the Wi-Fi network.

➡️ aireplay-ng

• Perform de-auth attack and capture WPA handshake

➡️ aircrack-ng

• Attempt cracking of the captured handshakes