Monday, October 17, 2016


3.8 - Automating attacks against WPA/WPA2

- Previously introduced Gerix Wifi Cracker software helps to automate attacks against Wi-Fi encryption, both for WEP and WPA/WPA2 versions.

- For starting Gerix from the "kali" command shell:

- Gerix is launched:

In this practice the AP will be set to WPA2 with AES-CMMP encryption, being the key A54321z$:

- Clicking the Configuration tab:

- The option Enable/Disable Monitor Mode creates the virtual mon0 attached to the physical interface wlan0:

Gerix includes a small real-time log that informs the user about the performed actions:

- One good practice from the attacker's point of view is to change the MAC address, with the purpose of covering tracks of the attack. The option Set random MAC address does the trick:

- Next, Gerix is forced to scan available networks in the sorroundings:

- As usual, the "spaniard" network is choosen for being attacked:

Clicking the WPA tab, the WPA attack is started. The functionality Start Sniffing and Logging is enabled:

- Gerix detects the "spaniard" network, with MAC address 00:25:F2:9B:91:23 , using WPA2-CCMP encryption. Also, the client "roch" whith MAC addresss 28:C6:8E:63:15:6B is detected:

Because it is necessary to capture some packets from the WPA handshake process, a deauthentication set of messages needs to be sent to the victim, which MAC address is introduced:

- The deauthentication process starts:

aireplay-ng sends 4 packets directed to the victim, "roch":

For starting the bruteforce cracking attack, a dictionary is added: diccionario.txt

- The attack is launched clicking the tab Aircrack-ng - Crack WPA password:

After 2 minutes and 13 seconds, the key is found: A54321z$