Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Kali Linux: Wireless Penetration Testing Beginner's Guide, Second Edition

You're reading from   Kali Linux: Wireless Penetration Testing Beginner's Guide, Second Edition Master wireless testing techniques to survey and attack wireless networks with Kali Linux

Arrow left icon
Product type Paperback
Published in Mar 2015
Publisher Packt
ISBN-13 9781783280414
Length 214 pages
Edition 2nd Edition
Arrow right icon
Authors (2):
Arrow left icon
Vivek Ramachandran Vivek Ramachandran
Author Profile Icon Vivek Ramachandran
Vivek Ramachandran
Cameron Buchanan Cameron Buchanan
Author Profile Icon Cameron Buchanan
Cameron Buchanan
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Wireless Lab Setup FREE CHAPTER 2. WLAN and its Inherent Insecurities 3. Bypassing WLAN Authentication 4. WLAN Encryption Flaws 5. Attacks on the WLAN Infrastructure 6. Attacking the Client 7. Advanced WLAN Attacks 8. Attacking WPA-Enterprise and RADIUS 9. WLAN Penetration Testing Methodology 10. WPS and Probes A. Pop Quiz Answers Index

AP-less WPA-Personal cracking


In Chapter 4, we saw how to crack WPA/WPA2 PSK using aircrack-ng. The basic idea was to capture a four-way WPA handshake and then launch a dictionary attack.

The million dollar question is: Would it be possible to crack WPA-Personal with just the client? No access point!

Let's revisit the WPA cracking exercise to jog our memory:

To crack WPA, we need the following four parameters from the four-way handshake—Authenticator Nounce, Supplicant Nounce, Authenticator MAC, and Supplicant MAC. Now, the interesting thing is that we do not need all of the four packets in the handshake to extract this information. We can get this information with four packets; packets 1 and 2 or just packets 2 and 3.

In order to crack WPA-PSK, we will bring up a WPA-PSK Honeypot and, when the client connects to us, only Message 1 and Message 2 will come through. As we do not know the passphrase, we cannot send Message 3. However, Message 1 and Message 2 contain all the information required...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime