Forum Thread: Can We Use the Same Aireplay-Ng Exploit That We Use to Crack Wep on a Wpa/wpa2

Just Wondering

3 Responses

Wep uses weak IV keys and is pretty much guaranteed breakable at this point given enough collection. With WPA/WPA2 you want to try to capture the handshake between the client and the base. With this packet you can brute force the passphrase. Takes some work and tweaking of wordlists to get good results. It basically goes like this: Airmon->Airodump(Capture). Then Aireplay -b BSSID --deauth wlan0mon... Thats when you hope the client tries to reconnect and you can capture the handshake. You could also setup a fakeAP and bump the authentic one away trying to coax the client to authenticate to you. Last step is to run the capture through john/oclhashcat. There is plenty of tutorials around but this is what I can remember from back when.

thank you both

Share Your Thoughts

  • Hot
  • Active