A weak password is one that is short, common, or easy to guess. Equally bad are secure but reused passwords that have been lost by negligent third-party companies like Equifax and Yahoo. Today, we will use Airgeddon, a wireless auditing framework, to show how anyone can crack bad passwords for WPA and WPA2 wireless networks in minutes or seconds with only a computer and network adapter.
To follow this guide, you'll need a wireless network adapter capable of monitor mode and packet injection. You will also need a computer capable of running VirtualBox, an open-source hypervisor, software that can create and run multiple virtual machines. This should be easy since VirtualBox has downloads for Windows, macOS, and Linux.
You can also download a copy of Parrot Security OS (aka ParrotSec) to run in VirtualBox if you'd like everything to work like in our video guide below. If you want to download the ParrotSec ISO but you'd also like to stay off any NSA lists, you can always use a proxy server to download the image file while hiding your IP address.
If you're already set up on Arch or Kali Linux, you can also install Airgeddon and any dependencies following the directions on GitHub, and then follow along. One thing to note: Airgeddon needs to open other windows to work, so this won't work via SSH (Secure Shell), only VNC (Virtual Networking Computer) or with a screen.
As you can see in the video above, a WPA handshake can be grabbed in seconds, leaving the strength of your password as your last line of defense. If this can't stand up to a reasonable assault, your data is as good as gone if an attacker decides to knock on the door of your network.
If you're looking for some help, there are plenty of ways to prevent yourself from being easy to attack with this method. Never reuse passwords, and always make sure to use secure passwords hackers won't like. Password managers like LastPass also allow you to create and sync secure passwords that are much harder to brute-force. Lastly, never share your Wi-Fi password when you don't need to, and change it regularly if you have to share your password at all.
Thanks for watching, please subscribe to Null Byte on YouTube for more content, and happy cracking!
It’s Black Friday week in the Null Byte shop! If you’ve been wanting to improve your skill set in hacker- and cybersecurity-geared topics such as Python, Raspberry Pi, and Linux, now’s the time. We’ve got huge sales on online courses, and we’ve outlined 13 favorites you won’t want to miss. Check them out!