Técnicas para capturar un Handshake A continuación, se representan distintas técnicas con el propósito de capturar un Handshake de la red fijada como objetivo. Ataque de deautenticación dirigido ...

WEP Fake Authentication Attack # Monitor Mode airmon-ng start wlan0 # Capturing Traffic airodump-ng –c <Canal_AP> --bssid <BSSID> -w <nombreCaptura> wlan0mon # Identifying our ow...

Basics WPA Enterprise uses Extensible Authentication Protocol (EAP) Authentication is done using a Remote Authentication Dial-In User Service (RADIUS) server. Authentication to a RADIUS serv...

Attacking Captive Portals Captive portals are often set up on unencrypted or open networks to allow guests or employees to easily connect to the network or Internet, sometimes without credentials. ...

A rogue AP is an AP in use that has not been authorized by a local network administrator. This could take the form of an AP plugged into a network without the administrator’s knowledge. Creating a...

WPS WPS makes configuring new devices easier for users with little networking or security knowledge. For the most part, all they have to do is input a PIN code or push a button. Method to authent...

John The Ripper The rules to mutate passwords are in /etc/john/john.conf Rule to add 2 and 3 numbers at the end of the password: $[0-9]$[0-9] $[0-9]$[0-9]$[0-9] Use –rules with jo...

Hashcat Hashcat is a password cracking tool that was developed to primarily operate on systems with Graphical Processing Units (GPUs) from NVIDIA, AMD, and Intel. A utility that is specifically r...

Methodology First, we’ll need to capture a handshake. Next, we will make a guess at the passphrase and send that guess into the hash function. We will then compare the output from the hash ...

Airolib-ng Airolib-ng is a tool designed to store and manage ESSID and password lists, compute their Pairwise Master Keys (PMKs) and use them in WPA/WPA2 cracking through sqlite3. # create a text...