Network Pentesting Gaining Access 1 PDF
Network Pentesting Gaining Access 1 PDF
Network Pentesting Gaining Access 1 PDF
encrypted networks
Everything we have learned so far we can do it without
having to connect to the target network.
We can get more accurate info and launch more effective
attacks if we can connect to the target network.
If its an open network then we can just connect to it without
a password and proceed to section 3.
Problem is if the target network uses a key , ie: if it uses
some sort of encryption.
Gaining Access to
encrypted networks
We shall use a tool called wash to scan for WPS enabled APs
> wash -i [interface]
Ex: wash -i mon0
Then we are going to use a tool called reaver to brute force the WPS ping and
calculate the WPA key
Conclusion:
To crack a WPA/WPA2 AP with WPS disabled we need two
things:
1. Capture the handshake.
2. A wordlist
Cracking WPA/WPA2
Conclusion:
To crack a WPA/WPA2 AP with WPS disabled we need two
things:
1. Capture the handshake.
2. A wordlist
Cracking WPA/WPA2
Capturing the handshake
Handshake packets are sent every time a client associates with the
target AP. So to capture it we are going to :
1. Start airodump-ng on the target AP: