Brute Force Attack
Brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization’s network security.
Brute Force Attack on Wireless Network project done by ICSS Student Debshubra Chakraborty. Here discussed the full process below.
Project Name: Brute Force Attack on Wireless Network without Using Wordlist
Author Name: Debshubra Chakraborty
Publish Date: 06-08-2018
CONTENT:
- Introduction
- Scan for Available Wireless Networks
- Generating the Capture File
- Getting WPA Handshake
- Cracking Password by Brute Force Attack (Using Wordlist)
- Cracking Password by Brute Force Attack (Without Using Wordlist)
- Solutions and Recommendation
Introduction
According to the Algorithm or Procedure of hacking a Wi-Fi Router we need to generate a Capture file Ex: a-01.cap, this capture file Hold the actual Password of the Wi-Fi Router when we get the WPA Handshake. The Password in the capture file is in Encrypted form, and it can’t be Decrypt. All we can do is to generate Random Passwords, Encrypt the Passwords and we can compare it with the Password which is in Encrypted form in the capture file. If the two Encrypted Passwords match then we can easily find the Password in Decrypt form. In this scenario we need a Wordlist, It’s a word file full of random generated passwords. In a Brute Force Attack we almost try all the passwords in the wordlist that if they match with the Password in the capture file.
**We Need a NAT (Network Address Translator) to Perform Brute Force Attack
Scan for Available Wireless Networks
First we need to detect the NAT (Network Address Translator) Command: airmon-ng
Then we need to configure the NAT to Monitoring Mode Command: airmon-ng start wlan0
Then we will start Monitoring
Command: airodump-ng wlan0mon
Generating the Capture File:
So, now we are Generating the Capture File Command:
airodump-ng –c 13 –bssid 7E:46:85:5C:CA:8A –w /root/Desktop/a wlan0mon
Now, the Capture File is generated
You can see the .cap file a-01.cap, on my Screen
Getting WPA Handshake:
Now, we need a Data transfer from the Network
Now we are Connected with the network “Strike Rider”
The Data Transfer rate is increasing
And we can also observe it here
Now we just need to DE Authenticate all users from the Network to get the WPA Handshake
Command: aireplay-ng –deauth 13 –a 7E:46:85:5C:CA:8A wlan0mon
And here we get the WPA Handshake
We can see that it get the WPA Handshake, Now we are good to go.
It means the Capture file (a-01.cap) got the Password which is in Encrypted form.
Cracking Password by Brute Force Attack (Using Wordlist)
Now we are generating a wordlist. Ex: b.txt
So, Let’s Start the Cracking
Command: aircrack-ng –b 7E:46:85:5C:CA:8A –w /root/b.txt /root/Desktop/a-01.cap
Here we found the Password as “abcdefgh” which is in the Word list b.txt
Cracking Password by Brute Force Attack (Without Using Wordlist)
Here we don’t have any wordlist
But we can generate a Wordlist using Crunch.
If we get information as the Password is length of 8 and it is a combination of a, c, g, h, b, d, f, e then we can generate a wordlist Command: crunch 8 8 acghbdfe
Here the Crunch is generating a file that contains 16777216 Passwords and the size will be 144 MB.
We can afford the size 144 MB, What we will do if we have no information about the Password?
If we have no information about the Password, and we create passwords of 8
to 16 lengths with using every ASCII key which could be a Password, The
Result will become…..
Command:
crunch 8 16 abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVXYZ
Look the Crunch is generating a file that contains 15019004610786720137 Passwords and the size will be 13339 PB.
We can’t afford the Size 13339 PB, But we can do one thing…..
We can run Brute Force Attack without using wordlist.
In this scenario crunch will generate one Password and it will be compared with the Password which is in the capture file, If the password match crunch will stop else it will generate another Password. Command:
crunch 8 8 acghbdfe | aircrack-ng –b 7E:46:85:5C:CA:8A /root/Desktop/a-01.cap –w-
Look I didn’t give any location of the wordlist, that means I am not using any in this attack.
So, The Password Cracking process is running it will take some time to found the Password. After few Seconds……..
Even in this way we Found the Password same as “abcdefgh”
So, We Found that we can Crack any Password if we set the crunch from 8 to 32 with every ASCII key that can be use as Password. It’s a Time Consuming Process but we will be able to Crack every Password and we can also cross our limitations.
Solutions and Recommendation:
This process of Brute Force Attack can also perform in “John the Ripper” so it’s nearly impossible to stop anyone from cracking a Wi-Fi or some kind of password.
All we can do is to set a Password more than 8 characters and we should also change our Passwords repeatedly in short time intervals. It’s the only way to make your Wi-Fi Router or Any account, lock, etc Safe.
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Amazon Web Services Training in Hyderabad
Amazon Web Services Training in Bangalore
Amazon Web Services Training in Bhubaneswar
Summer Training for CSE, IT, BCA & MCA Students
Network Penetration Testing training
Certified Network Penetration Tester
Diploma in Web Application Security
Certified Web Application Penetration Tester
Certified Android Penetration Tester
Cybersecurity services that can protect your company:
Web Security | Web Penetration Testing
Network Penetration Testing – NPT
Android App Penetration Testing
Other Location for Online Courses: