The WLAN Security Megaprimer from

WLAN Security Megaprimer Part 26: Cracking WPA/WPA2-PSK With Just The Client

In this video, we will pick from where we left out and actually crack a WPA2-PSK network using just a client.

We first run airodump-ng to find a roaming client and a SSID it has stored in the preferred network list and it is probing for. We find an iPhone probing for a "Wireless Lab" network. We immediately setup an Open/WEP/WPA/WPA2 network with the same SSID on the same channel. Its not long before our victim connects to our network. Unfortunately, as we do not know the WPA2-PSK passphrase for the "Wireless Lab" network, the client sends a De-authentication packet and disconnects. However, this does not happen before it exchanges the first 2 packets in the WPA-Handshake. From previous videos, we know that with just packet 1 and 2, we can launch a Dictionary attack on PSK. We do just this and within minutes the WPA2-PSK key is revealed.

Video Player should be visible here. If not, install / upgrade flash

Have any Questions? or would like to add a point?

Visit the video page on SecurityTube to post your questions and comments :