WLAN Security Megaprimer Part 26: Cracking WPA/WPA2-PSK With Just The Client
In this video, we will pick from where we left out and actually crack a WPA2-PSK network using just a client.
We first run airodump-ng to find a roaming client and a SSID it has stored in the preferred network list and it is probing for. We find an iPhone probing for a "Wireless Lab" network. We immediately setup an Open/WEP/WPA/WPA2 network with the same SSID on the same channel. Its not long before our victim connects to our network. Unfortunately, as we do not know the WPA2-PSK passphrase for the "Wireless Lab" network, the client sends a De-authentication packet and disconnects. However, this does not happen before it exchanges the first 2 packets in the WPA-Handshake. From previous videos, we know that with just packet 1 and 2, we can launch a Dictionary attack on PSK. We do just this and within minutes the WPA2-PSK key is revealed.
Have any Questions? or would like to add a point?
Visit the video page on SecurityTube to post your questions and comments : http://www.securitytube.net/video/1921