Description: Welcome to Part 26 of the WLAN Security Megaprimer! Please start this series by watching Part 1 http://www.securitytube.net/video/1756, if you have not done so already.
In this video, we will pick from where we left out and actually crack a WPA2-PSK network using just a client.
We first run airodump-ng to find a roaming client and a SSID it has stored in the preferred network list and it is probing for. We find an iPhone probing for a "Wireless Lab" network. We immediately setup an Open/WEP/WPA/WPA2 network with the same SSID on the same channel. Its not long before our victim connects to our network. Unfortunately, as we do not know the WPA2-PSK passphrase for the "Wireless Lab" network, the client sends a De-authentication packet and disconnects. However, this does not happen before it exchanges the first 2 packets in the WPA-Handshake. From previous videos, we know that with just packet 1 and 2, we can launch a Dictionary attack on PSK. We do just this and within minutes the WPA2-PSK key is revealed.
Enjoy! and do leave your comments behind!