LogoLogo
  • 🤩Welcome!
  • Buffer overflow
    • Remote Buffer Overflow
      • Crashing the Application
      • Controlling the EIP
      • Finding Bad Characters
      • Finding a Return Address
      • Generating Shellcode
      • Getting a Shell
  • Wireless Penetration Testing
    • Wifi Pineapple - Tetra
      • Setup
      • Firmware Upgrade
      • Capturing Wireless Handshake
      • Cracking WPA2 Handshake
      • PineAP
      • Modules
  • PortSwigger Labs
    • Authentication
      • Username enumeration via different responses
      • Username enumeration via subtly different responses
      • Username enumeration via response timing
  • TryHackMe
    • 🎄Advent of Cyber 3 (2021)
      • [Day 1] Save The Gifts
      • [Day 2] Elf HR Problems
      • [Day 3] Christmas Blackout
      • [Day 4] Santa's Running Behind
      • [Day 5] Pesky Elf Forum
      • [Day 6] Patch Management Is Hard
      • [Day 7] Migration Without Security
      • [Day 8] Santa's Bag of Toys
      • [Day 9] Where Is All This Data Going
  • Google Cloud Computing
    • ☁️Cloud Computing Fundamentals
      • Getting Started with Cloud Shell and gcloud
      • Creating a Virtual Machine
      • App Engine: Qwik Start - Python
      • Cloud Functions: Qwik Start - Command Line
      • Kubernetes Engine: Qwik Start
      • Set Up Network and HTTP Load Balancers
Powered by GitBook
On this page
  • Recon
  • Scanning
  • Targetting
  • Target Network
  • Attacking
  • Launching Attack
  • Live Attack (On client)

Was this helpful?

  1. Wireless Penetration Testing
  2. Wifi Pineapple - Tetra

Capturing Wireless Handshake

This section covers how a wireless handshake can be captured via the deauth method

PreviousFirmware UpgradeNextCracking WPA2 Handshake

Last updated 3 years ago

Was this helpful?

Like every other penetration test, this starts with recon too! The first step to the attack would be to identify our "target". In this case, I will be attacking my own network.

Recon

Like every other penetration test, this starts with recon too! The first step to the attack would be to identify our "target". In this case, I will be attacking my own network.

Scanning

  • Access the Recon Tab

  • Setup Scan Settings and Run Scan

  • Running Scan

Targetting

Once the scan is left to run for a short period of time, multiple targets should start popping up (As seen below). All these networks are the ones that are in the range of the Wifi 🍍.

Target Network

Here's my network which I'm gonna be attacking! (shown below)

It's evident that one client is currently authenticated with the network. The MAC address of the client is shown right below the router's MAC.

Attacking

Now that we have our target and have verified that there are clients connected to it, we can conduct a deauth attack on the network and listen for handshakes destined to the network. Deauthenticating clients from a network will force them to reconnect to it. While the reconnection is happening, we would be able to sniff and capture the handshake which we can then use to crack :)

Launching Attack

  • Hit the dropdown on the security tab

  • Hit Start Capture

  • Hit Deauth

  • Successful Capture of handshake

At this point, we have obtained a capture of the handshake which can then be used to crack the Pre-Shared Key (PSK) of the network with a trusty wordlist.

Live Attack (On client)

This is what the client would witness when the attack is underway. Most of the time we wouldn't even notice this happening when we are out and about, going through our regular day.

Mobile

Desktop