Next we moved on to the Brute-Force toolkit.
While Reaver kept bombarding WiFi router with continuous retries, Brute-Force captured successful client handshakes from which a LOCK was crafted to be opened by the keys in a dictionary until a match was found. Rather than meddling with the router like forever, the brief encounter ended by a handshake that transcended into a much longer journey of lonely data processing.
The dictionay such as rockyou.txt was a text file that contained commonly-used passwords or combinations of letters and numbers. A good dictionary thus needed to have "ALL" combinations imaginable. Ours contained 144344394 passwords that was a huge list. So an attack of this nature was time consuming. Success was based on computing power and the number of combinations tried rather than an ingenious algorithm.
Having put the 2200mW NextG USB-Yagi TurboTenna into the packet monitoring and injection mode, we opened two command line terminals. One for capturing the handshake data and the other kept provoking for client handshakes.
To launch Brute-Force against WiFi network with <BSSID> 11:22:33:44:55:66 and <ESSID> MyWiFi at channel 2:
airodump-ng -c 2 11:22:33:44:55:66 -w /root/Desktop/MyWiFi wlan0mon
To provoke client handshakes:
aireplay-ng -0 0 -a 11:22:33:44:55:66 wlan0mon
These processes were stopped once a successful handshake was found. KALI Linux has a dictionary residing in /usr/share/wordlists/rockyou.txt.gz
To make sure that we had the latest update and installed the dictionary on Desktop:
apt-get update && apt-get full-upgrade
cd Desktop
gunzip /usr/share/wordlists/rockyou.txt.gz
To try opening MyWiFi-01.cap with keys in the dictionary rockyou.txt:
aircrack-ng -1 rockyou.txt MyWiFi-01.cap
We edited rockyou.txt to put in our password to verify that these processes actually worked. The key was found in seconds!
To edit rockyou.txt:
nano /root/Desktop/rockyou.txt
The verdict #2:
Nothing comes out of nothing. It's a time waster if the key is not there. The best defense is restrict further attempts after a few unsuccessful logins and make the password uncommonly sophicated.
Disclaimer:
The articles herein are intended for experience sharing and IT education purposes. No part of these experiments should be applied to a WiFi network other than your own without consent of your family members.
Copyright ©2025 All rights reserved | TurboTenna is a registered trademark of Datacom Network Ltd.