Hacking WPA/WPA2 Without Dictionary Using Fluxion
Getting the script
Getting the script is just a matter of cloning the github repository. Just use the git command line tool to do it.
git clone https://github.com/deltaxflux/fluxion
If you have any problems with this step, then you can just naviagate to the repostitory and manually download the stuff.
Running the script
Just navigate to the fluxion directory or the directory containing the scripts in case you downloaded them manually. If you are following the terminal commands I’m using, then it’s just a simple change directory command for you:
Now, run the script.
If you have any unmet dependencies, then run the installer script.
Once again, type the following:
For the wireless adapter, choose whichever one you want to monitor on. For the channels question, choose all, unless you have a specific channel in mind, which you know has the target AP.
Then you will see an airodump-ng window (named Wifi Monitor). Let it run while it looks for APs and clients. Once you think you have what you need, use the close button to stop the monitoring.
You’ll then be prompted to select target.
Then you’ll be prompted to select attack.
Then you’ll be prompted to provide handshake.
If you don’t have a handshake captured already, the script will help you capture one. It will send deauth packets to achieve that. Handshake is required further to verify the password.
Getting my wireless network’s password by fooling my smartphone into connecting to a fake AP
The real stuff begins!
This section is going to be a set of pictures with captions below them explaining stuff. It should be easy to follow I hope.
external wireless card, but my laptop’s internal card. However, some internal cards may
cause problems, so it’s better to use an external card (and if you are on a virtual machine
you will have to use an external card).
is connected to.
to that handshake and the script will use it. Otherwise, it will capture a handshake
in the next step for you.
tool to use to do that. I’m go with aircrack-ng.
there, then you have the handhake), then type 1 and enter to check the handshake. If everything’s fine,
you’ll go to the next step.
the usual bruteforce attack that most tools use (and thus no use to us, since that’s
not what we are using this script for).
WPA network’s password. I went with the first choice.
left two windows, while the right two are status reporting window and deauth window (to get users
off the actual AP and lure them to our fake AP)
On clicking that, I found this page. For some people, you’ll have to open your browser and try to open a website (say facebook.com) to get this page to show up. After I entered the password, and pressed submit, the script ran the password against the handshake we had captured earlier to verify if it is indeed correct. Note how the handshake is a luxury, not a necessity in this method. It just ensures that we can verify if the password submitted by the fake AP client is correct or not. If we don’t have the handshake, then we lose this ability, but assuming the client will type the correct password, we can still make the attack work.
We successfully obtained the password to a WPA-2 protected network in a matter of minutes.
Since fluxion and Kali both are constantly evolving (you might be using a different rolling release of Kali, as well as a different version of Fluxion. There are times when the tool break, and there’s an interval of time for which it stays broken. Look at the issues page, and you will most probably find a fix for your problem. Note that the issue may as well be in closed issues (it would most probably be in closed issue).
For those who are able to follow the guide to the second last step, but don’t get any Login page on their device, this issue suggests a solution.