Demonstrating password strength using Aircrack-ng

This demonstration of cracking WPA or WPA2 passwords using Aircrack-ng is based on the many YouTube tutorials and blogs.

Its purpose is to quickly demonstrate to users how poor passwords are vulnerable. One of they great benefits of using Aircrack-ng in a demonstration is that the user-interface looks just like scene from a movie.

It is important to note that a number of the steps can be completed before the demonstration starts.

Initial requirements for the demonstration
The demonstration uses minimum equipment and is portable.

  • Laptop / PC – ideally with virtualization software
  • Kali Linux (free) and a suitable wifi adapter, such as Alfa AWUS036NEH
  • Safe Wifi hotspot, such as smartphone to attack
  • If you are not using a virtual machine to run Kali, another device to connect to the wifi hotspot

Step 1 – monitor mode
Start by putting the wireless adapter into monitor mode ( monitor mode allows packets to be captured without having to associate with an access point or ad hoc network first).

Command: airmon-ng start wlan0

The adapter might be referred to as something like wlan0mon. To confirm it is in monitor mode, use command iwconfig and check the mode.

Step 2 – display wifi access point in range
Initially set the password for the safe wifi access point to something like testtest or password, which can quickly cracked.

Command: airodump-ng wlan0mon

Note – airodump-ng hops from channel to channel and shows all access points it can receive beacons from.

The upper data block shows the access points found and the lower block shows the clients.  Key fields to note

BSSID The MAC address
PWR Signal strength. Some drivers don’t report it
Beacons Number of beacon frames received.
Data Number of data frames received
CH Channel the AP is operating on
ENC Encryption)
ESSID The network name. Sometimes hidden
STATION The MAC of the client itself
Probes Network names (ESSIDs) this client has probed

Step 3 – capture the handshake and save it to a file called captfile
Consider changing directory to Documents so the captured handshake is saved there.

Command: airodump-ng –bssid [08:86…] -c 6 –write captfile wlan0mon

Note -c is channel
Copy and paste the appropriate details of the safe wifi access point. This is sometimes easier using a separate terminal window.

Initially it will look like the following:

Use host wifi or another device to connect to the safe wifi access point. When airodump-ng captures a handshake the top line changes.

Step 4 – Aircrack-Ng the password
If a single client handshake is captured use

command: aircrack-ng captfile -01.cap -w dictionary_file

If multiple handshakes are captured use

command: aircrack-ng -w dictionary_file -b [mac of client] captfile-01.cap

Note – dictionary_file is the name of the dictionary file. Try rockYou.txt from John the Ripper or a customer dictionary.

You can repeat the process from step 2 with a more complex password to show how much longer a better password takes to crack.


Improving user-generated password strength through education

It is generally accepted that a strong password is better than a weak password, where strength is a function of password length, complexity, and unpredictability. A well educated user should be able to easily create secure passwords.  To try to ensure users select suitably strong passwords many ICT systems force users to create passwords with a minimum length. They often also try to ensure a level of complexity by requiring users to include capital letters, numbers and symbols.

However, most people have numerous of passwords to remember for home and work, so it shouldn’t be a surprise to learn that many people re-use passwords or write them down.  And when users are forced to regularly change passwords, a significant number make minimal changes – Passw0rd01 to Passw0rd02 for example.

The National Cyber Security Centre has published useful guidance on ‘Helping end users to manage their passwords’

Continue reading “Improving user-generated password strength through education”

Why the best policy I have ever seen was written by six year olds

Through a series of workshops, games and discussions the local Beaver and Cub Scouts developed an acceptable behaviour policy. And when written up it was the definition of a policy – a course of action adopted or proposed by a group, organisation or individual.

After a while, many of the Beavers and Cubs moved up or on and the group membership changed. The policy became less effective. This could be partly down to it becoming stale or forgotten, but the group was not the same group that adopted.

In contrast, at work most policies are usually drafted by a small group of specialists or an individual in isolation rather than being developed by all staff. The development and approval process often involves a lot of debates about wording, such as whether to use citizen, resident or customer. As most modern organisations do not have a strong command and control culture, the most that the policy can usually achieve is ticking a box for internal audit or a 3rd party regulator. Rarely it has a real impact on staff, who like the Beavers and Cubs probably, do not seem to worry about the choice of words and phrases.

Instead of spending a lot of time crafting just the right phrase, more effort should be spent trying to involve staff in developing the policy. Of course, in a large organisation it is not easy to involve everyone, but just getting senior management to ‘approve’ a document and publish it on the intranet does not really mean it is ‘adopted’ by the organisation. Equal, if not more, time and effort should be spent engaging and working with staff before a policy is written than promoting it once it has been written.

Stop wasting staff time – stop trying to educate them about information security or governance

A lot of time and effort is spenting trying to create the perfect information security or governance training package to educate staff. This time is often wasted.

Training all too often includes standard key messages, such as:

  • Watch out for dodgy emails that might contain a virus
  • Do not share sensitive or confidential information with 3rd parties
  • Do not install software without checking with ICT
  • Report incidents to managers
  • And so on

Then staff are dragged away from their work to attend mandatory workshops or required to click on seemingly endless elearning modules.

empty computer classroom

Stop wasting everyone’s time!

Continue reading “Stop wasting staff time – stop trying to educate them about information security or governance”

Is the media interest in Barts Health Trust cyber attack worse than the cyber attack?

Reporting continues on investigation into a cyber attack at Barts Health Trust, which runs five hospitals in east London.

Initially some reports suggested the Barts had been hit by a ransomware attack, which would have meant malware had encrypted files and the attackers were demanding a ransom to unencrypt. According to some reports the number of ransomware attacks around the world increased rapidly in 2016, affecting a wide range of organisations, including several hospitals.

Continue reading “Is the media interest in Barts Health Trust cyber attack worse than the cyber attack?”