Demonstrating password strength using Aircrack-ng

This demonstration of cracking WPA or WPA2 passwords using Aircrack-ng is based on the many YouTube tutorials and blogs.

Its purpose is to quickly demonstrate to users how poor passwords are vulnerable. One of they great benefits of using Aircrack-ng in a demonstration is that the user-interface looks just like scene from a movie.

It is important to note that a number of the steps can be completed before the demonstration starts.

Initial requirements for the demonstration
The demonstration uses minimum equipment and is portable.

  • Laptop / PC – ideally with virtualization software
  • Kali Linux (free) and a suitable wifi adapter, such as Alfa AWUS036NEH
  • Safe Wifi hotspot, such as smartphone to attack
  • If you are not using a virtual machine to run Kali, another device to connect to the wifi hotspot

Step 1 – monitor mode
Start by putting the wireless adapter into monitor mode ( monitor mode allows packets to be captured without having to associate with an access point or ad hoc network first).

Command: airmon-ng start wlan0

The adapter might be referred to as something like wlan0mon. To confirm it is in monitor mode, use command iwconfig and check the mode.

Step 2 – display wifi access point in range
Initially set the password for the safe wifi access point to something like testtest or password, which can quickly cracked.

Command: airodump-ng wlan0mon

Note – airodump-ng hops from channel to channel and shows all access points it can receive beacons from.

The upper data block shows the access points found and the lower block shows the clients.  Key fields to note

BSSID The MAC address
PWR Signal strength. Some drivers don’t report it
Beacons Number of beacon frames received.
Data Number of data frames received
CH Channel the AP is operating on
ENC Encryption)
ESSID The network name. Sometimes hidden
STATION The MAC of the client itself
Probes Network names (ESSIDs) this client has probed

Step 3 – capture the handshake and save it to a file called captfile
Consider changing directory to Documents so the captured handshake is saved there.

Command: airodump-ng –bssid [08:86…] -c 6 –write captfile wlan0mon

Note -c is channel
Copy and paste the appropriate details of the safe wifi access point. This is sometimes easier using a separate terminal window.

Initially it will look like the following:

Use host wifi or another device to connect to the safe wifi access point. When airodump-ng captures a handshake the top line changes.

Step 4 – Aircrack-Ng the password
If a single client handshake is captured use

command: aircrack-ng captfile -01.cap -w dictionary_file

If multiple handshakes are captured use

command: aircrack-ng -w dictionary_file -b [mac of client] captfile-01.cap

Note – dictionary_file is the name of the dictionary file. Try rockYou.txt from John the Ripper or a customer dictionary.

You can repeat the process from step 2 with a more complex password to show how much longer a better password takes to crack.


Improving user-generated password strength through education

It is generally accepted that a strong password is better than a weak password, where strength is a function of password length, complexity, and unpredictability. A well educated user should be able to easily create secure passwords.  To try to ensure users select suitably strong passwords many ICT systems force users to create passwords with a minimum length. They often also try to ensure a level of complexity by requiring users to include capital letters, numbers and symbols.

However, most people have numerous of passwords to remember for home and work, so it shouldn’t be a surprise to learn that many people re-use passwords or write them down.  And when users are forced to regularly change passwords, a significant number make minimal changes – Passw0rd01 to Passw0rd02 for example.

The National Cyber Security Centre has published useful guidance on ‘Helping end users to manage their passwords’

Continue reading “Improving user-generated password strength through education”

Is the media interest in Barts Health Trust cyber attack worse than the cyber attack?

Reporting continues on investigation into a cyber attack at Barts Health Trust, which runs five hospitals in east London.

Initially some reports suggested the Barts had been hit by a ransomware attack, which would have meant malware had encrypted files and the attackers were demanding a ransom to unencrypt. According to some reports the number of ransomware attacks around the world increased rapidly in 2016, affecting a wide range of organisations, including several hospitals.

Continue reading “Is the media interest in Barts Health Trust cyber attack worse than the cyber attack?”