You are here: Funzioni del Tecnico > I Network Injector > Cose da sapere per individuare la password di rete WiFi

What you should know about identifying the WiFi network password

Introduction

Tactical Control Center includes three types of attacks to identify protected WiFi network passwords (Wireless Intruder):

WPA/WPA2 dictionary attack

To run this attack, the system identifies handshakes between the client and the access point and tries to discover the password using a dictionary of common words.

The handshake is saved in folder/opt/td-config/run/besside/wpa.cap. If necessary, you can copy the handshake and try the attack with another more powerful machine.

Once the system identifies the handshake, the attack can continue without remaining near the WiFi network.

The attack may take a long time, proportionate to the size of the dictionary. The attack fails if the password is not found in the dictionary of common words.

WEP bruteforce attack

To run this attack, the system makes an injection simulating one of the clients connected to the network and collects data to force the encrypted password. A least one client must be connected to the network.

The attack lasts from 10 to 15 minutes and the notebook must remain in the WiFi network coverage range the entire time.

WPS PIN bruteforce attack

To run this attack, the system tries all the possible combinations to recover access point settings via a WiFi Protected Setup protocol.

The attack may take a long time and the notebook must remain in the WiFi network coverage range the entire time.

Attack progress

The percent attack progress [1] (WPA/WPA2 and WPS) or captured Initialization Vectors (WEP) can be seen in the Tactical Control Center Wireless Intruder tab.

RCS9.4 | User's Guide | © COPYRIGHT 2014