<html>
<p>WARNING: Do not use this description on other networks under any circumstances. You are responsible to God for all that this article does for educational purposes only, ie "penetration test".</p>
<p>In this post we will learn how to penetrate WPA / WPA2 networks other than brute force attacks or guessing "dictionary" using the new version Fluxion.</p>
<p>Let's start with God's blessing</p>
<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<img src="https://3.bp.blogspot.com/-vuLOwkmmxdY/WaAFldDkxSI/AAAAAAAAGlg/z8T3qlyBIB8O_IgySU_PQr3NbNPKCL-NQCLcBGAs/s1600/hack-wi-fi-cracking-wep-passwords-with-aircrack-ng.1280x600.jpg" width="600" height="281"/></p>
<p><br></p>
<p>Let's first identify the Fluxion tool:</p>
<p>WPA / WPA2 A Fluxion tool built on Linset developed specifically for Kali Linux 2.0 and Kali Linux Rolling. The tool's breakthrough steps are to launch an attack called the twin Evil Twin The idea is to create a fake wifi network with the same specifications for the network to be attacked The only difference is in the Mac Address and then disconnect users from that network through the ARP Poisoning attack then show them a phishing page through a phishing attack and directly ask them Entering the Password If a wrong password is entered, the Internet flow will never return to them Yeh here compelled to enter the correct password.</p>
<p>Let's move on to the real penetration test</p>
<p>Type in the Terminal window to load the tool:</p>
<p>Git clone <a href="https://github.com/FluxionNetwork/fluxion">https://github.com/FluxionNetwork/fluxion</a></p>
<p>Then cd fluxion</p>
<p>Then run the script through this sudo./fluxion command</p>
<p><img src="https://4.bp.blogspot.com/-KRsWHvSMEK4/WZ9oe8QCFAI/AAAAAAAAGkY/XPZmEv7a4IY5MZzIO-2x4WeTElNA6uZwgCLcBGAs/s1600/htmlimage.png" width="294" height="320"/></p>
<p><br></p>
<p>Type this command sudo ./install/install.sh</p>
<p>Then, type this again sudo./fluxion command</p>
<p>Now the tool will show you simple questions:</p>
<p>For wireless adapter select what you want to monitor "victim"</p>
<p>For channels, select All unless you have a specific "channel" that is known to contain the user's (IP)</p>
<p>Then you'll see the airodump-ng window, called "Wi-Fi Monitor". Allow it to run If you think you have what you need, use the Shutdown button to stop monitoring</p>
<p>You will then be asked to select the goal.</p>
<p>You will then be prompted to select the attack.</p>
<p>You will then be prompted to provide handshake.</p>
<p>If you do not have handshake already taken, the script will help you capture one. Doth packets will be sent to achieve it.</p>
<p>Now choose the language you want</p>
<p><img src="https://4.bp.blogspot.com/-xA7NlcApsCs/WZ9oDkIFxqI/AAAAAAAAGjk/pDF9RLKOC-4vPfhLjbUkawDqO4aAwKW2gCLcBGAs/s1600/htmlimage%2B%25281%2529.png" width="215" height="320"/></p>
<p><br></p>
<p>After you choose the language, this step appears:</p>
<p><img src="https://2.bp.blogspot.com/-g_3kRvm2rEs/WZ9oH2k4TxI/AAAAAAAAGjw/irl4olUueZsOaOpiWP3_fHbtD1Hxz-wswCLcBGAs/s1600/htmlimage%2B%25282%2529.png" width="400" height="179"/></p>
<p><br></p>
<p>I choose number 1 as the picture is wireless and you have the best to be external</p>
<p>The tool will scan using aircrack-ng</p>
<p>Now I choose the victim</p>
<p><img src="https://2.bp.blogspot.com/-NgzmNmKw-OY/WZ9oNpEQhcI/AAAAAAAAGj8/wMGrxcOxyRALIsVOvEVsek600s_sfa1owCLcBGAs/s1600/htmlimage%2B%25283%2529.png" width="400" height="334"/></p>
<p><br></p>
<p>I am the number 21 I will write 21</p>
<p><img src="https://1.bp.blogspot.com/-C63uYDBeS5c/WZ9oLjSnqMI/AAAAAAAAGj4/48tBRYpBo30o5XAWlZ2oVa9FTsnEcPj_gCLcBGAs/s1600/htmlimage%2B%25284%2529.png" width="400" height="322"/></p>
<p><br></p>
<p>I chose the attack method will choose "Hostapd" recommended can also four ways</p>
<p><img src="https://3.bp.blogspot.com/-URfDj2PXT9E/WZ9oT29o3RI/AAAAAAAAGkE/WmSAjSIA24gZvU_VbGn-evdDqC4mPlOsACLcBGAs/s1600/htmlimage%2B%25285%2529.png" width="400" height="295"/></p>
<p><br></p>
<p>Choose a handshake store or you can press Enter</p>
<p><img src="https://2.bp.blogspot.com/-wU0feV-iXHM/WZ9oP0zOJAI/AAAAAAAAGkA/hbbF77SelMgtzQA_YwrToLzy1KywXZKlQCLcBGAs/s1600/htmlimage%2B%25286%2529.png" width="400" height="198"/></p>
<p><br></p>
<p>If you do not know how to pick up the handshake you can use any tool from the previous tools I will use aircrack-ng</p>
<p><img src="https://2.bp.blogspot.com/-3drlMaVOUE4/WZ9oVP060pI/AAAAAAAAGkI/vtZP0eEsfQodTlCJt9IRGY6a63IixSECQCLcBGAs/s1600/htmlimage%2B%25287%2529.png" width="640" height="178"/></p>
<p><br></p>
<p>If handshake is taken: [MAC Address] wpa at the top Press 1 then Enter and everything is OK Continue the next step</p>
<p><img src="https://2.bp.blogspot.com/-FIzXRElEcwI/WZ9oWRQeBbI/AAAAAAAAGkM/h6bVQkUWeL4S6e05lxmCEX09txynDxo3wCLcBGAs/s1600/htmlimage%2B%25288%2529.png" width="400" height="212"/></p>
<p><br></p>
<p>Using web interface 1 Press Enter</p>
<p><img src="https://3.bp.blogspot.com/-RhF9w5LhgaI/WZ9oaQgbwBI/AAAAAAAAGkQ/e8eDlr5ZAsUWJDZw6Qdlx1lz0l0UnVaHgCLcBGAs/s1600/htmlimage%2B%25289%2529.png" width="369" height="400"/></p>
<p><br></p>
<p>This is a variety of login pages that you can use to get a "phish" password. The victim will choose the initial method</p>
<p><img src="https://3.bp.blogspot.com/-OQXX9t2ISv4/WZ9oGZleV4I/AAAAAAAAGjs/PnaRU_UvgkQkOCYYcITZzVN2tlRC-3teACLcBGAs/s1600/htmlimage%2B%252810%2529.png" width="640" height="360"/></p>
<p><br></p>
<p>After you make your decision, you'll see multiple windows. DHCP and DNS requests are handled</p>
<p><img src="https://4.bp.blogspot.com/-vegQUu22soc/WZ9oEHHQxkI/AAAAAAAAGjo/tIFr4S3-6rMmy4WaOPFPzU6Gr5W4ECllwCLcBGAs/s1600/htmlimage%2B%252811%2529.png" width="400" height="225"/></p>
<p><br></p>
<p>On my smartphone, I see two networks of the same name. Note that while the original network is wpa-2</p>
<p><br></p>
<p>He was born.</p>
<p><img src="https://4.bp.blogspot.com/-mLZlrpinmdc/WZ9oaSRyI1I/AAAAAAAAGkU/RMwRKn9M17cjLOrDfdQRG_ORGNThoHuIQCLcBGAs/s1600/htmlimage.jpg" width="180" height="320"/></p>
<p><br></p>
<p>After connecting to the network, I got a notification saying I needed to access the wireless network. When you click on it, I found this page. For some people, you'll need to open your browser and try opening a website (it's possible to be facebook.com) to view this page. After entering the password, and then pressing Send, the script is run.</p>
<p><img src="https://1.bp.blogspot.com/-Q3bLRfgc5nI/WZ9oJYzWVtI/AAAAAAAAGj0/FeUtvrisb8gJ9702aM3ajKuo-nQOuzqUwCLcBGAs/s1600/htmlimage%2B%252812%2529.png" width="400" height="225"/></p>
<p>If you write / write the password, the victim is a mistake, the hack will become an attack and my Internet will hang. So I will not try this on my network because my Internet is not broken.</p>
<p><br></p>
<p>I used Aircrack-ng again to authenticate as expected and worked perfectly we managed to get the password to wpa2 protected network in minutes.</p>
<p><img src="https://steemit-production-imageproxy-upload.s3.amazonaws.com/DQmRKgYYp1TzWmvqtnfbMSLZQSgUXinUxqyHyd39HZ8j7gx?AWSAccessKeyId=ASIAIOYYWSW7KTO4DGCA&amp;Expires=1503662812&amp;Signature=XwYHdCW3CLrnXj7KBXe5%2BQvhVvk%3D&amp;x-amz-security-token=FQoDYXdzECoaDCnzVG5UVnSn%2FI4K3iK3A%2F5JC%2FgwxIHtrpDWubH0WyPJQ8swEfELlFl1o9U%2B%2BkadqutGEUO0UpPmpfjxKgJ31Oy%2FjQHkyTzBaJZCPpKluf8ND12Hdv47zS2aBO%2BYhvUkbiEz71QL8FO3OtPV6QnMzwpeIrJZe2I1r7N6sk977CiD6fmHfbvfOzbEjhoqQel2eAc%2FHfO8jeMj5AJ1SDWTgz0%2BUdnR075TRNDCvTqhj80aT2GGZc9wIl8EacXiiValrWU0yd%2Bo41i7jcLP9A9vWiLnK2aZzQjtWH%2BqcYkVwMmq2E6lOBQObVkQFOi%2FHF9qL1owLb41XtIevp1710U21NbVyIViv9iqPgy0PwQMitfN2QLa1CQB5YUxt241Nd%2BxPp9N5Vsb1i29j6ZFxbab4Qj2D2TTTN5nm7BWV1ksHB4khy28zDMb6KXO5N0kSD1%2FV1ZQ5iT%2BDsEOID2sCpjeTkyFc6ILq5NRUVM8BP75KAE%2Fvs4HjBOKsjC59EiuGw4LxnfqQgFMboY8BIB0%2Fsh44ezNNjtas5rCteai53otlrp%2FDU2uRRTBJ2KmBMuIzDv9xQto0Y1y6Y8xK6JUYi3GMgFFxlMsJLQolr3%2FzAU%3D" width="700" height="180"/></p>
</html>