This post deals with gathering the information you need to use aircrack-ng to capture a WPA/WPA2 handshake for offline bruteforce attacks. When running aireplay-ng to send out de-authentication packets you need the MAC address of the Access Point and a Client that is associated with it. The way I would collect the information is run Kismet. With the older version of Kismet I would monitor the client (panel view) and select (copy/paste) the access point and client MAC. With the new version of Kismet you cannot select a MAC address. So I wrote myself a quick Perl script to parse the Kismet NETXML file to create output with the MAC addresses of AP and associated client pairs.
Continue reading »
Apr 052012