Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. Cyber Security Associates Limited, will not be held responsible for any criminal charges brought against any individuals misusing the information in these projects to break the law.
Please ensure you are using the latest SD Card image which is available here.
This project aims to provide an introduction into how Kali Linux can be used by “Ethical Hackers” to simulate a malicious WiFi attack and test the security of a wireless network.
Within Kali there is a tool called ‘aircrack-ng’ that is a collection of tools that are designed to test the security of a wireless network. There are many different applications of the tools within this collection including WEP cracking, deauthentication and configuration tools to allow the bypassing of proxy settings. These tools can be used to test the security of a system by “Ethical Hackers”, searching for insecure passwords or misconfigurations. For example, Wired Equivalent Protocol (WEP) has been vulnerable for over 10 years but is still used by some networks and still installed on routers. There are many tools available that can automate the cracking of WEP networks and then allow unauthorised access to the network.
Currently WPA2 is the most up to date protocol to use with WiFi networks and provides more security than WPA and WEP. This is still a vulnerable protocol as different attacks have been developed to break WPA2, like the process the students will go through in this project. This attack exploits the 4-way handshake between a connecting device and the Access Point (AP). The tool is trying to capture the PMKID which is a derivative of the AP MAC address, the client AP address and PMK (Pairwise Master Key) and PMK name. As long as this information is captured it is possible to brute force and extract the password for that specific WPA2 AP.
Suggested Year Group
This project is designed to be completed by students over the age of 17. It will also support the A Level Computer Science qualification as it considers wireless protocols, ethical hacking and how encryption and strong passwords are related.
Stress the explicit nature of the disclaimer on the student worksheet;
Instruct the students about Kali;
Introduce how different tools within ‘aircrack-ng’ are used in this process;
Provide the students time to practice with the tools explained in this project.
Component Number (Peli Case)
(Base) 4 & 5
(Level 1) 6
(Level 1) 3
(Level 1) 3
(Level 1) 3
(Level 1) 5
(Level 1) 1
Component Number (Box Case)
Raspberry Pi + Case
Kali SD Card
Power Supply Unit
Stress to the students that this project is for educational purposes only, and that this information should not be used outside the classroom and should NEVER be used for malicious purposes. There are strict consequences for misuse of computers and can have long term effects. It is important that as many students understand how important using strong passwords is for protecting their networks and personal accounts. It is much harder to try and brute force a password that isn’t on a word list than waiting for the correct result from an extensive list like rockyou.txt.