Skip to main content

Wifi Hacking

 How to hack WiFi passwords (using Aircrack-ng, Reaver and Wifite)




If you've ever stumbled upon the question of how to hack WiFi passwords then in this post I'll be explaining you several tools to achieve the same. Before starting I'd like to request you to only perform the following steps in a testing environment or on the networks that you're authorised to do this.

I'll be skipping the basic steps such as choosing the right adaptor to perform these steps along with installing Linux and the tools upon it. Also I'll be explaining in a quick and concise manner thus the video could be vital to your understanding . Also some of these attacks are brute force thus could take anywhere from a minute to several days to crack a password. Keep this in mind before starting with these methods. With this out of the way, lets begin this journey.wifite2


  • Using Aircrack-ng


NOTE: The prerequisite condition for this attack to work is that the target wifi network must have atleast one device connected to it.


1. Our first step is to determine the name of our wifi interface. This can be done with ifconfig command and would probably be either wlan0 or wlp3s0.


2. Then we'll put our Wifi card into monitor mode. This is done in order to inject packets into a network. For this we'll require the name of our wifi interface that we obtained in the above step and start it.

sudo airmon-ng start wlan0


3. Now your WiFI card will be put into monitor mode and your interface name would be changed to mon0. You'll also be notified of several running process which could interfere with the following steps. Thus we'll kill those processes now. Note there PID (Process ID) and issue the following command to terminate them.

kill <PID>


4. Now we'll capture packets from every wifi network in our vicinity and decide on our target. This will be done with the airodump-ng command

airodump-ng mon0


5. This command will display a lot of information about the nearby networks (also called Access Points or AP). Make sure that your target AP has ENC (Encryption) as WPA or WPA2 and AUTH (Authentication) as PSK. Note its BSSID and CH (Channel No.).


6. We'll again use airodump-ng now to zero in on the target network and write this information in a file.

airodump-ng --bssid <BSSID> --channel <Channel_no> -w <file_name> mon0


7. Note the MAC address of the client that has to be kicked out. Open another terminal for now we'll be performing a deauthentication attack to kick any device connected to the AP. We'll use the --deauth switch to do this while specifying the number of deauth packets to be sent to it. Here we'll be using 200.

aireplay-ng --deauth 200 -a <BSSID> -c <MAC_ADDRESS> mon0


8. Now the disconnected device will try to reconnect to the AP and this is where we'll capture the handshake and write it in the file mentioned above. You'll be able to see the handshake was captured in the previous terminal window on the top right.


9. Finally we'll use a wordlist to brute force this encrypted password and obtain the decrypted password. Every pentesting distro such as kali, parrot, etc have built in wordlist files which can be used here. They are placed in /usr/share/wordlists. You can use rockyou.txt.

aircrack-ng <file_name> -w <location_of_wordlist>


10. Upon cracking the password it will be displayed on your screen.




  • Using Reaver

1. The first step is to put your wifi card in monitor mode just like explained above.
airmon-ng start wlan0

2. Then we'll choose our target AP same as above.
airodump-ng mon0

3. Note its BSSID and kill that process with Ctrl+C.

4. This is when reaver will take command.
reaver -i mon0 -b <BSSID> -vv

5. Now reaver will do its magic and provide you with the wifi's password. However you need to take in consideration the amount of time that this may take. Its official documentation states that this can take anywhere from 4 to 10 hours.




  • Wifite



Wifite is an automated tool and would thus take away a lot of hassle and command typing while providing you a simple to follow interface.

1. Start wifite as superuser.
sudo wifite

2. Your wifi card will be automatically be put into monitor mode and the nearyby WiFi access points would be displayed on screen. Press Ctrl+C when you have decided upon your target. 

3. Then you'll be asked to select your target which can be done with its NUM (number) written on the left side.

4. Wifite will deauth the AP and capture the handshake. Then the captured handshake will be saved in a file and the decryption process will begin to crack the password.

5. In the end the wifi password would either be provided to you or the process would terminate stating that it was unable to find the password.




How to get out of monitor mode

Now after using any of these tool your wifi card remains in monitor mode and is thus not able to connect to any wifi network. To resolve this the following commands need to be executed
sudo airmon-ng stop wlan0
sudo ifconfig wlan0 down
sudo iwconfig wlan0 mode managed
sudo ifconfig wlan0 up

Labels:

Comments

Post a Comment

Popular posts from this blog

C4ptur3-th3-fl4g Walkthrough

TryHackMe c4ptur3-th3-fl4g Walkthrough Task - 1 Translation and Shifting Question 1 -  c4n y0u c4p7u23 7h3 f149? Solution -  This one's quite simple. This is called leet in which the text is written with modified spellings with the help of numbers in place of some characters. The answer for this one is - can you capture the flag? Question 2 -  01101100 01100101 01110100 01110011 00100000 01110100 01110010 01111001 00100000 01110011 01101111 01101101 01100101 00100000 01100010 01101001 01101110 01100001 01110010 01111001 00100000 01101111 01110101 01110100 00100001 Solution -  This is written in binary as you can see that every set of 1's and 0's (separated by space) is a string of 8 numbers. So you can use any online resource such as  rapidtables  to convert binary to ascii. The answer for this is -  lets try some binary out! Question 3 -  MJQXGZJTGIQGS4ZAON2XAZLSEBRW63LNN5XCA2LOEBBVIRRHOM====== HINT :  Hav...
Post a Comment
Read more

Hacktober CTF - Writeup

  HACKTOBER CTF   This post contains the writeups for: l  Crypto n  Hail Caesar n  Down The Wrong Path l  Forensics n  Captured Memories n  Amcaching In n  Prefetch Perfection n  Prefetch Perfection 2 l  Linux n  Talking to the dead 1 n  Talking to the dead 2 l  Programming n  Message in an array n  Trick or treat l  Steganography n  You believe in ghosts n  Start digging n  Blasphemy   1 OSINT         n Creeping 1        n  Creeping 2         n Creeping 3         n Past Attacks       Hail Caesar In this question we have to decrypt TGG KUSJWV QGM and the question gives us a hint that its a caesar cipher. Although we don’t know the key but we really don’t need one for this. Loading it up in dcode gives us the answer as BOO SCARED YOU   And thus the flag is flag{ BOO...
2 comments
Read more

Krypton Walkthrough

Krypton Walkthrough Level 1 >> Level 2 Level 2 >> Level 3 Level 3 >> Level 4 Level 4 >> Level 5 Level 5 >> Level 6 Level 6 >> Level 7 Level 1 >> Level 2 Hint Read the question carefully. Solution 1. SSH into the server with username as krypton1 and password as KRYPTONISGREAT $ ssh krypton1@krypton.labs.overthewire.org -p 2231 2. The next step is to find the file upon which we'll be practising. This information is provided in the previous level. So lets hop onto the location. $ cd /krypton/ $ ls $ cd krypton1 3. Reading the README file gives us the answer to try skipping that and directly cat the other file $ cat krypton2 OUTPUT: YRIRY GJB CNFFJBEQ EBGGRA 4. With practice you'll be able to recognize this cipher. Also you can use an online service called boxentriq for recognizing the cipher. It'll also help you in breaking it. As of now the cipher is rot13 which is a caesar cipher with key as 13. The way rot13 works is that it adds 13...
Post a Comment
Read more