Kali Linux : WI-FI WPA2 PSK Hacking

WIFI Hacking

Hello guys, Hope you are doing well. 

Most of the time people asking the same question to me “How to hack WI-FI”

So, this article dedicated to them. 

First of all our requirement for hack a Wi-Fi network.

·         Kali linux

·         Wi Fi adaptor ( if your laptop’s Wi Fi does not support monitor mode. Ref: kali.org/

·          A word list or a password file. It’s like a txt file with some common words using for as password. Best is create your own password file using Crunch.

Now we have all these things. One more thing that we need is “A working Brain” :P

Okis, now start.

First of all check the Wi Fi connection, using this command.

#ifconfig

You will see a network adaptor like WLAN0 or Wlan1 or wlan2 (depends)

Now, #ifconfig wlan0 up (In my case, my Wi Fi is wlan0)

 Its time to scan the available Wi Fi networks.  We can use two different tools for that. First is ‘Kismet’ & second it ‘Iwlist’ here we’re using Iwlist.

Type # iwlist wlan0 scanning

It will print all available network with their MAC address & Channel no.

Select the network that you want to hack. Copy the SSID name, MAC address, Channel no. to a notepad

Now, put the WI FI adaptor in monitor mode. Use #airmon-ng start wlan0 , run ifconfig to confirm(you will see a new WI FI adaptor  as mon0

Time to capture the Handshakes. Handshake is a file which have the password information. Here we’re using airodump to capture the valid handshakes.

Use #airodump-ng mon0 –bssid aa:bb:cc:dd:ee –channel 1 –write key

Wait until we found a valid handshake, it takes up to 45 minutes. When it show the valid handshake found, press ctrl+c to terminate job. Now we have the capture file named key.cap

Here we need a word dictionary 0r wordlist to crack the password, PS: Password will only crack it the wordlist have the password as plain text. Better to use own wordlist.(do social engineering for password guessing & use Crunch to create own wordlist)

Time to run password cracker.  Here we using Aircrack, its best tool ever to crack WI FI password.

Run # aircrack-ng /root/key.cap -w /root/wordlist/z3r0.lst

Wait for the password cracked. If password is cracked it will show the password in plain text.

If WPS enabled in WI FI

Most of shopping mall have their own WI FI zones, but they protect them using wpa2Psk, so its hard to crack them all. But they do a big mistake they enable the WPS connection on & it’s like a Jackpot for whom who want to hack WI FI & use free internet (bill paid by WI FI zone owner) .

Reaver is best tool to crack  a WI FI network with WPS enable.

Normally we can use this command :

#reaver –I mon0 –c 1 -b aa:bb:cc:dd:ee –vv

But some time admin block the continues request of WPS, so here we use this command:

#reaver –I mon0 –c 6 –b aa:bb:cc:dd:ee –vv –L –N –d 15 –T .5 –r 3:15

Details:

I               : interface

C             : channel

B             : Broadcast address (mac address of WI FI router)

L              : Ignored locked WPS status

N             : Don’t send NACK packet when errors are detected

D             : delay (-d 15= delay 15 seconds between PIN attempts)

T              : timeout period (-t .5 = for halfsecond timeout)

R             : rest (-r 3:15 = after 3 attempts, sleep for 15 seconds)

Common Network Terminologies

Before we start , first we have to know about the network & Network security. It would be better to acquaint with the definitions of some common network security related terms.

Access Control	The mechanisms and policies to ensure that network resources are available to only those users who are entitled to use them. Access control is usually implemented using an Access control list (ACL)
ACL	A table of data file that lists the users that can access a system or network resources. Motive of Implementing the ACL is give permission to the user for read, write, execute of file/drive/information.
Certificate	A digital signature that authenticates a user’s identity. It also known as digital certificate (most knows as digi cert). it contains the User’s public key & the digital sign of Certificate Authority (CA). As configured certificate may contain some more information (vendor ID, issuer details, user ID…)
Cryptography	A mechanism by which data is converted into an unreadable form (encrypted) using some algorithms (mostly using mathematics) that utilize a secret key. Only the intended recipient has the secret key to decrypt & get the original data back.
Decryption	The process of converting an encrypted message back into plain text(readable format) using the master key/secret key.
Encryption	The process of converting a message into unreadable form to safeguard the message from various attacks when it travels over a network.
Hacker	Someone who tries to gain unauthorized access to a computer or network.
Honeypot	A computer network that set up to attract hackers. However, it limits hackers form accessing the entire network.
Intrusion detection system	A software /hardware device that is specially set up to monitor network traffic and analyses the information gathered to detect any security breaches either in the form of intrusion or misuse.