How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng Step 1: Put Wi-Fi Adapter in Monitor Mode with Airmon-Ng. Step 2: Capture Traffic with Airodump-Ng. Now that our wireless adapter is in monitor mode. Step 3: Focus Airodump-Ng on One AP on One Channel. Step 4: Aireplay-Ng Deauth. The weakness in the WPA2-PSK system is that the encrypted password is shared in what is known as the 4-way handshake. When a client authenticates to the access point (AP), the client and the AP go through a 4-step process to authenticate the user to the AP. If we can grab the password at that time, we can then attempt to crack it.
In this hi-tech life, we always need a working internet connection to manage both our professional and personal life. The most comfortable way to access internet everywhere anytime is by buying mobile data recharges but they are very expensive. Another good way to connect to free WiFi if it’s luckily available at your workplace, college or home. But everyone is not that lucky.
Everybody might have many fast WiFi hotspots available in their smartphone’s range, but they don’t have access to those WiFi connections because they are password protected and you don’t have access to them so, you can’t use those WiFi hotspot to access internet in your smartphone or laptop. But, what if you can hack a WiFi?
Yes, I am not joking. What if you can hack any WiFi available in your range and crack it’s password to access free and unlimited internet? IMO, if you can learn a way to hack a WiFi network then you can access free internet everywhere. Right?
So, I am telling you the method to hack a secured WiFi network, crack its password and enjoy free internet using it.
Wpa2-psk Cracking Software
Before moving directly to the methods to hack WiFi networks lets first see what type of security and authentication methods are implemented in WiFi networks.
WiFi Security & Encryption Methods
Hacking WiFi Networks with WEP, WPA and WPA2 PSK Security
As security features have been improved from WEP to WPA to WPA2 PSK WiFi authentication protocol, so obviously, WEP WiFi networks are very easy to hack compared to WPA and WPA2 PSK Security methods.
Almost every password-protected WiFi networks support both WPA/WPA2 PSK authentication. If somebody is already connected to the network, you can check in his network properties to see what encryption-type is being using by the targeted WiFi network.
But if you want to know encryption-type of WiFi network which is not connected to any device in your reach, you need Ubuntu operating system to do this.
In Ubuntu, you can use nmcli command in terminal which is command-line client for NetworkManager. It will show you security types of nearby Wi-Fi access points. Enter the following command in terminal:
It will show you the output like this:
Using the above methods, you should have known the encryption-type of targeted WiFi network which you want to hack. So, I am gonna show you how to hack WiFi Network for each of WEP, WPA and WPA2 PSK secured WiFi networks.
Requirements for Hacking WiFi Netwoks
My methods require KALI Linux which is especially designed Linux distrbution for penetration testing and ethical hacking. You can download it for free from its official site. Download Kali Linux ISO from its website either install it as separate operating system in your system or you can use Virtual Machine/VMware to directly run KALI Linux inside Windows.
You will also need Aircrack-ng which is a security suite to assess WiFi network security. It focuses on different area of WiFi security: monitoring, attacking, testing and cracking.
Another important requirement is to check if your wireless card is compatible with Aircrack-ng or not. Because if it’s not compatible, you need to have an Aircrack-ng compatible card. Check it directly here: http://www.aircrack-ng.org/doku.php or run aireplay-ng -9 mon0 command inside terminal to view the percentage of injection your card can do.
Install Aircrack-ng using the following command in KALI LINUX
Fulfill only these requirements and you are ready to hack any WiFi network, whether it is a WEP, WPA or WPA2 PSK Wi-Fi.
Steps to hack WiFi Networks
Starting below, I’ll be guiding you step-by-step in hacking a secured WiFi network. You can either scroll down to read each and every WiFi hacking method or can directly jump to the required section below using these links:
There are various methods to hack into WiFi network and crack its password for all the above security-types but I am showing only those methods with which I’ve had success in cracking password of desired WiFi network and hack secured WiFi Access points. So, if you follow these steps correctly, you’ll also be able to hack any WiFi hotspot available in your reach.
How To Hack WEP WiFi Network
In this method, we are going to hack WEP secured WiFi network using packet injection method inside KALI Linux operating system. So, start KALI Linux in your system. Now follow these below steps:
Step 1: Check Wireless Interface
Step 2: Scan available WEP WiFi networks
Step 3: Attack the selected WEP WiFi Network
Steps to Hack WPA/WPA2 Secured WiFi Network
Hacking into WPA/WPA2 WiFi Network is very tough, time & resource consuming. The technique used to crack WPA/WPA2 WiFi password is 4-way handshake for which there is a requirement to have at least one device connected to the network.
In WPA/WPA2 security method, the allowed password can have both large and small alphabets, numbers and symbols. And, allowed size of password is 64 characters. On a rough guess, if we consider password to be only 8 characters long and eliminate the use of symbols even then if you want to crack WPA or WPA2 WiFi password, using the brute force method the password combinations will be: 826+26+10=62 which is equals to:
So, even in fastest computer you can manage to use, it’s going to take hours.
Aircrack-ng have all the tools required to crack into WPA/WPA2 PSK WiFi network. It can perform 4-way handshake by disconnecting/connecting the connected device and capturing WPA handshake. It can perform brute-force attack but you can’t hope to crack the password if you have wordlist/dictionary for the password (which is already too big in size) with password inside it. I hate to tell you this but yes, doing it on your own can take forever.
However, there is a tricky way to crack WPA/WPA2 WiFi Password quickly which only requires you to be a bit lucky. The tool is fluxion. Fluxion use same 4-way handshake technique to crack secured WPA/WPA2 WiFi access points password but it doesn’t require you to have dictionary or perform brute force attack. So yes, it’s going to minimize your time to hack WPA or WPA2 WiFi networks password multiple folds.
Instead of doing this, it performs a little bit of phishing where the already connected user is asked to enter password of WiFi network again for security reason and when the user enter the password, first the handshake is checked with the earlier captured handshake of the device, if handshake is correct that means the password entered by user is correct. Once it is successful, Fluxion returns the key required to authenticate the network.
Steps to crack WPA/WPA2 WiFi Password using Fluxion
I can understand that not all readers will be able to implement the method after reading such summarized version on hacking WPA/WPA2 PSK WiFi Network. So, below is the video tutorial on cracking WPA2 WiFi Access Point password using Fluxion.
https://youtu.be/4XLUVfoJqo8
Comments below if you face any problem in hacking WEP, WPA and WPA2 PSK WiFi Networks using the above methods.
Must Read –How To Hack a Website using SQL Injection
Posted by Vishnu Valentino in Hacking Tutorial | 241 comments
After the long holiday, first I want to say Merry Christmas and Happy new year 2014 to you. Today we will learn about 5 Steps Wifi Hacking – Cracking WPA2 Password. A lot of readers send many request regarding how to crack wireless WPA2 password in our request tutorial page.
According to Wikipedia :
Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, WEP (Wired Equivalent Privacy)
A flaw in a feature added to Wi-Fi, called Wi-Fi Protected Setup (WPS), allows WPA and WPA2 security to be bypassed and effectively broken in many situations. Many access point they have a Wifi Protected Setup enabled by default (even after we hard reset the access point).
Requirements:
1. Wireless card (support promiscuous mode)
Neeya naana full episode 484. Neeya Naana is a Tamil TV show aired on Star Vijay. You can watch All Episodes of including Today Episode of Neeya Naana Star Vijay TV channel here in best quality.
In this tutorial I use ALFA AWUS036H from Amazon.
2. Access point with WPA2 and WPS enables
5 Steps Wifi Hacking – Cracking WPA2 Password:
1. Open our terminal (CTRL+ALT+T) and type airmon-ng (view tips and tricks how to create keyboard shortcut on kali linux)
this command will lists our wireless card that attached with our system.
2. The next step we need to stop our wireless monitor mode by running airmon-ng stop wlan0
3. Now we ready to capture the wireless traffic around us. By running airodump-ng wlan0 our wireless interface will start capturing the data.
From the picture above, we can see many available access point with all the information. In the green box is our victim access point which is my own access point ?
Information:
BSSID (Basic Service Set Identification): the MAC address of access point
PWR: Signal level reported by the card.
Beacons: Number of announcements packets sent by the AP
#Data: Number of captured data packets (if WEP, unique IV count), including data broadcast packets.
#/s: Number of data packets per second measure over the last 10 seconds.
CH: Channel number (taken from beacon packets).
MB: Maximum speed supported by the AP. If MB = 11, it’s 802.11b, if MB = 22 it’s 802.11b+ and higher rates are 802.11g.
ENC: Encryption algorithm in use.
CIPHER: The cipher detected. TKIP is typically used with WPA and CCMP is typically used with WPA2.
AUTH: The authentication protocol used.
ESSID: Shows the wireless network name. The so-called “SSID”, which can be empty if SSID hiding is activated.
4. From the step 3 above, we can find access point with encryption algorithm WPA2 and note the AP channel number. Now we will find out whether target AP has WPS enabled or not.
Wpa2 Psk Crack Windows
wash -i wlan0 -c 8 -C -s
if the WPS Locked status is No, then we ready to crack and move to step 5.
5. The last step is cracking the WPA2 password using reaver.
reaver -i <your_interface> -b <wi-fi victim MAC address> –fail-wait=360
Because we already get the information from step 3 above, so my command look like this:
reaver -i wlan0 -b E0:05:C5:5A:26:94 –fail-wait=360
it took about 5 hours to crack 19 characters WPA2 password (vishnuvalentino.com) from my Kali virtualBox, but it depend with our hardware and wireless card.
Conclusions:
1. WPA and WPA2 security implemented without using the Wi-Fi Protected Setup (WPS) feature are unaffected by the security vulnerability.
2. To prevent this attack, just turn off our WPS/QSS feature on our access point. See picture below (I only have the Chinese version ? )
Notes: Only practice this tutorial on your own lab and your own device. Hacking can be a crime if you don’t know where to put it.
Share this article if you found it was useful:
Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com
Screen video capture software free. See all posts by Vishnu Valentino || Visit Website : http://www.vishnuvalentino.com
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |