Preparing to Hack Wi-Fi
- Understand when you can legally hack Wi-Fi. In most regions, the only time you can hack a WPA or WPA2 network is when the network either belongs to you or belongs to someone who has given you explicit consent to hack the network.
- Hacking networks that don’t meet the above criteria
is illegal, and may constitute a federal crime.
- Hacking networks that don’t meet the above criteria
- Download the Kali Linux disk image. Kali Linux is the preferred tool for hacking WPA and WPA2. You can download the Kali Linux installation image (ISO) by doing the following:
- Go to https://www.kali.org/downloads/ in your computer’s web browser.
- Click HTTP next to the version of Kali you want to use.
- Wait for the file to finish downloading.
- Attach a flash drive to your computer. You’ll need to use a flash drive with at least 4 gigabytes of space for this process.
- Make your flash drive bootable. This is necessary in order to be able to use the USB flash drive as an installation location.
- You can also use a Mac for this step.
- Place the Kali Linux ISO file on the flash drive. Open the flash drive, then drag the downloaded Kali Linux ISO file into the flash drive’s window.
- Make sure you leave your USB flash drive plugged in after you finish this process.
- Install Kali Linux. To install Kali Linux on your computer, do the following:
- Prompt your Windows computer to restart.
- Enter the BIOS menu.
- Set your computer to start from your USB drive by finding the “Boot Options” (or similar) section, selecting your USB drive’s name, and moving it to the top of the list.
- Save and exit, then wait for the Kali Linux installation window to appear (you may have to restart your computer one more time).
- Follow the Kali Linux installation prompts.
- Buy a Wi-Fi card that supports monitoring. You can find Wi-Fi cards online or in tech department stores. Make sure that your Wi-Fi card allows monitoring (RFMON), or you won’t be able to hack a network.
- Many computers have built-in RFMON Wi-Fi cards, so you might want to try the first four steps of the next part before buying one.
- If you’re using Kali Linux in a virtual machine, you will need a Wi-Fi card regardless of your computer’s card.
- Log into your Kali Linux computer as root. Enter your root username and password when logging in.
- You will need to be on your root account at all times during the hacking process.
- Plug your Wi-Fi card into your Kali Linux computer. Doing so will immediately prompt the card to begin setting up and downloading drivers for itself; if prompted, follow the on-screen instructions to complete the setup. Once you’re done with this step, you can proceed with hacking your selected network.
- If you’ve already set up the card on your computer before, you’ll still have to set it up for Kali Linux here by plugging it in.
- In most cases, simply attaching the card to your computer will be enough to set it up.
Jan 11, 2019 # -a2 specifies WPA2, -b is the BSSID, -w is the wordfile aircrack-ng -a2 -b 9C:5C:8E:C9:AB:C0 -w rockyou.txt hackme.cap. If the password is cracked you will see a KEY FOUND! Message in the terminal followed by the plain text version of the network password. Aircrack-ng 1.2 beta3 00:01:49 111040 keys tested (1017.96 k/s) KEY FOUND! Aircrack wifi hack free download - Wifi Hacker, Hack WiFi Password Prank for Windows 10, Wifi Password Hack Free Prank for Windows 10, and many more programs.
Part2 Hacking Wi-Fi
- Open your Kali Linux computer’s Terminal. Find and click the Terminal app icon, which resembles a black box with a white “>_” on it.
- You can also just
press Alt+Ctrl+T
to open the Terminal.
- You can also just
- Enter the Aircrack-ng installation command. Type in the following command, then press ↵ Enter:
sudo apt-get installaircrack -ng - Enter your password when prompted. Type in the password you use to log into your computer, then press ↵ Enter. This enables root access for any other commands executed in Terminal.
- If you open another Terminal window (as you may later in this article), you may have to run a command with the
sudo prefix and/or enter your password again.
- If you open another Terminal window (as you may later in this article), you may have to run a command with the
- Install Aircrack-ng. Press Y when prompted, then wait for the program to finish installing.
- Turn on
airmon -ng. Type in the following command, thenpress ↵ Enter.airmon -ng - Find the monitor name. You’ll find this in the “Interface” column.
- If you’re hacking your own network, it will usually be named “wlan0”.
- If you don’t see a monitor name, your Wi-Fi card doesn’t support monitoring.
- Begin monitoring the network. You can do so by typing in the following command and pressing ↵ Enter:
airmon -ng start wlan0- Make sure you replace “wlan0” with the name of your target network if it’s different.
- Enable a monitor mode interface. Enter the following command:
iwconfig - Kill any processes that return errors. In some cases, your Wi-Fi card will conflict with running services on your computer. You can kill these processes by entering the following command: airmon-ng check kill
- Review the monitor interface name. In most cases, the name will be something like “mon0” or “wlan0mon”.
- Tell your computer to listen to nearby routers. To get a list of all routers in range, enter the following command:
airodump -ng mon0- Make sure you replace “mon0” with whatever your monitor interface name was in the last step.
- Find the router you want to hack. At the end of each string of text, you’ll see a name; find the one belonging to the network you want to hack into.
- Make sure the router is using WPA or WPA2 security. If you see “WPA” or “WPA2” immediately to the left of the network’s name, you can proceed; otherwise, you cannot hack the network.
- Note the MAC address and channel number of the router. These pieces of information are to the left of the network’s name:
- MAC address — This is the line of numbers on the
far-left side of your router’s line. - Channel — This is the number (e.g., 0, 1, 2, etc.) directly to the left of the WPA or WPA2 tag.
- MAC address — This is the line of numbers on the
- Monitor your selected network for a handshake. A “handshake” occurs when an item connects to a network (e.g., when your computer connects to a router). Enter the following code, making sure to replace the necessary components of the command with your network’s information:
airodump -ng -c channel —bssid MAC -w /root/Desktop/ mon0- Replace “channel” with the channel number you found in the last step.
- Replace “MAC” with the MAC address you found in the last step.
- Remember to replace “mon0” with whatever your interface name was.
- Here’s an example address:
airodump -ng -c 3 —bssid 1C:1C:1E:C1:AB:C1 -w /root/Desktop/ wlan0mon
- Wait for a handshake to appear. Once you see a line with the tag “WPA handshake:” followed by a MAC address in the upper-right corner of the screen, you can proceed.
- If you’re not in a waiting mood, you can force a handshake using a
deauth attackbefore continuing with this part.
- If you’re not in a waiting mood, you can force a handshake using a
- Exit
airodump -ng, then open the desktop. Press Ctrl+C to quit, then make sure you can see the “.cap” file on your computer’s desktop. - Rename your “.cap” file. While not strictly necessary, this will make it easier to work with later. Enter the following command to change the name, making sure to replace “name” with whatever you want to name the file: mv ./-01.cap name
.cap - If your “.cap” file isn’t named “-01.cap”, replace “-01.cap” with whatever your “.cap” file’s name is.
- Convert the “.cap” file into “.hccapx” format. You can do this by using Kali Linux’s converter. Enter the following command, making sure to replace “name” with your file’s name: cap2hccapx.bin name
.cap name.hccapx - You can also go to https://hashcat.net/cap2hccapx/ and upload the “.cap” file to the converter by clicking Choose File and selecting your file. Once the file is uploaded, click Convert to convert it and then download it back onto your desktop before proceeding.
- Install naive-
hashcat . This is the service you’ll use to crack the password. Enter the following commands in order:sudo git clone https://github.com/brannondorsey/naive-hashcat cd naive-hashcat curl -L -o dicts/rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt- If your computer doesn’t have a GPU, you’ll need to use
aircrack -ng instead.
- If your computer doesn’t have a GPU, you’ll need to use
- Run naive-
hashcat . Once it finishes installing, enter the following command (making sure to replace any instance of “name” with your “.cap” file’s name): HASH_FILE=name.hccapx POT_FILE=name.pot HASH_TYPE=2500 ./naive-hashcat .sh - Wait for the network password to be cracked. Once the password is cracked, its string will be added to the “name.pot” file found in the “naive-
hashcat ” directory; the word or phrase after the last colon in the string is the password.- It can take anywhere from a few hours to a few months for the password to be cracked.
Part 3 Using Aircrack-Ng for Non-GPU Computers
Aircrack For Mac
- Download a dictionary file. The most commonly used dictionary file is “Rock You”. You can download it by entering the following command: curl -L -o rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
- Keep in mind that aircrack-ng will not be able to crack the WPA or WPA2 password if the password isn’t in the word list.
- Tell aircrack-ng to begin cracking the password. Enter the following command, making sure to use the necessary network information when doing so: aircrack-ng -a2 -b MAC -w rockyou.txt name
.cap - If you’re cracking a WPA network instead of a WPA2 network, replace “-a2” with -a.
- Replace “MAC” with the MAC address you found in the last section.
- Replace “name” with your “.cap” file’s name.
- Wait for Terminal to display the results. When you see a “KEY FOUND!” heading
appear ,aircrack -ng has found the password. You’ll see the password displayed in brackets to the right of the “KEY FOUND!” heading.
Part 4 Using Deauth Attacks to Force a Handshake
- Understand what a
deauth attack does.Deauth attacks send maliciousdeauthentication packets to the router you’re trying to break into, causing the Internet to disconnect and ask the Internet user to log back in. Once the user logs back in, you will be provided with a handshake. - Monitor your network. Enter the following command, making sure to enter your network’s information where necessary:
airodump -ng -c channel —bssid MAC- For example:
airodump -ng -c 1 —bssid 9C:5C:8E:C9:AB:C0
- For example:
- Wait for something to connect to the network. Once you see two MAC addresses appear next to each other (and a string of text that includes a manufacturer name next to them), you can proceed.
- This indicates that a client (e.g., a computer) is now connected to the network.
- Open a new Terminal window. You can just press Alt+Ctrl+T to do this. Make sure
airodump -ng is still running in the background Terminal window. - Send the
deauth packets. Enter the following command, making sure to substitute your network’s information:aireplay -ng -0 2 -a MAC1 -c MAC2 mon0- The “2” refers to the number of packets to send. You can increase or decrease this number, but keep in mind that sending more than two packets can cause a noticeable security breach.
- Replace “MAC1” with the left-most MAC address at the bottom of the background Terminal window.
- Replace “MAC2” with the right-most MAC address at the bottom of the background Terminal window.
- Remember to replace “mon0” with your interface name that you found when your computer initially looked for routers.
- An example command looks like this:
aireplay -ng -0 3 -a 9C:5C:8E:C9:AB:C0 -c 64:BC:0C:48:97:F7 mon0
- Re-open the original Terminal window. Go back to the background Terminal window when you’re done sending the
deauth packets. - Look for a handshake. Once you see the “WPA handshake:” tag and the address next to it, you can proceed with hacking your network.
Source: WikiHow
In this article, we will use Aircrack-Ng and dictionary attack method with encrypted password taken from the 4-step handshake process.
When Wi-Fi was first developed in the late 1990s, Wired Equivalent Privacy (WEP) was created to secure wireless communications, but it has many bugs and is easily cracked. For that reason, most wireless access points now use Wi-Fi Protected Access II with pre-shared key for wireless security, also known as WPA2-PSK. WPA2 uses encryption algorithm, AES is stronger, so it is difficult to crack, but not impossible. The weakness in WPA2-PSK system is that the encrypted password is shared during 4-way handshake (4-way handshake). When the client authenticates to the access point (AP), the client and AP perform a 4-way handshake to authenticate the user to the AP. This is the time to hack the password.
- Wireless security: Say NO to WEP and YES to WPA
In this article, we will use Aircrack-Ng and dictionary attack method with the password encrypted from the 4-step handshake process.
- How to find Wi-Fi passwords of relatives
How to hack WiFi password with Aircrack-Ng
Step 1: Set up Wi-Fi adapter in Monitor Mode with Airmon-Ng
First, we need to use a wireless network adapter compatible with Kali Linux.
- The best 8 long-range Wifi routers in 2017
Aircrack-ng Wifi Hack On Mac Pc
This is similar to setting up a wired adapter in mixed mode (promiscuous mode). It allows to see all the wireless traffic going through. Open the Terminal window and type:
airmon-ng start wlan0
Note, airmon-ng renames adapter wlan0 to mon0.
Step 2 : Get traffic information with Airodump-Ng
Now wireless adapter is in Monitor mode, so all wireless traffic can be seen. Get traffic information using the airodump-ng command.
This command takes all the traffic that the wireless adapter can see and displays important information about it such as BSSID (AP's MAC address), power, beacon frame number, data frame number, channel, speed , encryption (if any), and finally ESSID (SSID). Type the following command in the terminal:
airodump-ng mon0
Note, all visible APs are listed at the top of the screen and the clients are listed at the bottom of the screen.
Step 3: Concentrate Airodump-Ng on an access point on a channel
The next step is to focus on one AP on one channel and collect important data from there. To do this need the BSSID and channel, open another Terminal window and type:
Mac Aircrack Ng
airodump-ng --bssid 08: 86: 30: 74: 22: 76 -c 6 --write WPAcrack mon0
- 08: 86: 30: 74: 22: 76 is the AP's BSSID
- -c 6 is the channel in which the AP is operating
- WPAcrack is the file you want to write
- mon0 is a wireless adapter
Aircrack-ng Wifi Hack On Mac Computer
As shown in the screenshot above, focus on collecting data from an AP with Belkin276's ESSID on channel 6.
Aircrack-ng Wifi Hack On Mac Windows 10
Step 4: Aireplay-Ng Deauth
In order to get encrypted passwords, we need to have an authentic client for the AP. If it is authenticated, we can remove authentication and the system will automatically confirm it, so that the encrypted password can be retrieved. Please open another terminal window and type:
aireplay-ng --deauth 100 -a 08: 86: 30: 74: 22: 76 mon0
- 100 is the number of un-verified frames
- 08: 86: 30: 74: 22: 76 is the AP's BSSID
- mon0 is a wireless adapter
Step 5: The 4-way handshake process
In the previous step, when they re-authenticate the password, airodump-ng will try to retrieve the password during the 4-way handshake. Go back to the terminal window airodump-ng and check to see if it succeeded.
If on the top right line has ' WPA handshake ' written, it means that the process of obtaining the encrypted password was successful.
Step 6: Now we have the encrypted password in the WPAcrack file. Run the file using a password file, here use the default password list named darkcOde. Now, crack the password by opening a terminal and typing:
aircrack-ng WPAcrack-01.cap -w / pentest / passwords / wordlists / darkc0de
- WPAcrack-01.cap is the file name written in the command airodump-ng
- / pentest / passwords / wordlist / darkc0de is the absolute path to the password file
This process can be relatively slow and tedious. Depending on the length of the password list, you may have to wait a few minutes to a few days. When the password is found, it will appear on the screen. Remember, password files are very important. Try the default password file first and if it fails, proceed to a larger and more complete password file.
Maybe you want to know: How to hack Wifi passwords using Wifiphisher
I wish you all success!