Long-range AWUSo36ACH 802.11 ac Wifi adapter. Eventually, enthusiasts of Wifi hacking know ALFA AWUSO36H adapter as the oldest due to its Realtek chipset which is not as powerful as its peers are. It includes drivers for Kali Linux and it is secure to use on WPA, WPA 2, WEP, and TKIP protocols. How to hack WiFi – the action plan: Download and install the latest aircrack-ng Start the wireless interface in monitor mode using the airmon-ng Start the airodump-ng on AP channel with filter for BSSID to collect authentication handshake. To do this, first you should install kalinux or you can use live kali linux. To crack Wi-Fi, first, you need a computer with kali linux and a wireless card which supports monitor/injection mode. If your wireless card is not able to do this, you need to get an external wireless card which is capable of monitor/injection mode. AirCrack is a free desktop application used for cracking Wi-Fi passwords. The software cracks WPA and WEP passwords. It can also be used to improve Wi-Fi security through monitoring, fake access points, and testing connections. The application analyzes encrypted packets and tries to crack them using its algorithm.
Every new hacker loves to Google the words “How to hack WiFi passwords?” So i thought why not make a blog post on it.
PS Every professional hacker was a script kiddie at some point
Before we start lets look at some terminology.
BSSID- It is the MAC addrses of a device
ESSID- It is the name of a device.
AP- Access Point, example a router.
There are a few types of WiFi encryption:
- WEP (Wired Equivalency Privacy)
- WPA(Wi-Fi Protected Access)
- WPA2(Wi-Fi Protected Access 2)
- WPA2 with WPS(Wireless Protected Setup)
- WPA3(Wi-Fi Protected Access)
For this post we will only be focusing on WPA2 because that’s the one most commonly used.
WPA2 uses the Advanced Encryption Standard (AES) and Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), respectively.
Developed by the U.S. government to protect classified data, AES comprises three symmetric block ciphers. Each encrypts and decrypts data in blocks of 128 bits using 128-bit, 192-bit and 256-bit keys. Although the use of AES requires more computing power from APs and clients, ongoing improvements in computer and network hardware have mitigated performance concerns.
CCMP protects data confidentiality by allowing only authorized network users to receive data, and it uses cipher block chaining message authentication code to ensure message integrity.
WPA2 also introduced more seamless roaming, allowing clients to move from one AP to another on the same network without having to reauthenticate, using Pairwise Master Key caching or preauthentication.
WPA2 Password Hacking
Okay, so hacking WPA-2 PSK involves 2 main steps-
- Getting a handshake (it contains the hash of password, i.e. encrypted password)
- Cracking the hash.
What we need is:
- An attacker (you)
- A client
- An AP (Access point)
- A network adapter capable of packet injection. (i recommend ALFA AWUS036NH)
When the client and the AP communicate in order to authenticate the client, they have a 4 way handshake that we can capture. This handshake has the hash of the password. Now there’s no direct way of getting the password out of the hash, and thus hashing is a robust protection method. But there is one thing we can do. We can take all possible passwords that can exists, and convert them to hash. Then we’ll match the hash we created with the one that’s there in the handshake. Now if the hashes match, we know what plain text password gave rise to the hash, thus we know the password. If the process sounds really time consuming to you, then its because it is. WPA2 hacking (and hash cracking in general) is pretty resource intensive and time taking process. Now there are various different ways cracking of WPA2 can be done. But since WPA2 is a long shot, we shall first look at the process of capturing a handshake.
Now since i don’t want you to remain script kiddies forever, let me explain what the 4 way handshake actually is.
The Four-Way Handshake
The authentication process leaves two considerations: the access point (AP) still needs to authenticate itself to the client station (STA), and keys to encrypt the traffic need to be derived. The earlier EAP exchange or WPA2-PSK has provided the shared secret key PMK (Pairwise Master Key). This key is, however, designed to last the entire session and should be exposed as little as possible. Therefore the four-way handshake is used to establish another key called the PTK (Pairwise Transient Key). The PTK is generated by concatenating the following attributes: PMK, AP nonce (ANonce), STA nonce (SNonce), AP MAC address, and STA MAC address. The product is then put through PBKDF2-SHA1 as the cryptographic hash function.
The handshake also yields the GTK (Group Temporal Key), used to decrypt multicast and broadcast traffic.
The actual messages exchanged during the handshake are depicted in the figure and explained below:
Here is YouTube video for a better understanding.
The Aircrack-ng suite
Aircrack-ng is a complete suite of tools to assess WiFi network security.
It focuses on different areas of WiFi security:
- Monitoring: Packet capture and export of data to text files for further processing by third party tools
- Attacking: Replay attacks, deauthentication, fake access points and others via packet injection
- Testing: Checking WiFi cards and driver capabilities (capture and injection)
- Cracking: WEP and WPA PSK (WPA 1 and 2)
Here is a breakdown of tools that we would use:
- Airmon-ng (for initiating monitor mode)
- Airodump-ng (to capture the handshake)
- Aireplay-ng (to deauthenticate clients)
- Aircrack-ng (to brute force the password)
Step 1 Set your interface to monitor mode.
Monitor mode or RFMON (Radio Frequency Monitor) mode, enables a device with a wireless network interface controller to monitor all traffic received from the wireless network. Unlike promiscuous mode, which is also used for packet sniffing, RFMON mode enables packets to be captured without having to connect or link with an access point. RFMON mode only works with wireless networks, while promiscuous mode can be applied to both wired and wireless networks.
Now wlan0 is for me, for you it could be wlan1 or wlan2 anything else, depending on you card. So select the interface carefully.
As you can see station mode is disabled and monitor mode is now enabled.
Step 2 Find your target.
Find you targets BSSID by this command:
Yes i know there’s a lot of information over there, so lets break that down as well.
PWR: Signal strength
RXQ: Receive quality
Beacons: Number of announcement packets.
#Data: Number of captured packets
CH: Channel
ENC: Encryption Type
Cipher: Cipher type
Station: MAC address of the client.
Lost: Packets lost
Packets: Data packets sent by client
Anyways, as you can see in the picture above, our target is called Test Router.
Step 3 Capture the Handshake
You will see something like this
The below area is to display clients connected to that AP. Now we need to simultaneously de-authenticate at least one client. In this case will de-authenticate 7A:AC:AD:CC:44:05.
So open another terminal
The command is
The -a is for the APs MAC address, the -c is for the clients MAC and -0 is for deauth mode.
After a few seconds press CTRL-Z to stop sending deauth packets. As soon as the client connects back, we would capture the hashed handshake file.
You can see on the top right corner that we captured the handshake file.
Step 4 Brute Forcing the handshake file
I have put the actual password in the file dic.txt along with some other random passwords. So we run aircrack-ng with the dictionary as well as the handshake file (.cap)
Now depending on your dictionary this can take a second or even weeks. I cracked it in a second because the dictionary was small and it contained the password.
Now you may be thinking that this isn’t the most efficient way of getting someones password.
Well the purpose of this article was to explain the basic attack vector used to hack WiFi passwords and to introduce you to the Aircrack-ng. If you want someones password, just go ask them.
There is another way we could get an APs (with WPA2) password and that is by exploiting the WPS pin vulnerability, we could get the password in just a few hours guaranteed, apparently that only works on old routers. So when i get a hold of one i’ll cover that topic as well.
Every type of WiFi encryption has its set vulnerabilities, for example the WEP has an issue with the implementation of the RC4 encryption algorithm. So stay tuned as i cover them one by one.
HAPPY HACKING
Everyone Ask The Question: How To Hack WIFI Password? Is there software that can help, or a trick? Read on to find out.
Hey Guys, Today I am Sharing with You How To Hack WIFI Password. We Have Done This Lots of Time.
Note: Here is The Best Method To Hack WiFi Password. However, Hacking is The Crime. So, Use it For Only Education Purpose.
In Today’s World Everyone Need The Internet, And Without That is Something like Dead man.
How to hack a WiFi Password Using the PASS WIFI tool?
PASS WIFI is the best and easiest way to hack a WiFi password in less than 2 min. You can use this great application on your phone or your computer to decrypt any WEP, WPA, WPA3, WP2 passwords.
How does it work? It hacks the communication protocols through a global and refined analysis of the connections. It hacks and display on the screen the WiFi passwords of any network!
Once you have installed it, simply open PASS WIFI and it will hack any detected WiFi password. Click this link to download PASS WIFI: https://www.passwordrevelator.net/en/passwifi.php
First, We Install One Software To Capture The Wifi Packets. Using This Software We Capture The WiFi Packets.
WiFi Packets Mean Someone Request To Connect With WIFI. It will Go To Router using Packets. And Packets contain the Password.
So, When We Capture the Packets it will Contain the Password.
And then We will Find the Password With Wordlist and Packets.
So, Here is The Step By Step Process To Hack WiFi Password.
Step 1: Install Software Called CommView For WiFi
First of All You Need To Download The Zip File called “Hacking WiFi” That Are Given in The Resources Section or Click Here. After That Extract The Zip File. Than Go To The CommView Folder And Open The “setup Commview” File.
Click Next.
Accept The terms and Condition And Click Next.
Select The VolP Mode And Go Next.
Select the Option As You can see in Photo and Go Next
And Install the Software.
Now, We Successfull Install This Software. But, This is Paid Software. So, We Need To Crack it First. To Crack it Open The Crack-Commview Folder. But, Don’t open the CV File.
Now, You can See The Commview for WiFi on Desktop, Right Click on that and Select the Option “Open File Location”.
Now, Paste the CV file From The Crack-Comview To This Folder.
Hurry, You Successfully Install The Software.
Step 2: Capture The packets For Targeted WiFi
Once You Install the Software open it. It will Ask You to Install The Driver. Select the Option that Show in Picture.
After That Your Software Are Closed. Open it Again.
Also Read: How To Install Custom Rom in Android
This Software might Run in Windows 10. So, If You are Using Windows 10 Then it Has less chance to Run the Software.
Now You can See The Full Interface of CVW. Using This Software We Can Hack Wifi Password.
To Capture Wifi packets which You want To Hack, You need To Click Start Button on the Top Left Corrner.
After Start The Capturing, The Wifi List Apper With The Channal Number.
Here You Need To Select Your WiFi You Want To Hack WiFi. And Remember There Channel Number.
After That in Right Sidebar You need to select “Single Channel Mode” and select The WiFi Channel Number You want To hack.
I am Hacking TechnoUtter WiFi. So, I Select The 11 Channel.
Now Go to The Packets Section.
You will See the Packets Are Captured.
Now, Go To Logging.
Select The Auto-saving Option and Enter The Path When You Want To Save The Packets.
Now Your Packets are Automatically Save.
Wait To at least One Hour To Capture The Packet That Contain WiFI Password.
You Want To Know To How The Packet are Capture The Password For Crack WiFI Password.
How The Packets Capturing The Password
The Packets is Contain Some Things Like IP Address, Password in Encryption Format, etc.
So, When Someone Want To Connect To The WIFI, It will Send The Packet File To the WIFI Router. And That Contain The Password.
So We Need The Packets To Crack The Password.
But, The Password is in Encrypted Format. So, We Also Need To Decrypt it Using Aircrack-ng.
Step 3: Convert The Packets to Capture File
Select File And Open Log Viewer.
Select The File and Select “Load CommView Logs”.
Go Where Your Packets are Saved And Import it.
Now, All The Packets Are Imported.
Now Goto File > Export Log and Select The “Wireshark/Tcpdump Format”.
Make sure You select “.CAP” And Save It on The Desktop File.
Hack Wifi Aircrack Mac Os
Now You Successfully Convert The Packets to the Capture File.
Using This Capture File You Hack WiFi Password.
Step 4: Hack WiFi Password
Now, It’s Time To Hack WIFI Password.
Go To Hacking WiFI Folder And Go To Aircrack-ng Folder.
Now GoTo “Bin” Folder.
Now, Go To The Folder Which Version of Your Computer.
Open That Folder.
Now Open “”Aircrack-ng GUI” File
Now, Select The WPA Option To Crack WPA2 PSK.
Select The Capture File in Filename Option.
And select The Wordlist in the Wordlist Option.
Click Launch, To Crack Wifi Password.
What is Wordlist?
A word list is just what it says it is. It is a list of words. Words that may or may not match someone’s password. Some of them contain commonly used passwords that have long been known to be the most commonly used passwords, and some of them are lists of passwords from leaks of hacked databases. You would use a wordlist to attempt to crack a password using a dictionary attack.
Torrent sites typically have large wordlists you can download, but if you do some google searching you will find a lot of websites with various wordlists.
Wordlists are only so successful though. I’ve had some pretty weak passwords that I have never seen in any wordlist I have ever downloaded.
You can Download The Wordlist On Here.
Now Back to Our Tutorial, when You Click Launch, It’s Open the CMD and List out The WiFi’s name You want To Hack.
Select The Wifi To Hack it. I am Hacking TechnoUtter Wifi So, I Select 1.
After that It will Match The Capture File with The Wordlist.
If The Password is in the Wordlist Then It will Match And Password is Display.
Hurry, You Can See We hack The TechnoUtter WiFI. Password is The “tech@123utter”.
I will Connect The Wifi You can See.
Hack Wifi Using Aircrack-ng Mac
Conclusion
Here is The Best Method To Hack WiFi Password. But, Hacking is The Crime. So, Use it For Only Education Purpose.
And If You Like This Article Then Share it On Social Media and Comment if You have Any Problems.
Thanks