So you’re interested in Hacking and Cracking? Or just want some free WiFi! Either way you have found the right place to begin.
Today we are going to walk through the steps needed to crack WiFi access points using a combination of wifite and Aircrack-ng. In this guide we will go through how to capture and crack the handshakes to reveal the WiFi Password.
- Launch Wifi Key. First thing is to download, install and start the PassFab Wifi Key software, this can be done in any computer that contains windows operating system or you can also do it in your surface tablet. Once you have opened this software, you can see the Wi-Fi password of each network.
- Type iwconfig on the terminal and press Enter to know the Wifi Adapter Name.
Major password-cracking tool, Hashcat, found a simpler way to hack your WPA/WPA2 enabled Wi-Fi networks. Here's what businesses need to know. 5 tips for keeping your data safe while traveling. Cowpatty now supports using a pre-computed hash file rather than a plain-text word file, making the cracking of the WPA2-PSK password 1000x faster! Pre-computed hash files are available from the Church of WiFi Link , and these pre-computed hash files are generated using 172,000 dictionary file and the 1,000 most popular SSIDs. Tags aircrack-ng for ubuntu download reaver for ubuntu hack wifi hack wifi dengan ubuntu hack wifi password hack wifi password android hack wifi password app hack wifi password pc hack wifi password real hack wifi password ubuntu hack wifi password using cmd hack wifi ubuntu hack wifi ubuntu 14.04 hack wifi using ubuntu hack wifi with ubuntu.
Firstly, you will need a Kali machine! For the purpose of this guide I am using a vanilla install of Kali and am running all of my sessions and commands as a Root user, if you are using a standard account then ‘Sudo’ will be required before most, if not all commands being executed.
The installation of Kali is on a Laptop with a compatible WiFi adapter which allows for monitor mode, this is necessary to capture packets ‘in the air’.
Boot up Kali and either navigate to ‘wifte‘ in the applications tab or open up a terminal and type in ‘wifite‘.
Immediately you will see a list of WiFi SSID’s begin to populate in the terminal window. The key thing to look out for is the amount of connected clients (as we are trying to capture a handshake between the client and the AP).
After choosing the Access Point in wifite in this case ‘EternalWIFI’, it will attempt to deauth the clients connected (disconnect the Clients). Those clients will then try to re-establish a connection and in doing so, wifite will capture the initial handshake packets which contain the password hashes. The more clients that are connected to the AP the better the chance and more quicker wifite will capture the handshake packets.
When a Handshake packet is captured, Wifite will try a default/simple password list. Its not bad and has worked for me a few times on individuals that tether there phones and change their passwords to something very simple, you can of course edit this list to include more passwords.
As you can see from the above, wifite has managed to crack the simple password which is ‘password’.
This however, will not always work and so we will need to crack the hash against a password list. We are going to do this by using aircrack-ng and feeding a password list against the capture handshake hash.
So, we are going to need passwords, a list of passwords to run against the hash.
If you need some password files I have zipped a few up HERE, I have found these on the Internet and take no credit for them!
How To Hack Wpa2 Psk Wifi Password In Windows 10 Using Cmd
However, the best way to get wordlists is by creating them yourself on Crunch. If you suspect that someone has changed their password to something ‘personal’ then it might be worth running CUPP (Common User Password Profiler) for a list.
Kali also comes with a default list (rockyou.txt) located in: /usr/share/wordlists
When hashing against a list, the more you know about the network, router and users can help a lot. First things first would be to look at the SSID (most SSID’s have the brand of router included within the name) and this allows you to understand how many characters the default WiFi code is and the combination of letters, numbers, caps. An example of this is:
Default Iphone Hotspots/Tether will use 13 Lowercase only with Numbers (No Symbols or Caps). This information will allow us to filter our wordlists and create new wordlist around this.
Once you have downloaded or created a password list, it’s time to run this against the captured hash using aircrack-ng. The Syntax for aircrack-ng is:
aircrack-ng capturedpackets.cap -w wordlist.txt
When we execute this, aircrack-ng will begin hashing the passwords from the list against the handshake password hash.
If the password is in the list then it will eventually strike a match.
As you can see, the WiFi password is ‘pleaseletmein’. While a simple password, this one wasn’t in the common password file in wifite and required the use of our own wordlist in order to crack.
Make sure you exit monitor mode on your WiFi adapter so you can test if the passphrase works.
So there we have it, the WiFi password. Please note that the cracking speed will be based upon your machines performance and it goes without saying that if the passphrase isn’t in your wordlist then you wont find the password. So make sure you build out specific wordlists dependent on the WiFi AP you want to crack. There are many other tools that you can use for the capture of the handshake and the cracking of the handshake. I prefer wifite as its easy to use and great for beginners and aircrack-ng has easy to remember syntax for piping a handshake to a wordlist.
Please use this knowledge responsibly and make sure you have consent to execute attacks such as this against someones Access Point. I take no responsibility for misuse of this information.
Please feel free to put any questions or comments in the section below.
Written and Executed by Gennaro Migliaccio
Proofed, Edited and otherwise scrutinized by Summer-Jade Greenaway
If you want to know how to hack WiFi access point – just read this step by step aircrack-ng tutorial, run the verified commands and hack WiFi password easily.
With the help a these commands you will be able to hack WiFi AP (access points) that use WPA/WPA2-PSK (pre-shared key) encryption.
The basis of this method of hacking WiFi lies in capturing of the WPA/WPA2 authentication handshake and then cracking the PSK using aircrack-ng.
How to hack WiFi – the action plan:
- Download and install the latest
aircrack-ng - Start the wireless interface in monitor mode using the
airmon-ng - Start the
airodump-ngon AP channel with filter for BSSID to collect authentication handshake - [Optional] Use the
aireplay-ngto deauthenticate the wireless client - Run the
aircrack-ngto hack the WiFi password by cracking the authentication handshake
1. Aircrack-ng: Download and Install
The Latest Version Only: If you really want to hack WiFi – do not install the old aircrack-ng from your OS repositories. Download and compile the latest version manually.
Install the required dependencies:
Download and install the latest aircrack-ng (current version):
Ensure that you have installed the latest version of aircrack-ng:
2. Airmon-ng: Monitor Mode
Now it is required to start the wireless interface in monitor mode.Monitor mode allows a computer with a wireless network interface to monitor all traffic received from the wireless network.
What is especially important for us – monitor mode allows packets to be captured without having to associate with an access point.
Find and stop all the processes that use the wireless interface and may cause troubles:
Start the wireless interface in monitor mode:
In the example above the airmon-ng has created a new wireless interface called mon0 and enabled on it monitor mode.
So the correct interface name to use in the next parts of this tutorial is the mon0.
3. Airodump-ng: Authentication Handshake
Cool Tip: Want to have some “fun”? Create a Linux fork bomb! One small string that is able to hang the whole system! Read more →
Now, when our wireless adapter is in monitor mode, we have a capability to see all the wireless traffic that passes by in the air.
This can be done with the airodump-ng command:
All of the visible APs are listed in the upper part of the screen and the clients are listed in the lower part of the screen:
Start the airodump-ng on AP channel with the filter for BSSID to collect the authentication handshake for the access point we are interested in:
| Option | Description |
|---|---|
-c | The channel for the wireless network |
--bssid | The MAC address of the access point |
-w | The file name prefix for the file which will contain authentication handshake |
mon0 | The wireless interface |
--ignore-negative-one | Fixes the ‘fixed channel : -1’ error message |
airodump-ng captures a handshake.If you want to speed up this process – go to the step #4 and try to force wireless client reauthentication.
After some time you should see the WPA handshake: 00:11:22:33:44:55 in the top right-hand corner of the screen.
This means that the airodump-ng has successfully captured the handshake:
4. Aireplay-ng: Deauthenticate Client
Cool Tip: Want to stay anonymous? Learn how to use PROXY on the Linux command line. Read more →
If you can’t wait till airodump-ng captures a handshake, you can send a message to the wireless client saying that it is no longer associated with the AP.
The wireless client will then hopefully reauthenticate with the AP and we’ll capture the authentication handshake.
Send deauth to broadcast:
Send directed deauth (attack is more effective when it is targeted):
| Option | Description |
|---|---|
--deauth 100 | The number of de-authenticate frames you want to send (0 for unlimited) |
-a | The MAC address of the access point |
-c | The MAC address of the client |
mon0 | The wireless interface |
--ignore-negative-one | Fixes the ‘fixed channel : -1’ error message |
Cool Tip: Need to hack WiFi password? Don’t wast your time! Use “John the Ripper” – the fastest password cracker! Read more →
How To Find Wpa2 Password
5. Aircrack-ng: Hack WiFi Password
Unfortunately there is no way except brute force to break WPA/WPA2-PSK encryption.How To Crack Wifi Wpa2 Password Using Windows 10 Tutorial
To hack WiFi password, you need a password dictionary.
And remember that this type of attack is only as good as your password dictionary.
You can download some dictionaries from here.
Crack the WPA/WPA2-PSK with the following command:
Wpa2 Password Mac
| Option | Description |
|---|---|
-w | The name of the dictionary file |
-b | The MAC address of the access point |
WPAcrack.cap | The name of the file that contains the authentication handshake |
How To Retrieve Wifi Password Windows 10
Cool Tip: Password cracking often takes time. Combine aircrack-ng with “John The Ripper” to pause/resume cracking whenever you want without loosing the progress! Read more →