Wi fi Hacking(Piggyback) is criminal offence
It’s punishable under section 66 of the IT Act. Though you want try it, Here is solution
There are 3 types of Wi-Fi security methods that you would find deployed commonly:
1. WEP
2. WPA
3. WPA2
Requirements
1. Kali Linux OS (includes aircrack-ng suite and wifite tool)
2. External Wi-Fi Adapter or Inbuilt Wi-Fi Device
HARDWARE
- You need to have an external Wi-Fi adapter that is required to hack a Wi-Fi network. If you want to crack a password that has less security, then you can use plug-n-play wireless USB adapter TP-LINK TL-WN722N
- If you need a better range with good quality wireless adapter, then it is recommended to use Alfa AWUSO36NH along with a better antenna.
- If you wish to hack Wi-Fi network for Ultimate range Wi-Fi antenna then, you can use TP-LINK TL-ANT2424B 2.4GHz 24dBi .
METHOD 1: HACK Wi-Fi Network using Wifite
Wifite is a Linux-based platform tool that is available on variant Operating Systems like Kali, Backtrack 5, BlackBuntu, BackBox and Pentoo. Wifite is basically used to attack multiple encrypted networks (WEP, WPA/2 and WPS) in a row that is customized to be automated with only a few arguments. Wifite is a wireless auditing tool that aims to be the “set it and forget it” method of hacking.
How to View Available Access Points?
- As you are using Linux Operating System, Initially go to Application.
- Now go to Kali Linux > Wireless Attacks > 802.11 wireless tools > Wifite.
- If you are unable to view Wifite then simply type ‘wifite’ in Terminal.
- Here, you can see List of Available Wi-Fi Access Points. (you must be root). Wait for few seconds in order to notice nearby Wi-Fi points like WEP, WPA/WPA2.
Steps to Hack WEP Encryption based Wi-Fi Network
- Choose the appropriate target NUM (1,2,3,..,n) in order to crack it.
- Hacking a WEP key that ensures 100% possibilities of cracking the WEP WiFi password that currently uses 5 attacks.
- Make sure that the attack is completed within 10 minutes.
- You need not worry if one WEP WiFi attack fails, the other will come into action automatically for succeeding 10 minutes.
- You can choose any attack. For instance, choose NUM 2 attack.
- Within few minutes the WEP Wi-Fi network gets hacked.
- You will WEP key that . It is a Hexadecimal representation of WEP WiFi’s password.
- That WEP Key can be used as the Wi-Fi password.
- Later, you can also convert the Wi-Fi password into actual password that is in the form of human readable mode using online Hex-to-ASCII converter.
Steps to Hack WPA Encryption based Wi-Fi Network
Hacking a Wi-Fi network that uses WPA security encryption is little bit tough when compared to WEP as this is highly protected encryption method. In order to hack this type of Wi-Fi network you need to use Handshake capture.
Handshake Capture:
Handshake is a file that can be captured when Router (Wi-Fi Access Point) and client(s) (Laptop, Mobile or other Wi-Fi enabled devices) communicate to authenticate each other. You may have a doubt that, “What is the purpose of this Handshake file?” The main target is to hack Wi-Fi network i.e., password. This Handshake file comprises of Wi-Fi password but in encrypted form.
Brute-Forcing:
As the password is in encrypted form, let us try some other password combination on the encrypted password to acquire the original password. This process is known as Brute Forcing that is done offline. By using Brute-Forcing, the password present in the handshake file can be captured easily within few minutes.
Dictionary File:
Dictionary is a file that contains all known words from various sources usually phrased as Wi-Fi password.
- As soon as you start WPA handshake capture, it displays a message as “Client Found”.
- It generates a command using handshake capture (that contains password) as (TEST_C0-A0-BB-04-5C-A9.cap).
- The above command cracks the password file that must be saved at /root/DICTIONARY/.
- Till now, you have used two WPA attacks that are completed successfully.
METHOD 2: HACK Wi-Fi Network using WIFIPHISHER
Wifiphisher is a security tool that mounts the fast automated phishing attacks which are against WPA networks so as order to acquire all the secret passphrase of the particular Wi-Fi network. Unlike other methods of hacking, Wifiphisher is a type of social engineering attack that does not include brute forcing. It is very easy way to obtain WPA credentials of the users whom you wish to hack.
How it Works?
Wifiphisher is a tool that is used to hack a Wi-FI network and this attack makes use of three phases:
PHASE 1:
- Victim is being deauthenticated from their access point.
- Wifiphisher tries to jam all the target access point’s wifi devices continuously that are available within range by sending deauth packets to the client from the access point.
- It discovers all the networks that are available in the access point range.
- This tool alters the access point of all the devices through the main server and broadcasts the address along with the deauth packets.
- It starts generating fake access points by copying an access point from a set of access points.
PHASE 2:
- This is the second phase where the Victim joins a rogue access point.
- It asks for password authentication and in the backdrop, the tool tries to copy all the credentials of the possible Wi-Fi networks.
- Wifiphisher sniffs the area and copies the target access point’s settings.
- Now, this tool creates a rogue wireless access point that is modeled on the target by setting a NAT/DHCP server and forwards the right ports.
- Consequently, because of the jamming, clients will start connecting to the rogue access point. After this phase, the victim is Mitimed.
PHASE 3:
- Victim is being served a realistic router config-looking page where the Wifiphisher tool employs a minimal web server that responds to HTTP & HTTPS requests.
- As soon as the victim requests a page from the Internet, wifiphisher responds with a realistic fake page that asks for WPA password confirmation due to a router firmware upgrade.
- Till now you have seen two techniques to hack Wi-Fi WEP, WPA/WPA2 Security using Wifite and WIFIPHISHER. By using these two server attacks, you can easily crack the Wi-Fi network.
Start Kali Linux and login, preferably as root.
Step Two:
Plugin your injection-capable wireless adapter, (Unless your computer card supports it). If you’re using Kali in VMware, then you might have to connect the card via the icon in the device menu.
Step Three:
Disconnect from all wireless networks, open a Terminal, and type airmon-ng
This will list all of the wireless cards that support monitor (not injection) mode. If no cards are listed, try disconnecting and reconnecting the card and check that it supports monitor mode. You can check if the card supports monitor mode by typing ifconfig in another terminal, if the card is listed in ifconfig, but doesn’t show up in airmon-ng, then the card doesn’t support it.
You can see here that my card supports monitor mode and that it’s listed as wlan0.
Step Four:
Type airmon-ng start followed by the interface of your wireless card. mine is wlan0, so my command would be: airmon-ng start wlan0
The “(monitor mode enabled)” message means that the card has successfully been put into monitor mode. Note the name of the new monitor interface, mon0.
EDIT:A bug recently discovered in Kali Linux makes airmon-ng set the channel as a fixed “-1” when you first enable mon0. If you receive this error, or simply do not want to take the chance, follow these steps after enabling mon0:
Type: ifconfig [interface of wireless card] down and hit Enter.
Replace [interface of wireless card] with the name of the interface that you enabled mon0 on; probably called wlan0. This disables the wireless card from connecting to the internet, allowing it to focus on monitor mode instead.
After you have disabled mon0 (completed the wireless section of the tutorial), you’ll need to enable wlan0 (or name of wireless interface), by typing: ifconfig [interface of wireless card] up and pressing Enter.
Step Five: Type airodump-ng followed by the name of the new monitor interface, which is probably mon0.
If you receive a “fixed channel –1” error, see the Edit above.
Step Six:
Airodump will now list all of the wireless networks in your area, and lots of useful information about them. Locate your network or the network that you have permission to penetration test. Once you’ve spotted your network on the ever-populating list, hit Ctrl + C on your keyboard to stop the process. Note the channel of your target network.
Step Seven:
Copy the BSSID of the target network
Now type this command:
airodump-ng -c [channel] --bssid [bssid] -w /root/Desktop/ [monitor interface]Replace [channel] with the channel of your target network. Paste the network BSSID where [bssid] is, and replace [monitor interface] with the name of your monitor-enabled interface, (mon0).
A complete command should look like this:
airodump-ng -c 10 --bssid 00:14:BF:E0:E8:D5 -w /root/Desktop/ mon0
Now press enter.
Step Eight:
Airodump with now monitor only the target network, allowing us to capture more specific information about it. What we’re really doing now is waiting for a device to connect or reconnect to the network, forcing the router to send out the four-way handshake that we need to capture in order to crack the password.
Also, four files should show up on your desktop, this is where the handshake will be saved when captured, so don’t delete them!
But we’re not really going to wait for a device to connect, no, that’s not what impatient hackers do. We’re actually going to use another cool-tool that belongs to the aircrack suite called aireplay-ng, to speed up the process. Instead of waiting for a device to connect, hackers use this tool to force a device to reconnect by sending deauthentication (deauth) packets to the device, making it think that it has to reconnect with the router.
Of course, in order for this tool to work, there has to be someone else connected to the network first, so watch the airodump-ng and wait for a client to show up. It might take a long time, or it might only take a second before the first one shows. If none show up after a lengthy wait, then the network might be empty right now, or you’re to far away from the network.
You can see in this picture, that a client has appeared on our network, allowing us to start the next step.
Step Nine:
leave airodump-ng running and open a second terminal. In this terminal, type this command:
aireplay-ng –0 2 –a [router bssid] –c [client bssid] mon0The –0 is a short cut for the deauth mode and the 2 is the number of deauth packets to send.
-a indicates the access point (router)’s bssid, replace [router bssid] with the BSSID of the target network, which in my case, is 00:14:BF:E0:E8:D5.
-c indicates the clients BSSID, noted in the previous picture. Replace the [client bssid] with the BSSID of the connected client, this will be listed under “STATION.”
And of course, mon0 merely means the monitor interface, change it if yours is different.
My complete command looks like this:
aireplay-ng –0 2 –a 00:14:BF:E0:E8:D5 –c 4C:EB:42:59:DE:31 mon0
Step Ten:
Upon hitting Enter, you’ll see aireplay-ng send the packets, and within moments, you should see this message appear on the airodump-ng screen!
This means that the handshake has been captured, the password is in the hacker’s hands, in some form or another. You can close the aireplay-ng terminal and hit Ctrl + C on the airodump-ng terminal to stop monitoring the network, but don’t close it yet just incase you need some of the information later.
Step 11:
This concludes the external part of this tutorial. From now on, the process is entirely between your computer, and those four files on your Desktop. Actually, the .cap one, that is important. Open a new Terminal, and type in this command:
aircrack-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap
-a is the method aircrack will use to crack the handshake, 2=WPA method.
-b stands for bssid, replace [router bssid] with the BSSID of the target router, mine is 00:14:BF:E0:E8:D5.
-w stands for wordlist, replace [path to wordlist] with the path to a wordlist that you have downloaded. I have a wordlist called “wpa.txt” in the root folder.
/root/Desktop/*.cap is the path to the .cap file containing the password, the * means wild card in Linux, and since I’m assuming that there are no other .cap files on your Desktop, this should work fine the way it is.
My complete command looks like this:
aircrack-ng –a2 –b 00:14:BF:E0:E8:D5 –w /root/wpa.txt /root/Desktop/*.cap
Now press Enter.
Step 12:
Aircrack-ng will now launch into the process of cracking the password. However, it will only crack it if the password happens to be in the wordlist that you’ve selected. Sometimes, it’s not. If this is the case, then you can congratulate the owner on being “Impenetrable,” of course, only after you’ve tried every wordlist that a hacker might use or make!
Cracking the password might take a long time depending on the size of the wordlist. Mine went very quickly.
If the phrase is in the wordlist, then aircrack-ng will show it too you like this:
The passphrase to our test-network was “notsecure,” and you can see here that aircrack found it.
If you find the password without a decent struggle, then change your password, if it’s your network. If you’re penetration testing for someone, then tell them to change their password as soon as possible.
No comments:
Post a Comment