dreamer 33333
Product Launch Expert
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
300 XP
Hope u'll appreciate this basic tutorial, leave a like if enjoyed [channel] –bssid [bssid] –write [file-name][interface]Ex: >airodump-ng –channel 6 –bssid 11:22:33:44:55:66 –write out wlan0mon
2.Wait for a client to connect to the access point, or deauthenticate a
connected client (if any) so that their system will connect back automatically.
The syntax is something like this:
>aireplay-ng –deauth [number of deauth packets] –a [AP] –c [target] [interfac]Ex: >aireplay-ng –deauth 1000 –a 11:22:33:44:55:66 –c
00:AA:11:22:33 mon0
>aireplay-ng –deauth [number of deauth packets] –a [AP] –c [target] [interfac] Ex: >aireplay-ng –deauth 1000 –a 11:22:33:44:55:66 –c 00:AA:11:22:33 mon0 If the handshake catched, kali will inform you by top right corner of airodump-ng will say “WPA handshakeâ€. Follow these steps and when you will catch handshake your screen should like this:
It shows you what was the permanent (built-in in network card) MAC address and its corporation in brackets, and down it shows that there is a new MAC address which does not have corporation. So, now we already changed the mac address and we need to hack into anyones network. But you are not ready for that now, because you do not know what is monitor mode and how to use it. In the next chapter you will learn what monitor mode is and how to use it with Kali.
Wireless modes (Types of)
When you want to hack wifi, you need to capture “handshakeâ€. The handshake is the connection of personal computer and wireless network, it is when network packet and personal computer packets meet each other. With handshake you do not need to be in wifi range anymore, you can hack password with handshake and wifi name (you will learn this later). Now you need to capture all the packets that are sent through the wifi router and all personal computers in network. There is a question like “if the MAC address is used to ensure that each packet gets delivered to the right place then how we capture it?â€, and the answer is that “Yes and no, it is used to send packets to the right destination, and we as hackers can only receive packets that are sent to our MAC address , but this only applies to the default mode of your wireless card, which is ‘managed’ mode, however there is mode that allows us to capture all the packets in our wi-fi range, not only the ones sent to our device, hence the name monitor mode.â€. So, now you know basics and ready to actually catch handshake. First of all, change MAC address, enter monitor mode by typing in these commands on the photo:
When you catch handshake you are ready to actually crack password.
Cracking anyone wireless network WiFi
Now that have handshake and you need to download largest wordlist in the world to have change to hack password. You can download this wordlist from the following website:
Second link:
When you download one of them you are ready to hack network. We are going to use aircrack-ng to crack the key. It does this by combining each password in the wordlist with access point name (essid) to compute a Pairwise Master Key (PMK) using pbkdf2 algorithm, the PMK is the compared to the handshake file. The syntax looks like this:
>aircrack-ng [handshake filename] –w [wordlist] [interface]Ex: >aircrack-ng is-01.cap –w list wlan0mon
Run this syntax and wait before aircrack-ng cracks it. When the password will be hacked the screen should look like this:
Congratulations!!! You already had hacked WPA secured wireless network! It is time to have secure our own wireless network because as you know it is very simple and easy to hack, and if someone will do, he can then capture packets that are sent over the network and analyses them. There will be your mail password, your social network password, card pin and so on. It is very dengerous to do not have secure wireless network. Paragraph you will discover how to secure your network and be almost unhackable.
Rescuing Your Network From Attacks
Now that we know how to test the security of all known wireless encryptions (WEP/WPA/WPA2), it is relatively easy to save our networks against these attacks as we know all the weaknesses that can be used by hackers to crack these encryptions. So lets have a look on each of these encryptions one by one:
WEP: WEP is an old encryption, and its really weak, as we seen in the course there are a number of methods that can be used to crack this encryption regardless of the strength of the password and even if there is nobody connected to the network. These attacks are possible because of the way WEP works, we discussed the weakness of WEP and how it can be used to crack it, some of these methods even allow you to crack the key in a few minutes. 2. WPA/WPA2: WPA and WPA2 are very similar, the only difference between them is the algorithm used to encrypt the information but both encryptions work in the same way. WPA/WPA2 can be cracked in two ways
If WPS feature is enabled then there is a high chance of obtaining the key regardless of its complexity, this can be done by exploiting a
weakness in the WPS feature. WPS is used to allow users to connect to their wireless network without entering the key, this is done by pressing a WPS button on both the router and the device that they want to connect, the
authentication works using an eight digit pin, hackers can brute force this pin in relatively short time (in an average of 10 hours), once they get the right pin they can use a tool called reaver to reverse engineer the pin and get the key, this is all possible due to the fact that the WPS feature uses an easy pin (only 8 characters and only contains digits), so its not a weakness in WPA/WPA2, its a weakness in a feature that can be enabled on routers that use WPA/WPA2 which can be exploited to get the actual WPA/WPA2 key.
If WPS is not enabled, then the only way to crack WPA/WPA2 is using a dictionary attack, in this attack a list of passwords (dictionary) is compared against a file (handshake file) to check if any of the passwords is the actual key for the network, so if the password does not exist in the wordlist then the attacker will not be able to discover your password.
Disclaimer:
This tutorial is only for educational purposes, I don't advise you it to do this thing.
2.Wait for a client to connect to the access point, or deauthenticate a
connected client (if any) so that their system will connect back automatically.
The syntax is something like this:
>aireplay-ng –deauth [number of deauth packets] –a [AP] –c [target] [interfac]Ex: >aireplay-ng –deauth 1000 –a 11:22:33:44:55:66 –c
00:AA:11:22:33 mon0
>aireplay-ng –deauth [number of deauth packets] –a [AP] –c [target] [interfac] Ex: >aireplay-ng –deauth 1000 –a 11:22:33:44:55:66 –c 00:AA:11:22:33 mon0 If the handshake catched, kali will inform you by top right corner of airodump-ng will say “WPA handshakeâ€. Follow these steps and when you will catch handshake your screen should like this:
Loading…
imgbb.com
Wireless modes (Types of)
When you want to hack wifi, you need to capture “handshakeâ€. The handshake is the connection of personal computer and wireless network, it is when network packet and personal computer packets meet each other. With handshake you do not need to be in wifi range anymore, you can hack password with handshake and wifi name (you will learn this later). Now you need to capture all the packets that are sent through the wifi router and all personal computers in network. There is a question like “if the MAC address is used to ensure that each packet gets delivered to the right place then how we capture it?â€, and the answer is that “Yes and no, it is used to send packets to the right destination, and we as hackers can only receive packets that are sent to our MAC address , but this only applies to the default mode of your wireless card, which is ‘managed’ mode, however there is mode that allows us to capture all the packets in our wi-fi range, not only the ones sent to our device, hence the name monitor mode.â€. So, now you know basics and ready to actually catch handshake. First of all, change MAC address, enter monitor mode by typing in these commands on the photo:
Loading…
imgbb.com
Cracking anyone wireless network WiFi
Now that have handshake and you need to download largest wordlist in the world to have change to hack password. You can download this wordlist from the following website:
Loading…
www.hackreports.com
Loading…
crackstation.net
>aircrack-ng [handshake filename] –w [wordlist] [interface]Ex: >aircrack-ng is-01.cap –w list wlan0mon
Run this syntax and wait before aircrack-ng cracks it. When the password will be hacked the screen should look like this:
Loading…
imgbb.com
Rescuing Your Network From Attacks
Now that we know how to test the security of all known wireless encryptions (WEP/WPA/WPA2), it is relatively easy to save our networks against these attacks as we know all the weaknesses that can be used by hackers to crack these encryptions. So lets have a look on each of these encryptions one by one:
WEP: WEP is an old encryption, and its really weak, as we seen in the course there are a number of methods that can be used to crack this encryption regardless of the strength of the password and even if there is nobody connected to the network. These attacks are possible because of the way WEP works, we discussed the weakness of WEP and how it can be used to crack it, some of these methods even allow you to crack the key in a few minutes. 2. WPA/WPA2: WPA and WPA2 are very similar, the only difference between them is the algorithm used to encrypt the information but both encryptions work in the same way. WPA/WPA2 can be cracked in two ways
If WPS feature is enabled then there is a high chance of obtaining the key regardless of its complexity, this can be done by exploiting a
weakness in the WPS feature. WPS is used to allow users to connect to their wireless network without entering the key, this is done by pressing a WPS button on both the router and the device that they want to connect, the
authentication works using an eight digit pin, hackers can brute force this pin in relatively short time (in an average of 10 hours), once they get the right pin they can use a tool called reaver to reverse engineer the pin and get the key, this is all possible due to the fact that the WPS feature uses an easy pin (only 8 characters and only contains digits), so its not a weakness in WPA/WPA2, its a weakness in a feature that can be enabled on routers that use WPA/WPA2 which can be exploited to get the actual WPA/WPA2 key.
If WPS is not enabled, then the only way to crack WPA/WPA2 is using a dictionary attack, in this attack a list of passwords (dictionary) is compared against a file (handshake file) to check if any of the passwords is the actual key for the network, so if the password does not exist in the wordlist then the attacker will not be able to discover your password.
Disclaimer:
This tutorial is only for educational purposes, I don't advise you it to do this thing.