Wireless networks are everywhere. Whether you’re at a local coffee shop, a school or at home, it’s likely there are multiple wireless networks you can gain access to. But how do you know which ones are easily attackable? Looking at the network security settings can be a good indicator of which ones you can trust.
So in this tutorial, we are going to discuss how to hack WI-FI password using KALI LINUX.
WI-FI stands for wireless fidelity. When people install WiFi, they have a few router security options. If they left the router unsecured, we could access it, use it for our needs in our name, track his internet use or even install malware in devices which are connected to that network. This tutorial is fully-intended for educational purpose and don't use any of these technics for illegal activities.
So let's start,
First we must setup an environment for having an attack on the WI-FI password.For that we must install some on the linux packages.They are:
1. Aircrack-ng
2. Crunch
Both of these packages can be installed using our terminal
First we can install aircrack-ng
But before that we must update our Kali Linux.
So the command we are using for it is:
sudo apt-get update sudo apt-get upgrade
Then we can install aircrack-ng:
sudo apt-get install aircrack-ng
After that we must install the package named crunch:
sudo apt-get install crunch
So our working environment is ready!!!.Now we can start our job.
Attacking WI-FI for cracking password can be divided into 4 operations :
1.Switching of Kali Linux into monitor mode.
2.Capturing a Handshake package of the required WI-FI.
3.Creating a word-list containing all possible passwords for unlocking that WI-FI.
4.Comparing the word-list generated with the handshake package for finding the password of the WI-FI.
First we need to switch our PC into monitor mode.Monitor mode allows a computer with a wireless network interface controller (WNIC) to monitor all traffic received on a wireless channel.For swaping your PC mode into monitor mode, Get started it from here Monitor Mode is mandatory for all later processes.
Then we need to know what number of networks are available in our area and must decide which WI-FI is needed for our purpose. For that the command we are using is :
sudo airodump-ng wlan0mon
An important thing is that if you encounter any error at this step please switch "wlan0mon" with "wlan0" in all the codes.
It will list all networks that surround your area.
Then we must copy the BSSID of the network which we need to crack.The bssid is seen at the leftmost side of the panel like 8C:10:D4:E3:0C:56.The copied BSSID can be used later in this coding. After copying keep the terminal minimised { Do not close it }.
Next then open a new terminal,
Now,
we are going to capture the handshake package of the WI-FI. The handshake package is a file which contains th password of the WI-FI in a decrypted form.For that firstly, we are going to check what and all clients are connected to this network.We can capture the handshake package when a client connects to the network.We can't wait until a client connects to the network. So we must disconnect an existing client from that network and when the client tries to reconnect, we can capture the handshake file.The next command that we are using is for checking the details about the number of clients connected to this network and for writing the captured handshake package to a file.The command is
sudo airodump-ng -bssid 8C:10:D4:E3:0C:56 --channel 6 --write wpa-handshake1 wlan0mon
In the above code you must replace my BSSID with your's one.And also try to replace the channel number with your one.The BSSID and channel number can be founded out on the recent terminal. [ First terminal that we kept minimised]. So when it gets started it resembles like this:
Keep this terminal also minimised. { Do not close it }
Next we need to disconnect a client from that network and when it try to reconnect we can easily capture our required handshake package.
The code for disconnecting a client from that network is
sudo aireplay-ng --deauth 10 -a 8C:10:D4:E3:0C:56 -c 24:a4:3c:ae:df:83 wlan0mon
The important things in this code is to replace the first bssid with the network bssid and the second bssid with the client bssid.Both of them are available at our second terminal.
Eg:
So after this deauth process, the handshake file must be captured by the second terminal
If your deauth process was successful then the second terminal look like this:
{ If you have encountered any error, then it must be probably due to three reasons:
1.You have not enabled monitor mode [Check it with the code "sudo iwconfig"]
2.your second terminal may closed working.
3.You may have accidentally misplaced your network bssid. }
We have now captured our handshake file. Now we must create a word-list file that can contain all the possible passwords as per our wish. Kali linux provide some default list of possible passwords.But here we are going to create a word-list of our own.
Before starting we must decide the miminum length of the password, maximum length of the password , the letters to be included in our password list etc..
So let's create that word-list.For that the command we are using is :
sudo crunch 8 8 ABC345679 -o test.txt -t A@@@@@@@
The meaning of this command is that the first "8" specifies the minimum length of the password , the second "8" specifies the maximum length of the password , and all the other letters "ABC345679" are the letters that make up the password.these letters combine with all possible order and creates the password."test.txt" is the file to which all the passwords are saved. and at last "A@@@@@@@" says that the password must always start with the letter A.The rest of the "@" will be replaced with the other letters we specified on the time of generation of password. We can replace the minimum length and maximum length of password according to our choice. we can also decide which letters must be needed for the formation of password .the option" -t A@@@@@@@" an additional piece of code and is avoidable. If the password generation is successful then the output will be as follows:
To view the password generated type "sudo cat test.txt"
At last our final step for password cracking has arrived and what we do now is to match our handshake package file with the password generated.
Before it ,we must check that our password file and handshake file are still on our directory
for that type "ls"
If all works fine then the output will be:
Here we can see that our wpa_handshake1-01.cap file and text.txt file are present in their positions.
Lastly we can compare these files
The code for that piece of work is :
sudo aircrack-ng wpa_handshake1-01.cap -w test.txt
This code will try to match handshake file and password file. It might take a while.The patience tastes bitter but its fruit tastes sweet.If the password matches with handshake file then the output will be:
YES its done !!!! If all our work had gone in a way that we expected then this last piece of code will light a small smile in our face...
WiFi Test
ReplyDeleteBell Canada Speed Test
ReplyDelete