Hack WiFi With Encryption WPA2-PSK Using Kali Linux

By
Jo

Today I am going to teach you a trick with help of which you can easily hack any WiFi with encryption WPA2-PSK using Kali Linux . This process is just a manipulation of some commands using Kali Linux terminal.

First  what is Wifi (WPA2-PSK) & (WEP)


  • WPA means Wi-Fi Protected Access
  • WEP means Wired Equivalent Privacy


Procedure :-

Step 1:-

The very first step is to verify the router configuration. Normally in a real penetration test we don’t have this option, but since I am using a home laboratory I have a little more flexibility.
In my case the Laboratory access point is secured with WPA2-PSK. It’s passphrase is kept as Cisco123 . You can use any kind of wireless router to make your wireless laboratory.
Use an old router and open it’s setting set it up as WEP for wireless security to use as a victim router. Connect one other PC , tablet , or smartphone to it wirelessly since the encrypted data between the two will need to be sniffed .
The main purpose of this attack is to capture as much traffic as possible using a tool called “airodump-ng”. Each data packet has an associated three byte Initialization Vector called IV’s. Whenever the attack is launched our goal is to get as many encrypted data packets or IV’s as possible then use aircrack-ng on the captured file and find out the password. 

Step 2:-

The iwconfig command helps us to show the wireless cards attached to the system. Currently I am using a RealTek wireless card. Linux ships with the RealTek drivers, making it a Linux plug and play wireless card. 
The operating system recognizes a wireless interface named wlan0.




Step 3:-

My next step is going to be enable the wireless interface. This is done by entering the ifconfig wlan0 up command.




Step 4:-

I need to check which wireless networks my wireless card scans . I will issue the iwlist wlan0 scanning command.




This command forces the wireless card to scan and report on all wireless networks available in nearby . 
You can see in my example I have found my target network which is going to be Wireless Lab. It had also found the MAC address of my access point which is 0E:18:1A:36:D6:22. Take a note of this as this is important because I want to limit my attack to this specific access point . 
Secondly, we see the AP is transmitting on channel 36 . This is important because it helps us to be specific on what wireless channel we want our wireless card to monitor and capture traffic from.




Step 5:-

Our next step is to shift the wireless card to monitoring mode. After doing this your wireless card will be able to examine all the packets in the air.
Monitor interface is created using airmon-ng. Enter the airmon-ng command to verify airmon-ng sees your wireless card. At that point make the monitor interface by entering the command: airmon-ng start wlan0




Next, run the ifconfig command to check that the monitor interface is created or not . We can see mon0 is created.




Now verify the interface mon0 has been created. 

Step 6:-

Using airodump-ng we have to capture the WPA2 handshake. The hacker will have to catch someone while authenticating to get a valid capture. Airodump-ng will display a proper handshake when it captures it. This will display the handshake confirmation in the upper right hand corner of the screen.

Note:-

We will have to get manually connected to the wireless network to force a handshake. In an upcoming future post I will show you how to force a reauthorization to make a device automatically disconnect and reconnect without any manual intervention. 

We used the following command: airodump-ng mon0 – -bssid 20:aa:4b:1f:b0:10 (to capture packets from our AP) – –channel 6 (to limit channel hopping) – –write BreakingWPA2 (the name of the file we will save to)
airodump-ng mon0 – -bssid 0E:18:1A:36:D6:22 – –channel 36 – –write BreakingWPA2

(make sure there is no space between “- -“)




To capture the handshake you need to monitor a client to get legitimately authenticate to the network. However, it is not necessary to wait for a client to legitimately authenticate. You can also force a client to re-authenticate (For this you will have to force a client for deauthorization). 

When you see the WPA Handshake Command you should consider that you have captured the valid handshake

Example:-




Step 7:-

We are going to use aircrack-ng with the dictionary file to crack the password. Your probability of breaking the password depends on the password file.
The command on is: aircrack-ng “name of cap file you created” -w “name of your dictionary file”




The BreakingWPA2-01.cap file was created when we ran the airodump-ng command. The valid WPA2 handshake airodump captured is stored in a .cap file named as BreakingWPA2-01 
Backtrack 5 comes with a basic dictionary. The dictionary file darkc0de.lst is a popular wordlist that comes with BackTrack5 . I have added my password Cisco123 in this file to make the test run a little smoother
Many attackers use large dictionaries that increase their chances of cracking the password. Many dictionaries contain passwords from real users and websites that have been cracked and posted on the Internet. Some sophisticated dictionaries combine multiple languages, permutations of each word, and key words and phrases from social media sites such as Twitter and Facebook
Kali does not come with the dictionary darkc0de.lst but if you need it you can download it from here
NOTE:-
Kali does have built-in worldlists in: /usr/share/worldlist 

In this tutorial I have created a file named “sample.lst” and added the word Cisco123 in it.
Success:
If the password is available in the dictionary file then Aircrack-ng will crack it. 




Comments

Post a Comment

Popular posts from this blog

Crack Instagram Passwords Using Instainsane

By
Image
Nowadays , Instagram is one of the most widely used social media applications. I am pretty confident that at least one of your friends or you are using it pretty much every day. Today I am going to show you how you can crack your friend's Instagram password using a script called Instainsane. Procedure:- Step 1:- Download Instainsane Unfortunately, Instainsane is not available built in Kali distribution, so we will have to download it from github. kali > git clone   github.com/thelinuxchoice/instainsane.git Now, we need to install it. Go to the directory where you cloned the github repository and run the "install.sh" bash script. kali > cd <path to directory> kali > chmod +x install.sh kali > ./install.sh Step 2:- Crack That Password! Finally the time to crack your friend's password is came . The only thing we are going to need now is your friend's Instagram username and you could al...
Read more

Find Out Who’s Tracking You Through Your Android

By
Image
Today in this virtual world, there are so many security issues like lots of viruses, malware, Trojans, and keyloggers that can influence our devices. Here I am going to mention few short codes that will help you find the settings of your phones and to find out either your messages or information are being tracked. Code 1:    *#21# This code helps you to find out whether your messages, calls, and other data are being diverted. Code 2:    *#62# If any of your friend tells you, that your number is saying no-service or no-answer, then you need to dial this code on your smartphone to find out where your calls, messages, and data are being redirected. Code 3:    ##002# This is a universal code to deactivate all call forwarding. This will immediately switch off all the redirections from your phone. Code 4:    *#06# This code is used to find the International Mobile Equipment Identifier (IMEI). This code will be...
Read more
By
Image
Hello Friends Today I Am Going To Teach You, How To Change Serial Number Of Your Android Android Serial number of every mobile device is its identity to recognize that network on the cellular network and to recognize the licenses that had been made for that device and this identity is by default set by the maker of that device. You can’t change the IMEI number to detect over the cellular network but you can actually change this on your device for the temporary time for the apps and the devices licenses. And this actually fakes your device identity and you can use this in a very cool way of faking some recharge apps to get the bonus. And you can also change the IMEI number to its default also.   The method is so simple. All you need is just a rooted android device that will allow Xposed installer to run on the device. And after having Xposed installer you will have to use Xposed module app to change the Serial number of your android. Procedure:- Step 1:- Y...
Read more