This post on how to crack a wi-fi password is absolutely, of course, for informational purposes only. Global Success US never at any point endorses or condones illegal activity of any kind. No matter how fun it may be, and that is really where the “educational” sense comes in, isn’t it? Don’t be mean, and only use this information to test your own systems’ security.
Today we’re going to be talking about how to obtain the password of a nearby wireless router with just a few tools, that if you’re reading this probably already have. Laptop or computer with wireless capabilities? Check? An internet connection for the time being is going to be necessary.
Getting What’s Required to Obtain Passwords:
If you’re a computer geek and you’ve never played around with Linux, you’re missing out. Linux is open-source and has many different versions created by many different people. In Linux talk we call these different versions with the same basic kernals flavours of Linux. The one we want to install is called Kali Linux.
Kali Linux describes itself as “offensive security” which is very accurate. There is no other better software available to test your own security systems. When being blatantly honest, because of these tools, Kali is a hackers bread and butter. Let’s try playing around with it for a minute or two, because it’s open source and free, click the button below to download it now:
The download above is in an .iso format which is most commonly used in the files sense to install as an operating system on your computer. An .iso format is a disc image, meaning the image that is written onto a CD-R or DVD-R. You can mount them sure, but for the purposes that you would use this tutorial for, I would recommend burning this .iso to a bootable disc, and keeping it with your laptop or wherever you may end up needing these kind of tools. You never know.
Before we get started please note I am making no guarantees whatsoever. Plenty of WPA networks out there are simply not crackable. Still, for educational purposes, pushing the limits farther and seeing what you can crack into can be a great deal of fun.
There are ways to be able to install and launch Kali Linux from the convenience of your desktop. Nifty right? You can figure out where to put it, or check out this dual booting guide here. Moving on.
Types of routers that are vulnerable to this attack are WPA/WPA2 systems. And yes, they have caught onto this loophole a little, but it is still very much open. Do you have Kali open and running yet? Let’s get started.
When you login to Kali, make sure you login as root. This is very basic stuff, and when you want to have full control using a Linux flavour you are always going to want to be logged in as root. Now, find your network location and right click on it, disconnect from all networks. Offline? Good, let’s proceed.
Time to get to the command line, open a terminal (ctrl+alt+t), enter airmon-ng and click enter. This will list all the wireless adapter cards within your reach that support monitor mode. The results the command brings you up should be in rows, the first of which is interface. You’ll find something similar to the card you are trying to read as something line wlan0.
Now that you have the network identified you want to enter the same command again followed by start and the interface name. It should look something like: airmon-ng name wlan0
After this command goes through under interface should be a message under the wireless network telling you the monitor mode is enabled and you a name for that monitor interface, usually mon1, but check your terminal to be sure. Write this name down or remember it.
Now it’s time to type in the terminal airodump-ng mon1 (or whatever your monitor name is). Airodump does some neat stuff, it should at this point display all the wireless networks near you. Look at the networks listed and everything listed in the row and you start to see Kali’s power at work.
Look through the list you’ve created and find the network you are trying to penetrate. If the list keeps populating after you’ve found your target, hit (ctrl+c) to stop it. The first row displays BSSID, copy or write down the one associated with the network you are testing. We’re going to need it poste-haste, things are about to get a bit more complicated.
Okay, the commands are about to get a little more complicated but don’t fret. airodump-ng -c (channel) –bssid (bssid) -w /root/Desktop/ (monitor interface). Where we have channel in parenthesis, you need to replace that with the actual channel name you are trying to access. Where BSSID is in parenthesis, you want to replace that with the one you wrote down from a few moments ago. And monitor interface, you guessed it, the one from earlier, most likely mon0.
Here’s Where Everything Starts to Get Complicated:
With the airodump command, we’re dipping our fingers into just very specific information about this one network. Now comes the tricky point. We need some device to eith connect or reconnect to this network.
The airodump command does a few things. First off, for the most part it should create four files on your system known as a handshake. In my opinion, this term isn’t really worth racking your brain over. Just know that these files should be located on your desktop after inputting the command.
If a device is not connecting to the taget network fast enough for your tastes, go ahead and use the command aireplay-ng, this will trick the network into thinking a device is connecting, disconnecting, and reconnecting. The only downfall is that in order for this trick to work, somebody must already be connected to that network. If nobody ever, ever shows up on that network it could be a sign that you are too far away from the signal. Before trying one, always see how many “bars” your device is receiving from that network.
Once a client connects, keep this terminal open and open a new one. In this terminal type: aireplay-ng –0 2 –a (target router bssid) –c (target bssid) mon0. Once you enter this command you should get your end results if you are close enough to your target network. The terminal will display a “WPA handshake”. If you didn’t get any of these, the most logical thing that happened is that the machine you are trying to connect with is too far away. Or occassionally, some WPA networks are uncrackable.
This last command should have created 4 files on your desktop. Find one that is a .cap file, that’s the one we’re going to be focused on. Keep all the terminals we’ve used so far open. Open a new terminal and use command aircrack-ng -a2 -b (target router bssid) -w (path to wordlist) /root/Desktop/*.cap. Wordlists are files that contain tons of variables of possible passwords and are ikely to hit your mark, and are freely available for download on the internet. Title your wordlist file as wpa.txt and put it into the root folder. Now enter a command that looks like this: aircrack-ng –a2 –b 00:16:BF:E0:E8:D4 –w /root/wpa.txt /root/Desktop/*.cap (enter your own variables accordingly).
You did it. If your network was less than secure, your password should be displayed in the terminal. Aircrack should now have cracked the network’s password. It will only be able to crack the password if it is in the wordlist file that you specified. If your wordlist fails, try others, there are plenty to download from the internet. If wordlist after wordlist seems to fail, the security of the network is very safe from brute force attacks.