Hack Wi-Fi in 10 Mins. Crack Wi-Fi Routers Password With by Nimish Jain Medium
Hack Wi-Fi in 10 Mins. Crack Wi-Fi Routers Password With by Nimish Jain Medium
Hack Wi-Fi in 10 Mins. Crack Wi-Fi Routers Password With by Nimish Jain Medium
Search Medium
Listen Share
1 of 17 7/21/23, 16:40
Hack Wi-Fi in 10 mins. Crack Wi-Fi routers password ... https://medium.com/@nimishjain511/hack-wi-fi-in-10-mi...
2 of 17 7/21/23, 16:40
Hack Wi-Fi in 10 mins. Crack Wi-Fi routers password ... https://medium.com/@nimishjain511/hack-wi-fi-in-10-mi...
Crack Wi-Fi routers with Airodump-ng and Aircrack-ng/ Hashcat crack WPA / WPA2.
It is a simple walk-through guide that shows how to hack Wi-Fi networks that use
weak passwords. It’s not exhaustive, but you should be given enough details to check
the protection of your own network or hack into one nearby. The attack mentioned
below is completely passive (only listening, nothing is transmitted from your
computer) and can’t be monitored if you don’t even use the password you break. An
optional active deauthentication attack can be used and defined at the end of this
document to speed up the reconnaissance process.
If you are new to hacking, you must not skip the description and jump to a list of the
commands used at the bottom.
Getting Started
Assuming that you know :
The first step is to recognize your wireless adapter by typing the following command
in your terminal.
3 of 17 7/21/23, 16:40
Hack Wi-Fi in 10 mins. Crack Wi-Fi routers password ... https://medium.com/@nimishjain511/hack-wi-fi-in-10-mi...
$ iwconfig
If an interface is not mentioned then your wireless card is not identified by the
Operating system. �
I am using Linux mint OS. Here you can see, wlxc83a35c26727(in your system it may
be wlan0) is your wireless interface and it tells that it supports 802.11, ESSID is off
and mode is managed.
Now, just type the next command to launch monitor mode, which will turn your
wlan0 into wlan0mon. My command will be “airmon-ng start wlxc83a35c26727"
4 of 17 7/21/23, 16:40
Hack Wi-Fi in 10 mins. Crack Wi-Fi routers password ... https://medium.com/@nimishjain511/hack-wi-fi-in-10-mi...
airodump-ng wlan0mon
5 of 17 7/21/23, 16:40
Hack Wi-Fi in 10 mins. Crack Wi-Fi routers password ... https://medium.com/@nimishjain511/hack-wi-fi-in-10-mi...
For the purposes of this demo, we will choose to crack the password of my network,
“waitt”. Remember the BSSID MAC address and channel ( CH ) number as displayed
by airodump-ng , as we will need them both for the next step.
6 of 17 7/21/23, 16:40
Hack Wi-Fi in 10 mins. Crack Wi-Fi routers password ... https://medium.com/@nimishjain511/hack-wi-fi-in-10-mi...
As we can see in the screenshot above, airodump-ng shows all the APs (access
points) within their range with their BSSID (MAC address), their capacity, the
number of beacon frames, the number of data packets, the frequency, the size, the
encryption process, the type of cipher used, the authentication process used and
finally, the ESSID.
Capture Handshake
The next phase is now to catch a 4-way handshake as WPA/ WPA2 uses a 4-way
handshake to authenticate devices into the network. You don’t have to say much
about what it details, but to break the network encryption, you must grab one of
those handshakes.
These handshakes occur whenever a device connects to the network, for instance,
when your neighbour returns home from work.
Command explanation: -c stands for Channel, — bssid stands for Mac address and -w
stands for writing the packets into file.
Now we wait… Once you’ve captured a handshake, you should see something like [
7 of 17 7/21/23, 16:40
Hack Wi-Fi in 10 mins. Crack Wi-Fi routers password ... https://medium.com/@nimishjain511/hack-wi-fi-in-10-mi...
WPA handshake:80:AD:16:A7:A9:3E ] at the top right of the screen, just right of the
current time.
If you are feeling impatient, and are comfortable using an active attack, you can
force devices connected to the target network to reconnect, be sending malicious
deauthentication packets at them also, If there is no handshake so to get the
handshake value instantly, we’ll use deauthentication method in which we’ll force to
send the malicious deauthentication packets to the target for reconnecting.
Another important tool in our aircrack-ng arsenal is Aireplay-ng which can be used
to produce or boost traffic on the AP. It can be especially effective in threats such as
a deauth attack that knocks anyone off the entry point, password threats on WEP
and WPA2 as well as intrusion and replay attacks on ARP.
Here -a stands for BSSID address of the target and -c stands for station address.
Upon receipt of such packets, most clients disconnect from the network and
immediately reconnect, providing you with a 4-way handshake as shown below.
8 of 17 7/21/23, 16:40
Hack Wi-Fi in 10 mins. Crack Wi-Fi routers password ... https://medium.com/@nimishjain511/hack-wi-fi-in-10-mi...
Captured Handshake
Once you’ve captured a handshake, press ctrl-c to quit airodump-ng . You should see
a .cap file wherever you told airodump-ng to save the capture (likely called -01.cap ).
We will use this capture file to crack the network password. I like to rename this file
to reflect the network name we are trying to crack.
Now the final step is to crack the password using the captured handshake. If you
have access to a GPU, I highly recommend using hashcat for password cracking.
Note, that if the network password is not in the wordlist you will not crack the
password.
9 of 17 7/21/23, 16:40
Hack Wi-Fi in 10 mins. Crack Wi-Fi routers password ... https://medium.com/@nimishjain511/hack-wi-fi-in-10-mi...
Found!
If the password is cracked you will see a KEY FOUND! message in the terminal
followed by the plain text version of the network password.
Preferably, you should use Kali Or Parrot but a similar distro like Ubuntu will work
as well.
$ apt update
$ apt install git build-essential ocl-icd-libopencl1 libcurl4-
openssl-dev libssl-dev zlib1g-dev libpcap-dev -y
Either install hashcat by sudo apt-get install hashcat or by cloning it’s repo from
10 of 17 7/21/23, 16:40
Hack Wi-Fi in 10 mins. Crack Wi-Fi routers password ... https://medium.com/@nimishjain511/hack-wi-fi-in-10-mi...
github
Finally, compile the binaries and we are all set with hashcat.
Done installing
Earlier we have captured 4-way handshake using tool “Airodump”, now we still need
the proper format to supply it to hashcat. To convert it to a proper format (hccapx),
we need another tool.
There are already some online services that you may use: https://hashcat.net
11 of 17 7/21/23, 16:40
Hack Wi-Fi in 10 mins. Crack Wi-Fi routers password ... https://medium.com/@nimishjain511/hack-wi-fi-in-10-mi...
/cap2hccapx/
In this case, I am doing it locally, clone the hashcat-utils repo from GitHub:
$ sudo make
After, compiling you will have the binaries under the same directory. The binary file
that we need is cap2hccapx.bin. To make sure, you have done it correctly compiled,
try to execute the file, it will throw you back the syntax.
Use the following command to convert the .cap file to .hccapx hashcat capture
format.
12 of 17 7/21/23, 16:40
Hack Wi-Fi in 10 mins. Crack Wi-Fi routers password ... https://medium.com/@nimishjain511/hack-wi-fi-in-10-mi...
• Dictionary Attack
For this to work, you need a wordlist as called. Provided that you have a decent list
of potential wifi passphrases, or else you can grab the popular ones:
https:/www.wirelesshack.org/wpa-wpa2-word-list-dictionaries.html
I will be using rockyou.txt. You can also download it from here: https://github.com
/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
• -a: specifies cracking mode. In our case it’s dictionary mode and “/path
/to/dict.txt” is complete path to the wordlist.
• -m: hash mode. Specifies what type of hash we are dealing with.
13 of 17 7/21/23, 16:40
Hack Wi-Fi in 10 mins. Crack Wi-Fi routers password ... https://medium.com/@nimishjain511/hack-wi-fi-in-10-mi...
Follow
The cracked password will be saved to waitt.pot , so check this file periodically.
Once you’re cracked the password, you should see something like this as the
contents of your POT_FILE :
31ff89ae5dbb24c68a6cf3194b144054:80ad16a7a93e:9078b2c1cec3:waittt:pa
tanahi
Where the last two fields separated by: are the network name and password
respectively.
• Brute-Force Attack
14 of 17 7/21/23, 16:40
Hack Wi-Fi in 10 mins. Crack Wi-Fi routers password ... https://medium.com/@nimishjain511/hack-wi-fi-in-10-mi...
Nimish Jain
The Brute-force is distinct from the attack at the dictionary. Here, we are attempting
Hack Android Phone!
to substitute any character in a specified length from a given charset at any possible
Manually embedding payload into android apk’s
location. For eg, we can try every character from A-Z on every position in this string
7 min read · Apr 6, 2020
in a string of length 8. This is how the brute force operates and is very time-
consuming.
170 2
See all from Nimish Jain
Recommended from
• -a: specifies the Medium
cracking mode and here the value 3 indicates, we are running a
brute-force attack.
5 Ways I’m Using AI to Make Money in 2023
• ?d?d?d?d?d?d?d?d: is the brute-forcing rule here. It specifies what kind of values
to check,
Kristen
Kristen where
Walters to replace
in Adventures In AI and also assumes how much time could it take to
Walters
crack the key.
5 Ways
The I’m
above Using
mask i.e. AI to Make Money states
“?d?d?d?d?d?d?d?d” in 2023
to check a string of length 8 with a
Theseatdoubled
digit my incomeYou
every position. lastcan
yearstudy about mask attack here: Hashcat Mask Attack.
15 of 17 7/21/23, 16:40
Hack Wi-Fi in 10 mins. Crack Wi-Fi routers password ... https://medium.com/@nimishjain511/hack-wi-fi-in-10-mi...
28K 516
Stories to Help You Level-Up at Work
19 stories · 140 saves
Self-Improvement 101
20 stories · 276 saves
Productivity 101
20 stories · 295 saves
10 websites that pay you up to $1000 to start your technical writing journey.
Stephen
Stephen Adesina in Level Up Coding
Adesina
4K 83
16 of 17 7/21/23, 16:40
Hack Wi-Fi in 10 mins. Crack Wi-Fi routers password ... https://medium.com/@nimishjain511/hack-wi-fi-in-10-mi...
Imran
Imran Niaz
Niaz
54K 841
Linda
Linda Caroll in The Partnered Pen
Caroll
16.5K 282
17 of 17 7/21/23, 16:40