WIFI Hacking
Before we going to learn how a hack WEP or WPA/WPA2 or WiFi Hacking, we have to know some key terms:-
- Managed mode: In Managed mode, our wireless device will only capture packets that have our device’s MAC address as the destination MAC.
- Monitor mode: In Monitor mode, your card can listen to every packet that’s around us.
- SSID: An name of the wireless network that we see when we try to connect to the WiFi.
- ESSID: An SSID that may apply to multiple access points.
- BSSID: An access point/router MAC (hardware) address.
- WPA2-PSK: WiFi networks that we connect to by providing a password that’s the same for everyone.
- WPA2-EAP: networks that we authenticate to by providing a username and password, which is sent to a RADIUS server.
- RADIUS: A server for authenticating clients, not just for it.
How to change wireless card mode from managed to monitor mode?
execute & run the following commands:
- Run iwconfig to check wifi interface
- or Run ifconfig (wifi interface name) down to close the wifi interface
- Run iwconfig (wifi interface name) mode monitor to change to mode
- Run ifconfig (wifi interface name) up to open the wifi interface
Or
We can directly use airmon-ng start (wifi interface name) to change managed to monitor mode
How to do WiFi Hacking?
Using the Aircrack-ng suite, we can start attacking a wifi network or WiFi Hacking.
The aircrack-ng suite consists of:
- aircrack-ng
- airdecap-ng
- airmon-ng
- aireplay-ng
- airodump-ng
- airtun-ng
- packetforge-ng
- airbase-ng
- airdecloak-ng
- airolib-ng
- airserv-ng
- buddy-ng
- ivstools
- easside-ng
- tkiptun-ng
- wesside-ng
We’ll only want to use aircrack-ng, airodump-ng, aireplay-ng, and airmon-ng to attack WPE and WPA/WPA2 networks.
Packet Sniffing
Run airodump-ng (wifi interface name) to show all the wifi signals around us
How to sniff data and gather more information about the particular wifi network
Run airodump-ng –bssid (target bssid) –channel (target channel) –write (output file name) to capture data from a particular wifi network
PWR: signal strength
#Data: number of data packets
#ls: number of data packets collected in the last 10 sec
MB: Maximum speed supported
ENC: encryption used
Cipher: cipher used in the router
AUTH: Authentication used in the router
CH: channel works on
To crack the WEP or WPA/WPA2 we need to capture the WPA handshake and this will only possible if one host tries to connect to the wifi router then at that time router and host perform a 4-way handshake to establish a connection our main task is to capture that handshake packets
So for this, we have to wait until a host is trying to connect to the router and it is very time-consuming so we will perform a de-authentication attack
Deauthentication attack
In this attack, we try to disconnect any client from the router by using deauth packets
Run aireplay-ng –deauth (no. of deauth packets) -a (wifi router MAC) -c (connected host MAC) (interface)
In this attack first, we change our MAC address to host MAC address and sent deauth packets to a router and then change our MAC address to router MAC address and sent deauth packet to host
How to crack WEP?
WEP(Wired Equivalent Privacy) uses the RC4 encryption algorithm
If we capture a large number of data packets then it is easy to crack WEP
Run aircrack-ng (.cap file) to get the password
If the number of captured packets is not sufficient to crack RC4 encryption then we sent fake authentication packets to generate more data packets at the time of packet sniffing
Run aireplay-ng fakeauth 0 -a (host MAC address) -b (wifi adapter MAC address) (interface)
How to crack WPA/WPA2?
Here we use the .cap file in which we capture the 4-way handshake and use brute force attack on the handshake packets
Run aircrak-ng (.cap file) -w (wordlist)
written by: Sahil Gupta
Reviewed By: Sayan Chatterjee
If you are Interested In Machine Learning You Can Check Machine Learning Internship Program
Also Check Other Technical And Non Technical Internship Programs
