Sunday, January 1, 2017

What is Social Engineering/Doxing?



Use of Doxing:
  • Hackers can track Innocent peoples data and hack their accounts.
  • Security Experts can trace the Hackers(can trace some innocent hackers only,N00bs). This will be helpful for solving Cyber Crime cases.

Definiton of Doxing:
Doxing is derived from Document Tracing. Doxing is tracing the information from internet resources about particular person.
Usually internet users left their information(like gender,name,city,..) in some websites(like social network,..).  So using some searching Techniques, we can gather complete data about a person.  This type of searching(tracing) is known as Doxing. This data can be used to hack their account or trace them.
What you can find using Doxing?
  • Real Name, age,gender
  • Email id, registered websites
  • Social Network Page(facebook,twitter links)
  • Address, Phone Number
  • Parent’s Names and their Jobs
  • Place of Education (School/University etc.)
  • Relatives
  • and more data
From where you are going to start?
Yes, if you know person real name, then start from his name.  If you know the username then start from there. or if you know any other data, start from there  Using name or username , search for other information in google.
How to do Doxing?
Just assume you want to gather information about one of forum member.  Let us assume his username is peter.  If you search in google as “peter” , you will get thousands results about peter. So what you are going to  do?
You have to some other information about peter in that forum itself.  For example , You got his birthday.  Now you can continue your searching with “peter xx/xx/xxx”.  This will reduce the resutls.
Not only birthday, you can use some other info like signature.  For example if he put signature in forum as “Dare Devil”.  You can continue searching using “Peter Dare Devil”.  This will reduce the Results.
Sometime your target person registered in multiple forums, websites,social networks… So while searching ,you will get result of registered website of him using that username or info.
Read Each posts of target person, he might left some more information about him any one of forums or websites.
Using Email Address for Tracing:
If you got the email address of target person, it is much easier to trace the person. You can search using in the following sites. you may get some data.
Websites that will be useful for Doxing:
www.myspace.com
www.bebo.com
www.facebook.com
www.google.comwww.wink.com
www.123people.com
www.zabasearch.com
What is Doxing?
"Doxing" is the act of finding out ones personal information (Name,address,phone#) from some kind of online account. Anonymous is legend for working together to Dox people that commit some kind of crime.
Where to start?
Here is a small list of sites to try once you have something to go on.
http://www.pipl.com/username/
http://checkusernames.com/
Both of these sites can help you find sites that your target has registered on (assuming the username is not incredibly common). Pipl.com can also help you once you find out information like First/Last name or Phone number.
http://www.fonefinder.net
This site can help you once you find the phone number, even if it is a cellphone you can still narrow down the location of the user. It never gets the town perfect but it DOES give you the correct state, general location, and service provider of the phone(which may help you with social engineering).
http://www.tineye.com/
GREAT resource. Upload or link to a picture on this site and it will find matches on the internet, even if the match is not 100% perfect. So take for instance someone's Facebook picture, using this you may find their myspace or accounts elsewhere.
http://www.intelius.com/
An all around person search; criminal records, email, social networks, phone numbers.. ect.
In my experience not always the best however worth noting. You can find any other site related to target person and search for his data.
Doxing needs Intelligence:
Doxing needs Intelligence and searching ability.  You have to guess where to search and what to search about person.  Depending on searching ability, you will get what you required.
Security Question:
Hacker can get the victim’s security question answer using doxing.
For example, if your questions is “What is your pet?”, he may guess. He will search with email or username . you may left your my pet is xxx. So now you are the victim.
Dictionary Attack:
Hackers can gather information about the victim and create a dictionary file(wordlist) for a target person alone.  Using that dictionary file , he can crack your passwords.
Conclusion:
Doxing is one of powerful hacking method.
Security Tips of Users:
Don’t use Internet.  This is best security tip because your data can be traced by anyone.  sounds crazy?! No one like to leave the Internet.  So  i am giving some other tips for you.
  • Be careful when you give information in internet.
  • Use very Strong passwords .
  •  Don’t set Stupid security Question for account.

6 Ways to Hack into Public Wi-Fi Hotspots – Cracking Passwords






Disclaimer! Hacking Wireless networks that you do not own is forbidden in all the Countries. This Article has been created for Educational purpose only.
The Internet is a necessity today. From your work to your leisure, you are dependent on the internet.
It may be possible that internet connectivity is not available in an urgent situation. But, there are public Wifi Hot-spots in the vicinity. Unfortunately, they all are secured with passwords.
You’d be helpless in this particular situation if you don’t know ways to hack public WiFi Hot-spots.
Most of the WiFi hacking apps available on the internet can trick you into installing adware. You will end up infecting your computer with malware or unrelated software. They don’t serve the purpose of cracking WiFi passwords.
Wifi hotspot hacking tricks
This post aims to create awareness about the genuine apps and software that can be used for cracking WiFi passwords.
No idea how WiFi works? Watch this video on you-tube
There are two principal ways to crack WiFi Passwords:
Passive sniffing, where the laptop’s WiFi settings are adjusted to detect and decipher all the network activities happening through a particular hot spot.
Man-in-the-middle Attack is another way in which a hacker sets up a fake Network Access point and tricks the user into connecting to it.
Before we discuss any further, let us have a look at the evolution of encryption levels in the Wifi hotspot security.

WiFi Encryption levels

It all started with WEP in the last decade of 20th century. WEP stands for “Wired Equivalent Privacy” which was launched in September 1999. From the starting, it was not a strong security system. It had many flaws. With time, increased revisions led to longer encrypted keys, revised algorithms for better protection until it was hacked officially by FBI using free software. Later, it was discontinued from 2004.
“Wifi Protected Access-Pre-Shared Key” (WPA-PSK) was the successor that used 256 bit key for advanced and stronger protection. A Special protocol called “Temporal Key Integrity Protocol” (TKIP) was used in WPA-PSK that was more secure than WEP.
But TKIP was an upgraded component for WEP that utilised some of the elements incorporated in WEP. This led to a security breach in WPA-PSK as well.
WPA2-PSK succeeded WPA-PSK. WPA2-PSK incorporated “Advanced Encryption Standards” (AES) algorithm for stronger encryption. But still, the “hashed password” obtained during the 4-way handshake (authentication protocol), can be cracked using Wi-Fi cracking softwares. Towards the end of this post, we have discussed cracking Stronger WPA2-PSK Wifi passwords using widely used Wifi hacking suite.

Six Ways to Hack any Public Wifi hotspot.

Let us now read on to know the various ways that i will be discussing here:
  1. Getting quick Access by Pressing WPS button
  2. Stealing Wifi passwords from already connected devices
  3. Using Wifi password sharing apps for Smartphones
  4. Using Wifi Hacking apps for Smartphones
  5. Stealing Wifi Passwords using “WifiPhisher” Hacking Tool
  6. Cracking Strong WPA2 Passwords using AirCrack-NG and Cowpathy.
The First Four methods are the easiest ones (straight forward) and need not require any extra efforts from your side.
While Methods 5 and 6 are also easy to execute, You will need to put in your efforts wisely and requires you to have Good Knowledge of Terminal Commands. Above all you need to have a lot of patience.
So lets get started!

1) Getting quick Access by Pressing WPS button

This is the easiest method of getting access to a wireless network.
Most of the routers have a Wireless Protected Setup (WPS) button adjacent to the Ethernet ports. You just have to press the button to activate it.
where is wps button located
Your device will show the available wireless networks. Select the preferred network and you are all set to surf the internet.
Not only router but wireless printers and other wireless devices also have WPS button. The connecting procedure is similar to that of the router.
steps-in-connection-wifi-by-wps-button
Watch these videos for detailed Instructions:
The wireless network can be secured using an eight digit PIN code as well. You can either use the predefined PIN available in the WPS configuration page or set up the PIN code for the client to access the network.
In some cases, The PIN is also printed on the back side of the router. All you have to do is enter this PIN instead of Access point Password and you are in.
But what if you cannot reach out to the router? You could just try all the PIN combinations since the PIN code is vulnerable to brute attacks by the hackers. The code is stored in two separate blocks in the router. A hacker, with simple tools, can find the PIN code by brute force attacks and access the wireless network. Read on to method 4 to know the app that does just this.

2) Stealing Wifi passwords from already connected devices

This one is easy to accomplish. Let’s assume, you want to connect your device to the wireless network.
Now, you may remember the password or you don’t. In the latter case, you can either send a password information request to the administrator or you can directly ask for it.
If the administrator is your friend, don’t hesitate in grabbing the device and reveal password from the settings!
reveal wifi password on Mac
Here’s what you have to do:
For windows machines:
Open “Command Prompt” in Administrator mode (search for CMD, Right-Click on it and choose Run as Administrator )
Enter the following Command and Hit ENTER to reveal Wifi Password:
netsh wlan show profile name=hacker9 key=clear | findstr Key
Your password will be displayed in plain text next to “Key Content” field.
[ * ] Replace “hacker9” with your network name “SSID” of the WiFi hotspot you want to connect to.
For Mac:
Open Terminal >> Type the following command >> Hit Enter.
security find-generic-password -wa hacker9
You will be asked to authenticate yourself, Enter your Mac username and password and click ok. Your password will be displayed on the screen in plain text.
For Android Smartphones:
If your Android phone is Rooted, you can use this “Wifi Password Viewer” app to reveal your wifi password.

3) Use WiFi password sharing apps for Smartphones

There are smartphone apps with a database of credentials of various Wi-Fi access points across the world.
These Public but protected Wi-Fi access points can be of any coffee shop, hotel or hospital.
The users, who have already accessed these protected Wifi hotspot, share the details in the app for others to use.
In these apps, you could find the Wifi password of a restaurant in your locality or if you are traveling in any part of the world, there is a possibility that you get Wifi access information of a café or Airport there.
Here are some of the popular apps:

4) Use WiFi Hacking apps for Smartphones

There are two kinds of Wifi password cracking apps for smartphones.
1) Apps that abuse WPS PIN vulnerability found in the Router
These sophisticated apps can hack WPS-enabled Wifi Hotspots by exploiting the WPS protocol. Some work on rooted devices while others are compatible with non-rooted devices. At the same time, there are apps that can work on both rooted and non-rooted devices.
Popular apps that abuse WPS vulnerability:
These apps make use of various algorithms like Zhao, TrendNet, Dlink and Arris to crack the password.
2) Apps that use Bruteforce and Dictionary attacks to crack passwords
Brute force attack is a trial and error method for deciphering the password. You can enter the alphabets and length of the password and the app will try all the possible combinations.
WIBR Plus is one such app for Android that will let you hack any Wifi connection that uses a weak password protection.
Essentially, the app makes use of a brute force attack that allows you to perform dictionary-based attacks on the targeted router and discover the password.
It may take from few thousand attempts to millions depending upon the password strength.

5) Stealing Wifi Passwords using “WifiPhisher” Hacking Tool

Note: Before you start reading about his method, I recommend you to go through Method #6 to understand what “Hacking suite” is made up of and what hackers rely on.
WifiPhisher has a different approach to obtain Wifi passwords.
In this method, The user itself reveals the password and you don’t need to crack the password by exploiting the algorithm or employing brute attacks.
Sounds Good?.. Yes, you can steal WiFi passwords using WiFiPhisher Tool from any secured network.
wifi phisher tool - how it works
WifiPhisher uses the man-in-the-middle approach where the attacker creates a replica of the original Wireless Access Point. After that it compels the user to de-authenticate from the existing access points by jamming all the access points.
When the user tries to re-authenticate, the exact but fake Wireless Access Point’s interface is displayed with a webpage that notifies them that a “firmware upgrade” has taken place, and that they need to authenticate again.
The user Enters the password on that webpage thinking its a legitimate warning. The password is then passed to the hacker who had set-up fake Access point and as soon as he receives the password he then allows the user to connect to the real access point by disabling his fake one. This way, Wifi network credentials can be obtained.
Full Tutorial here: How to use WifiPhisher
Official Github repo: WifiPhisher

6) Cracking Strong WPA2 Passwords using AirCrack-NG and Cowpathy.

Till now, we discussed simple tricks and smartphone apps that can help in cracking or stealing the Wi-Fi hotspot password. With WPA2 encryption, most of the times, it is difficult to crack the password.
As mentioned earlier, WPA2 uses Advanced Encryption Standards (AES) protocol. This results in longer and stronger passwords.
To crack WPA2 wifi passwords, you need a reputed and effective hacking suite. Using a hacking suite requires software and hardware with heavy configuration.
Hackers and Penetration testers around the world use “Kali Linux Operating System” for carrying out any type of hacking, Including Wireless hacks.
Inside Kali OS, There are different hacking modules for different purposes. Aircrack-NG is the most widely used wireless hacking suite (module) in the world. It comprises of a complete set of tools that can be used for maneuvering and cracking Wi-Fi networks.
Despite being the most advanced hacking suite, it is sometimes very slow in cracking passwords. To compensate the slow speed, researchers have developed another wireless hacking tool called CoWPAtty which is an alternative for Aircrack-NG but often hackers use both to get optimal results. I.E. CoWPAtty can be used to speedup cracking WPA2 password by implementing dictionary or brute force attack.
Let us look at the basic steps to successfully crack strong Wifi passwords:
Our main task is to obtain “encrypted password”, So that we can decrypt it for plaintext password.
  1. The first step is to make sure that our Wifi adapter/card is able to receive all traffic data. By default your wireless card will only receive packets that are intended for it.
    But since you do not have access to the network, you will not receive any traffic data unless you convert your wireless card into a promiscuous mode.
    So the first tool that is being used is Airmon-ng, which will allow our wireless card to hook-up with traffic data, no matter it was intended for it or not.
  2. The next tool that is neing used is Airodump-ng, which enables us to capture packets that we are interested in.
    This tool will display all the Access points nearby with their BSSID (MAC address) including other information like the channel, the encryption method, the speed, the type of cipher used to hash the password, SSID, etc. We will be focussing only on the BSSID and the channel.
  3. After finalising on best Access point with Knows SSID/ESSID, we will be carrying out attack on this particular Access point. To be able to capture the encrypted password for this Access point, we need to capture the 4 way handshake (authentication protocol) and this is only possible when someone (other client) is in the process of authentication.
    To be able to achieve this scenario, We will first de-authenticate any client and allow them to authenticate again. So we use another tool called Aireplay-Ng to de-auth any user.
  4. Once we de-auth the client, he will automatically try to authenticate again and during this process out previous tool Airodump-ng will silently attempt to grab their encrypted password in the new 4-way handshake.
  5. Now that we have the encrypted password, we now attempt to crack it by using a password file (Default password list included with aircrack-ng). Depending on the length of your password list, It might take a few minutes to a few days.
Refer this tutorial on using Cowpatty – Wireless hacking tool.
If you are using a normal PC to decipher the hashed password, it can take years to crack it. This is because of infinite possible combinations of characters.
To simplify your job, You need a fast and reliable multi-core CPU. Given the infinite number of possible combinations for a password, you cannot process the software on a normal CPU. The cores in the CPU make difference. Opt for a multi-core processor before initiating password cracking process.
You also require a powerful wireless adapter. Now, your device already has a WiFi adapter/card that can detect network and connect to them. But, it cannot be used for the hacking purpose. We cannot initiate our hacking process without the right wireless adapter.
The adapter should be able to accomplish two tasks. First, it should work in the monitor mode where it can detect all the networks irrespective of the frequency.
Secondly, it should be able to inject as well as detect all the packets in the air. A packet is a unit of data that is being transferred from the access point to the user and vice versa.
Now you know that you do need powerful resources to actually hack strong Wifi passwords and it is a Big deal to make your wireless passwords as much strong as possible.

Sunday, December 6, 2015

  uTorrent PRO 3.4.5 Build 41372 Final + Crack (Player+Antivirus)




uTorrent
µTorrent is an efficient BitTorrent client for Windows. Most of the features present in other BitTorrent clients are present in µTorrent, including bandwidth prioritization, scheduling, RSS auto-downloading, and Mainline DHT. Additionally, µTorrent supports the protocol encryption joint specification and peer exchange. Unlike many torrent clients, it does not hog valuable system resources–typically using less than 6MB of memory, allowing you to use the computer as if it weren’t there at all.
Pro Features
  • Stream Instantly (beta)
  • Automatic protection from viruses and malware
  • Play more formats
  • Convert downloads to play on any device
  • Premium customer support
How to Crack
  1. Install the setup file from “Setup” folder
  2. Run the crack file from “Crack” folder
  3. Proceed “Next” twice
  4. Browse for µTorrent installed directory & click “Next”
  5. Now hit the “Start” button
  6. After successfully crack click “Exit”
  7. Now open µTorrent & disable “Auto Update”
You’re Done!!! ENJOY!!! :-)
Direct Download Link
NOTE: Please exit µTorrent from “System Tray” before you crack
Screenshots
u
Download  67.4MB

Saturday, December 5, 2015

Fix!! IDM Fake Serial Key Pop up Message 2015 Latest Method

By Asif | Dec 6, 2015

If you have arrived here searching, how to fix idm fake serial key pop up message then you have come to the right place.



















Download (478KB)









Monday, November 30, 2015

Tatkal Software

You Can Book Ticket Only In 40 Sec.Crack of the Black TS software.

Black TS Download

Tuesday, September 1, 2015

Footprinting– InformationGatheringTechniques






Footprinting is an ethical hacking process of gathering information about the target and its environment. This is a pre-attack stage and maximum efforts are deployed to ensure that the operations conducted are executed under stealth and target can’t trace back you. In the footpriting process several information gathering techniques and tools are used.
A hacker can use several freely available resources to gather maximum information passively. In this process no direct contact is made with the target. The information gathered through footprinting is crucial for later steps/attacks. 

Footprinting – List of Information Gathering Techniques

There are many techniques and tools used in footprinting. There is no predefined sequence of task in footprinting. You have to gather the maximum possible information therefore you use following sources.
Websites Footprinting: Just by visiting the target’s website you can collect great amount of information about them such as their emails addresses, partners, client’s list, physical addresses of their offices and HR openings etc.
Website can be further analyzed for error pages. Errors can appear if you put invalid data in search box or contact form. Errors can reveal details about website content management system software, its version, scripting and type of server used – linux or windows etc.
Whois Database Lookup: Whois lookup is an important step in information gathering process. Whois lookup against any website can reveal information about computer servers on which website is hosted & its location. Whois lookup also displays name, address and contact numbers of technical staff, domain owner and domain registrar.
WHOIS Lookup Websites:
  • www.whois.com
  • www.whois.domaintools.com
  • www.whois.net
  • www.whois.com/whois/
footprinting whois
Footprinting – whois
Search Engines Hacking: Marking a search query against your target in search engines (Google, Yahoo & Bing etc.) can also reveal great amount of information if used properly. Google Advance search or Google Hacking can help to locate more detailed information like company policies, employee’s details & online hidden pages etc.
Company’s details and reviews can be found at different blogs, website, reviews portal, forums etc.
Google Search Command: site:facebook.com “himanshu negi” + “hacking”
The above Google search query target facebook.com for all the persons having nameHimanshu Negi and talking about “Hacking”.
Information gathering via Google
Information Gathering Techniques via Google
Similar Domain Search: If example.com is your target’s website then you can look at example.in, example.net, example.org for a worldwide variety sources. Further, looking for in.document.com, uk.document.com (country basis) or en.document.com (language basis) can reveal more useful information.
Same company may have different works at different countries and may be presenting different information in different languages. Similar domain search is important information from all different aspects and dimensions.
Try: touch.facebook.commbasic.facebook.com, facebook.com.
Negative Website Search: Negative website search against targets website can reveal some websites that gives insight into the problems which exist inside the organization. Suppose, your target is example.com then you may find example-company-sucks.com.
Paypal.com is a payment gateway website/company that helps to buy/sell stuff online and facilitate money transaction across borders worldwide. But below is the image of website that tells different story.
Negative Website - Information Gathering
Paypal Negative Website – Information Gathering
Social & Business Networking Websites: If you want more detailed information about a company or person then you must take a look at websites like linkedin.com, Google+ and similar. They can reveal some detailed business information and their professional connections.
Facebook website may have fake profiles/pages and non-official groups about a company. FB may not have trusted information about a company or person but sites like linkedin.com which is a professional social networking website usually have trusted information and frequently updated profiles and pages with insight information and great detailed.
Top Social Professional Websites: https://www.linkedin.com
People search/look-up websites may also prove helpful.
Classified/Job Websites: If you want to really know what a company’s offers and stuff and services the company sells then you must search information about the company at different classified sites. You’ll find some real working contact address and insight information.
Classified/Job sites may reveal some HR openings that may have information about the software and technologies that the target company uses. As they are looking for employees those work with the same technology they use, they generally reveal great information here.
Some Websites to Try:
  • www.locanto.in
  • www.olx.in
  • www.clickindia.com
  • www.quiker.com
  • www.naukri.com
  • www.monster.com
and many-many more.
Internet History – Achieve Pages: Footprinting also includes looking for information that was deleted from the website. Internet way-back machine can help you to find pages that are now history. Archive.org is a website established in 1996 which manages to achieve webpages of almost all websites.
Information or pages deleted from a website may have some ex-employees information. These ex-employees can be called and may reveal some great information about their ex-company and work.
Footprinting - Archive.org - Web History
Footprinting – Archive.org – Web History
DNS Footprinting – MX Entry: DNS (domain name system) records look can reveal great amount of information including MX entry which indicates where and which email application or services are being used. This information can be used later to exploit mail services and accounts.
DNS Lookup Websites
  • www.dnswatch.info
  • www.who.is/dns
  • www.dnsstuff.com
Trace Route: tracert is a command that can used in both linux and windows which is used to trace path between a user and target system machines. Some websites also facilitate tracert/trace-routing.
website: https://who.is/tools/
Finally, Footprinting includes some great techniques to gather information passively. It is legal as long as you don’t misuse the collected information. These steps and techniques are very simple and any no-technical person can enjoy this but mind that it’s also very effective.
Footprinting is vital for all the hacking or information gathering steps you perform next.

How to Hack WiFi Password? Cracking WEP, WPA/WPA2, WPS with Wifite





Wifite is a Linux platform tool (available on Kali, Backtrack 5, BlackBuntu, BackBox and Pentoo Operating Systems) which is used to attack multiple encrypted networks (WEP, WPA/2 and WPS) in a row. This tool is customized to be automated with only a few arguments. Wifite aims to be the “set it and forget it” wireless auditing tool. In this tutorial we’ll be using Wifite only to Hack WiFi password of WEP, WPA/2 and WPS Secured Networks.

Few months ago, I published an article on Cracking WEP WiFi Key using Aircrack-ng tool. In that article, we were dealing with many programs and some commands to accomplish our task. It was a nice article and many readers personally appreciated me for that. But sometimes you just need automation and there comes – wifite. Now, I am back with another article and a great WiFi password hacking tool known as wifite, which is very efficient and fully automated wireless auditing tool.
More wifite Help (source code): https://github.com/derv82/wifite
INTRODUCTION TO WIFI’S SECURITY: WEP, WPA/WPA2 & WPS are different security technologies used to protect WiFi from unauthorized access.
WEP stands for Wired Equivalent Privacy,
WPA stands for Wi-Fi Protected Access &
WPS stands for Wi-Fi Protected Setup.
In this tutorial I’m going to demonstrate you – how to Hack WiFi password using Wifite. We’ll be hacking WEP, WPA, WPA2 (Same as WPA cracking) & WPS enabled WiFi using Wifite.

THINGS WE NEED

  • Kali Linux OS (includes aircrack-ng suite and wifite tool).
  • External WiFi Adapter or inbuilt WiFi Device.
HARDWARE INFO:
I have been asked several times about the hardware I’m using. It’s a plug-n-play wireless USB adapter TP-LINK TL-WN722N from Amazon.
If you are looking for a better range – better quality wireless adapter for KALI then I recommend using Alfa AWUSO36NH. Also, don’t forget to add better antenna’s (9-12 dBi).
If you are looking for Ultimate range WiFi antenna (up to 56 Km?) then, try – TP-LINK TL-ANT2424B 2.4GHz 24dBi.

TIME NEEDED – To Hack WiFi’s Passwords

Wifite is an awesome automated tool, very efficient and just asks you to choose your target. Of course, advance users can play with different switches and commands to can customize it according to their needs.
WEP – Usually less than 10 Minutes (2 min. in our case) – 99.9% Chances.
WPA or WPA2 – Usually few seconds to Never – 20% Chances.
WPS Enabled WPA/2 – Usually few hours (2 to 12 hours) – 50% Chances.
Factors Affecting our Hacking Process:
  • Increase in distance between hacker and target decreases the process speed.
  • Increase in Traffic and no. of Users on target WiFi network increases process speed).
  • Poor wireless adapter decreases the WiFi cracking process speed (Generally speaking).
  • Large number of WiFi networks around you (usually on same channels) decreases speed.

Tutorial: Let’s Hack WiFi Passwords with Wifite:

Ready to Hack WiFi Password? First Go to Application > Kali Linux > Wireless Attacks > 802.11 wireless tools > Wifite; or simply type wifite in Terminal. Now you can see List of Available WiFi Access Points. (you must be root).
How to Hack WiFi Password - wifite
Now wait for few seconds or a couple of minutes, you’ll see all nearby WiFi Listed. You’ll  notice three types of WiFi’s i.e. WEP, WPA/WPA2 (with and without WPS enabled). We’ll hack each one of them.
Let’s begin with WEP cracking and then we’ll move to WPA/WPA2 and finally to WPS enabled WPA/WPA2.
* Choosing a WiFi with good signal strength and having client(s) associated with that AP (Access Point) will be the best deal otherwise get ready for frustration!

How to Hack WiFi Password – WEP?

You don’t have to do anything when you have Wifite. Just choose the appropriate target NUM (1,2,3,..,n) to crack it. There are currently 5 attacks available for cracking WEP key that ensures almost 100% chances of getting the WEP WiFi password.
It shouldn’t take more than 10 minutes for an attack to be completed. If one WEP Wifi attack fails, the other will be automatically come into action (for next 10 minutes).
In the image below, I’ll choose NUM 2 Wifi which is WEP and have clients, although signal is quiet low. After selecting “2” the WEP WiFi got cracked in just 2 minutes. That’s simply Amazing!
CRACK WEP KEY WIFITE
The WEP Key is a Hexadecimal representation of WEP WiFi’s password. You can simply use the WEP Key as the WiFi password. You can also convert it into human readable form (actual password) using any free online Hex-to-ASCII converter.
Note: I had also shown same WEP WiFi password hacking (with aircrack-ng suite) in my previous article – How to Crack WEP WiFi Key on Kali Linux Using Aircrack-ng!.

Cracking WPS WiFi Password

Just like above WEP WiFi password hacking, you don’t have to do anything much. Just choose your target (WPS enabled) and see the magic. As mentioned it might take few minutes to some hours depending on router you are attacking. So, be patient when you’ll try to Hack WiFi Password of WPS enabled WPA/WPA2 Network!
WIFITE WPS
Trouble shooting: Some routers will block you from brute-forcing (pin attack) and Wifite will display “WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking”, at that time you might be out of luck and have to tweak Wifite with some customizing commands. Many tweaks are available online, just Google for it.
(Hint: Spoofing MAC identical to an associated client or using delayed PIN attack –d 60 might help!)
NOTE: Wifite internally uses reaver (a WPS only WiFi password hacking software) to accomplish above WPS cracking task. As far as I know Wifite don’t provide reaver’s feature of saving current progress (no pause option). That means if Wifite fails with WPS, you have to start again but with reaver you can save you progress automatically and resume WPS cracking next day or next week .

How to Hack WPA/WPA2 WiFi Password?

Now again, following the above fashion, you don’t have to do anything. Just choose your WPA/WPA2 target and see the miracle. As mentioned it might take few minutes to Never depending on WiFi’s password strength. The stronger the password, the difficult will the password hacking process.
Handshake is a file that is captured when router (WiFi Access Point) and client(s) (laptop, mobile or other WiFi enabled devices) communicate to authenticate each other. Handshake file contains password but in encrypted form. We will try different password combination on the encrypted password to get the original password (known as brute forcing). Brute-forcing is done offline and handshake can be easily captured in less than 2 minutes.
A dictionary file is a file that usually contains all known words from different dictionaries (English or other languages) and other sources. These words or phrases can be a WiFi password. Usually most dictionaries contains few thousands to billions of passwords.
A password file may contains all possible words created using combination of different character and numbers (even special symbols) in a file that becomes very huge and needs lot of computational/cracking power.
Hint: You can use rockyou.txt, darkcode.lst or crackstation dictionaries-password files.
Hack WPA2 Wifi Wifite
The above command will crack the saved handshake (TEST_C0-A0-BB-04-5C-A9.cap) using a password file (rockyou.txt) that is saved by me at /root/DICTIONARY/.
Hack WiFi Password - WPA2 WiFi Password Cracking
The above WPA2 Got cracked easily because password was easy, but if you’re dealing with strong password you may have to wait for hours, days or months to crack it. The truth is that even after trying for months you may fail to recover strong WiFi passwords.
You might also be interested in reading the article – How to Crack WEP WiFi Key on Kali Linux Using Aircrack-ng!.

How to Protect your WiFi from getting Hacked?

From the above demonstration it’s understood that WiFi’s password hacking process is very easy. You should now focus on tightening your WiFi security (instead of going to jail for any hacking act). I hope this articles makes average Internet user aware about information security and WiFi hacking. Following are some tips you can implement for WiFi security.
  • Change WiFi security from WEP to WPA/WPA2. WEP is now depreciated security protection.
  • Don’t enable WPS as it has lots of vulnerabilities. Google for WPS CVE (Common Vulnerabilities and Exposures).
  • Change your WiFi password periodically so that in case someone gets hands on your WiFi password, he/she shouldn’t be able to enjoy your free Internet for long .
  • Finally, try to hack your own WiFi Password (as shown in this article) then try to upgrade your security. then repeat the WiFi auditing process and confirm your security gain.