By Asif
Disclaimer! Hacking
Wireless networks that you do not own is forbidden in all the
Countries. This Article has been created for Educational purpose only.
The Internet is a necessity today. From your work to your leisure, you are dependent on the internet.
It
may be possible that internet connectivity is not available in an
urgent situation. But, there are public Wifi Hot-spots in the vicinity.
Unfortunately, they all are secured with passwords.
You’d be helpless in this particular situation if you don’t know ways to hack public WiFi Hot-spots.
Most
of the WiFi hacking apps available on the internet can trick you into
installing adware. You will end up infecting your computer with malware
or unrelated software. They don’t serve the purpose of cracking WiFi
passwords.
This post aims to create awareness about the genuine apps and software that can be used for cracking WiFi passwords.
No idea how WiFi works? Watch this
video on you-tube
There are two principal ways to crack WiFi Passwords:
Passive sniffing,
where the laptop’s WiFi settings are adjusted to detect and decipher
all the network activities happening through a particular hot spot.
Man-in-the-middle Attack is another way in which a hacker sets up a fake Network Access point and tricks the user into connecting to it.
Before we discuss any further, let us have a look at the evolution of encryption levels in the Wifi hotspot security.
WiFi Encryption levels
It all started with WEP in the last decade of 20th century. WEP stands for
“Wired Equivalent Privacy”
which was launched in September 1999. From the starting, it was not a
strong security system. It had many flaws. With time, increased
revisions led to longer encrypted keys, revised algorithms for better
protection until it was hacked officially by FBI using free software.
Later, it was discontinued from 2004.
“Wifi Protected Access-Pre-Shared Key” (WPA-PSK) was the successor that used
256 bit
key for advanced and stronger protection. A Special protocol called
“Temporal Key Integrity Protocol” (TKIP) was used in WPA-PSK that was
more secure than WEP.
But TKIP was an upgraded component for WEP
that utilised some of the elements incorporated in WEP. This led to a
security breach in WPA-PSK as well.
WPA2-PSK
succeeded WPA-PSK. WPA2-PSK incorporated “Advanced Encryption Standards”
(AES) algorithm for stronger encryption. But still, the “hashed
password” obtained during the
4-way handshake
(authentication protocol), can be cracked using Wi-Fi cracking
softwares. Towards the end of this post, we have discussed cracking
Stronger WPA2-PSK Wifi passwords using widely used Wifi hacking suite.
Six Ways to Hack any Public Wifi hotspot.
Let us now read on to know the various ways that i will be discussing here:
- Getting quick Access by Pressing WPS button
- Stealing Wifi passwords from already connected devices
- Using Wifi password sharing apps for Smartphones
- Using Wifi Hacking apps for Smartphones
- Stealing Wifi Passwords using “WifiPhisher” Hacking Tool
- Cracking Strong WPA2 Passwords using AirCrack-NG and Cowpathy.
The
First Four methods are the easiest ones (straight forward) and need not require any extra efforts from your side.
While Methods
5 and
6
are also easy to execute, You will need to put in your efforts wisely
and requires you to have Good Knowledge of Terminal Commands. Above all
you need to have a lot of patience.
So lets get started!
1) Getting quick Access by Pressing WPS button
This is the easiest method of getting access to a wireless network.
Most
of the routers have a Wireless Protected Setup (WPS) button adjacent to
the Ethernet ports. You just have to press the button to activate it.
Your device will show the available wireless networks. Select the preferred network and you are all set to surf the internet.
Not
only router but wireless printers and other wireless devices also have
WPS button. The connecting procedure is similar to that of the router.
Watch these videos for detailed Instructions:
The
wireless network can be secured using an eight digit PIN code as well.
You can either use the predefined PIN available in the WPS configuration
page or set up the PIN code for the client to access the network.
In
some cases, The PIN is also printed on the back side of the router. All
you have to do is enter this PIN instead of Access point Password and
you are in.
But what if you cannot reach out to the router? You
could just try all the PIN combinations since the PIN code is vulnerable
to brute attacks by the hackers. The code is stored in two separate
blocks in the router. A hacker, with simple tools, can find the PIN code
by brute force attacks and access the wireless network. Read on to
method 4 to know the app that does just this.
2) Stealing Wifi passwords from already connected devices
This one is easy to accomplish. Let’s assume, you want to connect your device to the wireless network.
Now,
you may remember the password or you don’t. In the latter case, you can
either send a password information request to the administrator or you
can directly ask for it.
If the administrator is your friend, don’t hesitate in grabbing the device and reveal password from the settings!
Here’s what you have to do:
For windows machines:
Open “Command Prompt” in Administrator mode (search for CMD, Right-Click on it and choose Run as Administrator )
Enter the following Command and Hit ENTER to reveal Wifi Password:
netsh wlan show profile name=hacker9 key=clear | findstr Key
Your password will be displayed in plain text next to “Key Content” field.
[
* ] Replace “hacker9” with your network name “SSID” of the WiFi hotspot you want to connect to.
For Mac:
Open Terminal >> Type the following command >> Hit Enter.
security find-generic-password -wa hacker9
You
will be asked to authenticate yourself, Enter your Mac username and
password and click ok. Your password will be displayed on the screen in
plain text.
For Android Smartphones:
If your Android phone is Rooted, you can use this “
Wifi Password Viewer” app to reveal your wifi password.
3) Use WiFi password sharing apps for Smartphones
There are smartphone apps with a database of credentials of various Wi-Fi access points across the world.
These Public but protected Wi-Fi access points can be of any coffee shop, hotel or hospital.
The users, who have already accessed these protected Wifi hotspot, share the details in the app for others to use.
In
these apps, you could find the Wifi password of a restaurant in your
locality or if you are traveling in any part of the world, there is a
possibility that you get Wifi access information of a café or Airport
there.
Here are some of the popular apps:
4) Use WiFi Hacking apps for Smartphones
There are two kinds of Wifi password cracking apps for smartphones.
1) Apps that abuse WPS PIN vulnerability found in the Router
These
sophisticated apps can hack WPS-enabled Wifi Hotspots by exploiting the
WPS protocol. Some work on rooted devices while others are compatible
with non-rooted devices. At the same time, there are apps that can work
on both rooted and non-rooted devices.
Popular apps that abuse WPS vulnerability:
These apps make use of various algorithms like Zhao, TrendNet, Dlink and Arris to crack the password.
2) Apps that use Bruteforce and Dictionary attacks to crack passwords
Brute
force attack is a trial and error method for deciphering the password.
You can enter the alphabets and length of the password and the app will
try all the possible combinations.
WIBR Plus is one such app for Android that will let you hack any Wifi connection that uses a weak password protection.
Essentially,
the app makes use of a brute force attack that allows you to perform
dictionary-based attacks on the targeted router and discover the
password.
It may take from few thousand attempts to millions depending upon the password strength.
5) Stealing Wifi Passwords using “WifiPhisher” Hacking Tool
Note:
Before you start reading about his method, I recommend you to go
through Method #6 to understand what “Hacking suite” is made up of and
what hackers rely on.
WifiPhisher has a different approach to obtain Wifi passwords.
In
this method, The user itself reveals the password and you don’t need to
crack the password by exploiting the algorithm or employing brute
attacks.
Sounds Good?.. Yes, you can steal WiFi passwords using WiFiPhisher Tool from any secured network.
WifiPhisher
uses the man-in-the-middle approach where the attacker creates a
replica of the original Wireless Access Point. After that it compels the
user to de-authenticate from the existing access points by jamming all
the access points.
When the user tries to re-authenticate, the
exact but fake Wireless Access Point’s interface is displayed with a
webpage that notifies them that a “firmware upgrade” has taken place,
and that they need to authenticate again.
The user Enters the
password on that webpage thinking its a legitimate warning. The password
is then passed to the hacker who had set-up fake Access point and as
soon as he receives the password he then allows the user to connect to
the real access point by disabling his fake one. This way, Wifi network
credentials can be obtained.
Full Tutorial here: How to use WifiPhisher
Official Github repo: WifiPhisher
6) Cracking Strong WPA2 Passwords using AirCrack-NG and Cowpathy.
Till
now, we discussed simple tricks and smartphone apps that can help in
cracking or stealing the Wi-Fi hotspot password. With WPA2 encryption,
most of the times, it is difficult to crack the password.
As mentioned earlier, WPA2 uses Advanced Encryption Standards (AES) protocol. This results in longer and stronger passwords.
To
crack WPA2 wifi passwords, you need a reputed and effective hacking
suite. Using a hacking suite requires software and hardware with heavy
configuration.
Hackers and Penetration testers around the world use “
Kali Linux Operating System” for carrying out any type of hacking, Including Wireless hacks.
Inside
Kali OS, There are different hacking modules for different purposes.
Aircrack-NG
is the most widely used wireless hacking suite (module) in the world.
It comprises of a complete set of tools that can be used for maneuvering
and cracking Wi-Fi networks.
Despite being the most advanced
hacking suite, it is sometimes very slow in cracking passwords. To
compensate the slow speed, researchers have developed another wireless
hacking tool called
CoWPAtty
which is an alternative for Aircrack-NG but often hackers use both to
get optimal results. I.E. CoWPAtty can be used to speedup cracking WPA2
password by implementing dictionary or brute force attack.
Let us look at the basic steps to successfully crack strong Wifi passwords:
Our main task is to obtain “encrypted password”, So that we can decrypt it for plaintext password.
- The
first step is to make sure that our Wifi adapter/card is able to
receive all traffic data. By default your wireless card will only
receive packets that are intended for it.
But since you do not
have access to the network, you will not receive any traffic data unless
you convert your wireless card into a promiscuous mode.
So the first tool that is being used is Airmon-ng, which will allow our wireless card to hook-up with traffic data, no matter it was intended for it or not.
- The next tool that is neing used is Airodump-ng, which enables us to capture packets that we are interested in.
This
tool will display all the Access points nearby with their BSSID (MAC
address) including other information like the channel, the encryption
method, the speed, the type of cipher used to hash the password, SSID,
etc. We will be focussing only on the BSSID and the channel.
- After
finalising on best Access point with Knows SSID/ESSID, we will be
carrying out attack on this particular Access point. To be able to
capture the encrypted password for this Access point, we need to capture
the 4 way handshake (authentication protocol) and this is only possible
when someone (other client) is in the process of authentication.
To
be able to achieve this scenario, We will first de-authenticate any
client and allow them to authenticate again. So we use another tool
called Aireplay-Ng to de-auth any user.
- Once we de-auth the client, he will automatically try to authenticate again and during this process out previous tool Airodump-ng will silently attempt to grab their encrypted password in the new 4-way handshake.
- Now
that we have the encrypted password, we now attempt to crack it by
using a password file (Default password list included with aircrack-ng).
Depending on the length of your password list, It might take a few
minutes to a few days.
Refer this tutorial on
using Cowpatty – Wireless hacking tool.
If
you are using a normal PC to decipher the hashed password, it can take
years to crack it. This is because of infinite possible combinations of
characters.
To simplify your job, You need a fast and reliable
multi-core CPU. Given the infinite number of possible combinations for a
password, you cannot process the software on a normal CPU. The cores in
the CPU make difference. Opt for a multi-core processor before
initiating password cracking process.
You also require a powerful
wireless adapter.
Now, your device already has a WiFi adapter/card that can detect
network and connect to them. But, it cannot be used for the hacking
purpose. We cannot initiate our hacking process without the right
wireless adapter.
The adapter should be able to accomplish two
tasks. First, it should work in the monitor mode where it can detect all
the networks irrespective of the frequency.
Secondly, it should
be able to inject as well as detect all the packets in the air. A packet
is a unit of data that is being transferred from the access point to
the user and vice versa.
Now you know that you do need powerful
resources to actually hack strong Wifi passwords and it is a Big deal to
make your wireless passwords as much strong as possible.