Hacking Tony

Cyber security tutorials

User Tools

Site Tools

Trace:
get_wifi_password

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
get_wifi_password [2017/09/11 21:46] Santiget_wifi_password [2019/01/04 13:06] (current) – external edit 127.0.0.1
Line 1: Line 1:
-===== How to get a WiFi password using Aircrack-ng =====+===== WiFi password attack ===== 
 + 
 +{{ wiki:aircrack_ng.jpg}}
  
 In this tutorial we are going to show how you can get a WiFi password from any visible APs around you. We will use the Aircrack-ng tool and, because we are going to use [[http://www.kali.org|Kali Linux]] distribution, we haven't given any detail about the installation of this tool. In Kali, every tool wee need is already installed. In this tutorial we are going to show how you can get a WiFi password from any visible APs around you. We will use the Aircrack-ng tool and, because we are going to use [[http://www.kali.org|Kali Linux]] distribution, we haven't given any detail about the installation of this tool. In Kali, every tool wee need is already installed.
Line 76: Line 78:
 santi@kalibook:$ airodump-ng -c 1 --bssid F4:8E:92:36:EB:F8 -w WPAcrack wlan0mon --ignore-negative-one  santi@kalibook:$ airodump-ng -c 1 --bssid F4:8E:92:36:EB:F8 -w WPAcrack wlan0mon --ignore-negative-one 
 </code> </code>
 +
 +Now, we will see how airodump searching for the handshake:
  
 <figure> <figure>
 {{ wiki:searching_handshake.png }} {{ wiki:searching_handshake.png }}
 <caption>airodump trying to get the handshake</caption></figure> <caption>airodump trying to get the handshake</caption></figure>
 +
 +When airodump has found the handshake it shows it on the left top corner of the screen and it continues working. When you see the handshake written in the corner you can stop airodump pressing ''Ctrl-C''
  
 <figure> <figure>
Line 86: Line 92:
  
 Once we have the handshake we have two choices: Once we have the handshake we have two choices:
-  Crack the password (not possible if the WiFi connection use WPA/WPA2 encryption) +  Crack the password (not possible if the WiFi connection use WPA/WPA2 encryption) 
-  Try to discover the password using a dictionary attack+  Try to discover the password using a dictionary attack 
 + 
 +By the moment we will try to discover the WiFi password by dictionary attack. To do that, first, we need a dictionary. Because we are using Kali we can found some dictionaries in the ''/usr/share/wordlists''. For example, in this case, we will use ''rockyou.txt.gz''. You can found other dictionary in some links in [[extra:resources|Resources]] 
 + 
 +First, we need to gunzip the file:
  
 <code bash> <code bash>
-santi@kalibook:aircrack-ng -w dictionary.dic -b F4:8E:92:36:EB:F8 WPAcrack.cap+santi@kalibook:gunzip rockyou.txt.gz
 </code> </code>
 +
 +And now we can execute aircrack-ng with the dictionary file, the MAC address of the AP and the file that airodump has created once it has found the handshake. Normally, the file is named ''WPAcrack-XX.cap'' where ''XX'' is the number of the different attempts you had done previously.
 +
 +<code bash>
 +santi@kalibook:$ aircrack-ng -w rockyou.txt -b F4:8E:92:36:EB:F8 WPAcrack-01.cap
 +</code>
 +
 +We will see how aircrack-ng is searching the password trying with every word in the dictionary.
  
 <figure> <figure>
 {{ wiki:searching_key.png }} {{ wiki:searching_key.png }}
 <caption>Aircrack-ng is searching the WiFi password</caption></figure> <caption>Aircrack-ng is searching the WiFi password</caption></figure>
 +
 +Once aircrack has found the password (if it did it), it will show it in the center of the screen. Then, you have the password to connect to this WiFi connection.
  
 <figure> <figure>
Line 104: Line 124:
  
 As you can see in the example above, it is not very difficult to perform an attack to get a WiFi password if the connection is not properly configured. We must notice the following aspects: As you can see in the example above, it is not very difficult to perform an attack to get a WiFi password if the connection is not properly configured. We must notice the following aspects:
-  * Only select WPA/WPA2-PSK encryption methods +  * You must select only WPA/WPA2-PSK encryption methods. In this way you can prevent that someone crack your WiFi password 
-  * Change default password for a real stronger password. You must use letters, numbers, capital letters and special characters (like !, ., ?). You can check if your password is strong enough in some websites like [[https://password.kaspersky.com|Kaspersky Secure Password Check]] +  * You must change default password for a real stronger password. You must use letters, numbers, capital letters and special characters (like !, ., ?). In this way you can prevent the dictionary attack. You can check if your password is strong enough in some websites like [[https://password.kaspersky.com|Kaspersky Secure Password Check]] 
-  * You also can change the SSID of your Wifi connection. Notice that some companies put similar names to all WiFi routers they provide. In this case, it is easy to know which type of router you have and to look for, for example, an specific vulnerability on it. +  * You also can change the SSID of your Wifi connection. Notice that some companies put similar names to all WiFi routers they provide. In this case, it is easy to know which type of router you have and to look for, for example, an specific vulnerability on it. An attacker can obtain passwords from an specific password generator that generates them following the same seed that the company of your router.
  
 ---- ----
  
 (c) 2017 Hacking Tony (c) 2017 Hacking Tony
get_wifi_password.1505166391.txt.gz · Last modified: 2019/01/04 13:06 (external edit)