Now, there are some (actually a lot of) Online websites, as well as Offline tools which claim to ‘Remove’ or ‘Hack’ Passwords of any Wi-Fi network. Tried any of these? Well, if you are reading this article, then probably you must have tried at least some of these so called ‘Wi-Fi Hacking tools’. I’m not blaming you for being fooled by such websites, because, Humans by birth, are very anxious, materialistic and they want to look cool and sound cool. So, the most common thing that people try to do to look cool, is to hack something, as simple as eating a piece of cake.
Why is hacking considered as the coolest thing on this planet?
Yes! Movies, ‘Reel Hackers’ are really cool (they are shown by the film-makers like that).
Alright, now let me come straight to the point, In this tutorial I will be teaching you how to Crack a Wi-Fi Password like a Hacker! 😀
Wait, wait… I’m a really careful person and I like to take care of things, which I do. So, here is a quick Disclaimer for you, read it before going to the actual tutorial.
Disclaimer : This tutorial is intended to bring awareness in you, about how hackers can hack your Wi-Fi password. Besides, only use this technique on your own Wi-Fi network to test your password strength. Hacking anyone’s Wi-Fi without their permission is a Cyber Crime.
Things You Need to Know before Cracking a Wi-Fi Password
I believe that in-order to hack something, you need to firstly know how that ‘something’ works like. Only then, you will figure out how you can hack that particular thing.
So, I’m going to briefly describe some things that you need to keep in your mind before trying to crack a Wi-Fi Password (You can skip this part, but it is recommended to read this so you can thoroughly understand this tutorial)
WPA/WPA2 – What are these?
These are the types on authentication modes that Wi-Fi technology uses in-order to keep Wi-Fi networks secure. However, there is another outdated mode known as WEP (which we will be excluding in this tutorial)
WPA stands for Wi-Fi Protected Access and WPA2 stands for Wi-Fi Protected Access 2
How is a Wi-Fi Password Saved?
There is a term called ‘Hashing‘ which you all need to be familiar with. It is a way of storing passwords on databases, which ensures more security. This is also known as ‘One Way Function‘. Storing a plain password is always dangerous and it doesn’t ensure security to the users. So, as soon as you submit your password, it gets converted into an alpha numeric string and that String gets stored instead of the actual plain password. So, even when there is a security breach, and the hacker has your password, he/she will not be able to directly see your password unless he cracks your password hash(which is really hard if your password is strong enough)
For Example, the MD5 Password hash of 12345678 is 25d55ad283aa400af464c76d713c07ad (seems very complicated, isn’t it?)
What happens when a Device connects to a Wi-Fi Network?
The WPA/WPA2 uses a technology called TKIP which stands for Temporal Key Integrity Protocol. The best thing about this (not ‘best’ in hacker’s perspective) is that the PSK(Pre-Shared Key) and the Network SSID together create a unique key which is unique for every client connected to that Wi-Fi. As long as the passwords match, the access is granted to the Wi-Fi network.
Brute Force Attack
In this attack we have a text file which contains random key phrases (Alphabetical, Aplha numerical, and numerical) called Wordlist. What we do is, we take the password hash of the target Wi-Fi Password and then compare it with the password hashes of each key phrase in the wordlist file. If any password hash matches with the original password hash of the Wi-Fi password, it means that the password is found successfully and the cracking went as expected. In this tutorial, we will be using this technique to crack WPA/WPA2 Wi-Fi passwords. It might seem silly to you, that taking each key phrase from the wordlist and comparing it with the actual Wi-Fi key is a age-old technique, but its not! It’s the only possible way to crack a Wi-Fi password (other than social engineering)
• A Wi-Fi Password Can be between 8 to 64 characters long including numbers, symbols, and English Alphabets.
How to Crack WPA/WPA2 Wi-Fi Passwords in Kali Linux
We will be using Kali Linux to crack WPA/WPA2 Passwords. If you don’t have Kali Linux Installed on your Computer, check this video to learn how to dual boot Kali Linux on your hard disk.
Step 1 : Download a Wordlist. A wordlist is a text file which contains random keyphrases. You can download different Wordlists here
Step 4: Now type in the following command airodump-ng -c <channel number> -w <Any name> –bssid <Network bssid> <Network interface>
Here in the section <any name> give any name you want, the 4 way handshake of that network will be saved under this name
This command is to capture a 4- way handshake with the Access Point (Wi-Fi Router). When we capture a handshake with the router, it means that we have successfully captured the Password Hash of the Wi-Fi Password.
We can capture this 4 way handshake in two ways, the first way is to disconnect or de-authenticate a device which is already connected to the target Wi-Fi Router. The second way, is to wait for a device to connect to the Wi-Fi router.
The second method is time taking as we need to wait for some device to come and connect to the AP, so we will use the first method so that we can readily obtain the handshake by disconnecting an already connected device.
Step 5: So, to capture the handshake, open a new terminal (don’t close the old terminal) and type in the following aireplay-ng -0 -0 -a <Network bssid> <Network Interface>
Now, this will send a deauthentication request to the Access Point(Router) and all the devices which are connected to the target network should get disconnected automatically.
Once the devices are disconnected from the target network, they will try to re-authenticate with the Router. This is what we want in-order to capture the handshake with the Wi-Fi router. If everything went as expected, you will see something like WPA handshake : in the old terminal that is kept open on your screen. This means that we have gained the password hash.
Now hold Ctrl+C to stop the process
Step 6: Open a new terminal and type in ls , this will list out all the files that are present in the root directory.
Here, you must find the file with a .cap extension and the name of the file is what you have given it earlier. This file actually has the Password hash of the target Wi-Fi Password.
In my case, it is tutorial-01.cap
Step 7 : In the final step, type the following command aircrack-ng -w <Wordlist file location> <Handshake file name>
In my case, I saved the wordlist file to /root/Desktop/wordlist so I will enter the same.
This will start the Brute Force Attack. If the password is cracked, it gets displayed on the root terminal. The time of cracking a Wi-Fi Password depends on its strength. If the password contains numerous characters including Upper case, Lower case, and numerical, then it takes the hacker, a lot of time (sometimes days, months and years!) to crack such passwords.
So here is an advice to you all, while choosing a Wi-Fi password, make sure it is lengthy and includes Upper case, lower case and also numbers.
Check this video tutorial on how to Crack WPA/WPA2 Wi-Fi passwords in Kali Linux. Do Subscribe us on Youtube for more updates!
Founder of Tech Raj
Contact Email : firstname.lastname@example.org