Saturday, 5 October 2013

How To Hack A Wifi Password

                                 





Wifi networks are nowadays a best source to use free internet but they are protected. so here is trick to hack a wifi network password to use unlimited internet.







1) First we need to scan for available wireless networks.

Theres this great tool for windows to do this.. called “NetStumbler”

or Kismet

to download Netstumbler CLICK HERE




for Windows and Linux use netstumbler




and KisMac for Mac.




The two most common encryption types are:

1) WEP

2) WAP




WEP i.e Wire Equivalent Privacy is not consideres as safe as WAP

i.e Wireless Application Protocol.

WEP have many flaws that allows a hacker to crack a WEP key

easily..

whereas




WAP is currently the most secure and best option to secure a wi-fi

network..

It can’t be easily cracked as WEP because the only way to retreive a

WAP key

is to use a brute-force attack or dictionary atack.







Here I’ll tell you how to Crack WEP

To crack WEP we will be using Live Linux distribution called

BackTrack to

crack WEP.

BackTrack have lots of preinstalled softwares for this very purpose..



The tools we will be using on Backtrack are:




Kismet – a wireless network detector

CLICK HERE TO DOWNLOAD KISMET




airodump – captures packets from a wireless router

CLICK HERE TO DOWNLOAD AIRDUMP




aireplay – forges ARP requests

CLICK HERE TO DOWNLOAD AIREPLAY




aircrack – decrypts the WEP keys

CLICK HERE TO DOWNLOAD AIRCRACK







1) First of all we have to find a wireless access point along with its

bssid, essid

and channel number. To do this we will run kismet by opening up

the terminal

and typing in kismet. It may ask you for the appropriate adapter

which in my

case is ath0. You can see your device’s name by typing in the

command

iwconfig.




2) To be able to do some of the later things, your wireless adapter

must be put

into monitor mode. Kismet automatically does this and as long as

you keep it

open, your wireless adapter will stay in monitor mode




3) In kismet you will see the flags Y/N/0. Each one stands for a

different type

of encryption. In our case we will be looking for access points with

the WEP

encryption. Y=WEP N=OPEN 0=OTHER(usually WAP).




4) Once you find an access point, open a text document and paste in

the

networks broadcast name (essid), its mac address (bssid) and its

channel

number. To get the above information, use the arrow keys to select

an access

point and hit <ENTER> to get more information about it.




5) The next step is to start collecting data from the access point with

airodump. Open up a new terminal and start airodump by typing in

the

command:

airodump-ng -c [channel#] -w [filename] –bssid [bssid] [device]

In the above command airodump-ng starts the program, the channel

of your

access point goes after -c , the file you wish to output the data goes

after -w ,

and the MAC address of the access point goes after –bssid. The

command ends

with the device name. Make sure to leave out the brackets.




6) Leave the above running and open another terminal. Next we will

generate

some fake packets to the target access point so that the speed of the

data

output will increase. Put in the following command:

aireplay-ng -1 0 -a [bssid] -h 00:11:22:33:44:55:66 -e [essid]

[device]

In the above command we are using the airplay-ng program. The -1

tells the

program the specific attack we wish to use which in this case is fake

authentication with the access point. The 0 cites the delay between

attacks, -a

is the MAC address of the target access point, -h is your wireless

adapters MAC

address, -e is the name (essid) of the target access point, and the

command

ends with the your wireless adapters device name.



7) Now, we will force the target access point to send out a huge

amount of

packets that we will be able to take advantage of by using them to

attempt to

crack the WEP key. Once the following command is executed, check

your

airodump-ng terminal and you should see the ARP packet count to

start to

increase. The command is:

aireplay-ng -3 -b [bssid] -h 00:11:22:33:44:5:66 [device]

In this command, the -3 tells the program the specific type of attack

which in

this case is packet injection, -b is the MAC address of the target

access point, -h

is your wireless adapters MAC address, and the wireless adapter

device name

goes at the end.




Once you have collected around 50k-500k packets, you may begin

the

attempt to break the WEP key. The command to begin the cracking

process is:

aircrack-ng -a 1 -b [bssid] -n 128 [filename].ivs

In this command the -a 1 forces the program into the WEP attack

mode, the -b

is the targets MAC address, and the -n 128 tells the program the

WEP key

length. If you don’t know the -n , then leave it out. This should crack

the WEP

key within seconds. The more packets you capture, the bigger

chance you

have of cracking the WEP key.







FOR EDUCATIONAL PURPOSE ONLY. I AM NOT RESPONSIBLE FOR ANYTHING YOU DO WITH THIS.

0 comments:

Post a Comment