Hello friends, In this tutorial, I’m going to show you how to hack wifi. Many of my friends were asking me to write a tutorial on hacking wifi, so here it is.
You probably want to hack wifi because you want to enjoy free Internet.
For me, this was my only motivation to hack into someone’s wifi. This was the only reason for me at least.
I don’t know about you… but I guess you too want to enjoy free Internet.
So… here is the guide which will show you how to hack wifi step by step. I wrote this tutorial in such a way that every beginner will easily be able to crack any wifi. This is a step by step approach into hacking wifi.
RECOMMENDED: Ethical Hacking For Beginners
RECOMMENDED: Basic Linux Commands For Beginners
In this tutorial I’mg going to use the hackers OS.
Yes… the hackers OS which is Kali Linux.
I’m quite sure that you already know about Kali Linux and what it is used for. It is the most used hacking Operating System. The other one is Parrot OS. Which is also quite popular.
Also as a side note, I have written a tutorial on how to install parrot os, you can read it if you want to.
But for this tutorial, I’m going to use Kali Linux for wifi hacking. I’m running a live version of kali which is very cool.
Just in case you don’t know, live version means you are directly running the OS without having to install it on your disk.
Now, let us have a look at the types of WiFi Networks that you can find in your neighborhood.
1. Open Networks (You gotta be kidding me)
These types of networks don’t have any password to them. Anybody can connect to wifi a network that is open. I’m pretty much sure that nowadays you won’t find any wireless network with an open router configuration. If you have found one then you are very lucky.
2. Mac Filtered (Ummm… Not so secure)
Some people use mac filtering for their wifi security. In this type of wifi security, a person uses a whitelist to allow some devices, based on mac address to connect. Or a person can use a blacklist to block specific mac addresses that are not able to connect to the wireless network. This type of security is very easy to set up and does not requires much effort.
3. WEP (Easily hackable)
The WEP stands for Wired Equivalent Privacy. Wifi networks using WEP security are the easiest target for hackers because it has many vulnerabilities. So if you see a wifi network that is based on WEP security that you can easily hack that network. This security standard is not used by routers anymore. In the modern wireless routers, you won’t be able to find WEP option.
4. WPA (This person knows something about security)
This is the next version of WEP security. It stands for Wi-Fi Protected Access. It is somewhat better than WEP but not completely secure.
5. WPA2 (Pretty secure)
The WPA2 is very secure and can’t be hacked easily. Wifi networks using WPA2 security are considered as secure. But you surely can hack a WPA2 enabled wifi network but it will require more time.
READ: How To Hack Instagram
READ: Best Free Proxy Sites
How To Hack WiFi Passwords WPA & WPA2
Anyways, enough talking let’s jump right into hacking wifi networks.
But before you go ahead and hack your neighbor’s wifi, let me warn you! And here is a quick disclaimer for you.
So let’s start.
Now, if you want to hack wifi, you first need to discover all wifi networks around you. You’ll also need to get the information about the wifi networks that are within your wireless card range.
Of course, you can have a look at all the wireless networks by clicking on the connect wifi icon.
But this is not much help. You need to gather more information about the wireless network that you want to hack.
So, to do this you’ll need to change your wifi card to monitor mode. By default, it is in managed mode.
It is not a complex process, just follow the following simple steps:
Step 1: Find your wireless card name.
Simply run the command–iwconfig wlan0
You can see that the mine wireless card is named wlan0 and it is running in managed mode. To find your wireless card name simply run the command–iwconfig
Step 2: Run the following series of commands.
Also remember, if you are running these commands and not seeing any error then the commands are executing successfully.
Don’t think that if you are not getting any output, then the commands are not executing.
ifconfig wlan0 down
This command will turn off your wireless card. You need to run this command to make sure, you don’t have any error while trying to change the wifi card to monitor mode. Once you have turned off your wifi card run the next command.
iwconfig wlan0 mode monitor
Now, this is the command which will turn the mode of your wireless card to monitor mode.
ifconfig wlan0 up
Once you have changed the mode to monitor mode, you’ll need to turn on the wifi card.
That’s it, now you are in monitor mode and you can easily sniff packets from the wireless networks around you.
Just to make sure, perform the optional step 3.
Step 3: Check if you are in monitor mode.
Again run the command–iwconfig wlan0 and check the mode part. If it’s written monitor in front of it, you are good to go.
Run the command–airodump-ng wlan0 to see all the wifi networks around you.
Now, you’ll be able to see all the networks within your wifi range. You are able to see these network only because you’ve turned the wifi to monitor mode.
Now, you have successfully discovered information about the wireless networks around you. Let’s move onto the real stuff now.
In this wifi hacking tutorial, our primary focus is on hacking WPA and wpa2 wifi networks.
Because these are the two widely used wifi encryption techniques, the focus of this tutorial will also be on these encryption types. Since these are the most used encryption techniques, you’ll be able to hack the majority of wifi networks around you.
So to hack WPA and wpa2 wifi networks, you need to capture a handshake packet from the wifi network that you are trying to hack.
Think a handshake packet like a request which is sent to the wireless router every time a new client connects to it. This client needs to have all the credentials like a password in order to connect to the router.
So our first step is to capture the handshake packet. But remember, we can only capture this handshake only when a new client connects to the router.
Step 1: Capture the handshake packet.
So let’s first have a look at all the networks available.
Simply type airodump-ng wlan0
Now it will list all the wifi networks within your wifi card range. You can see I have only one access point available within my wireless card range.
- The first column BSSID is the MAC address of the access point (means our router).
- CH stands for the channel, it is the channel which the router is using to transfer the signals.
- ENC stands for encryption and it tells the type of encryption a router is using. In my case, it is WPA encryption.
- At last ESSID is the actual name of the wifi network.
So now you have some understanding of a few of the important columns. Let’s work now to hack this wifi network.
Run the above command and look for the wifi network which you are trying to hack.
So here, I’ve set up a network named hackingpress.com. This access point is going to be my target. You find your’s and follow each of the steps that I implement on this wifi network.
First, I will gather more information about this single wifi network, I will use the following command–
airodump-ng –bssid [bssid] –channel [channel] –write [filename] [interface]
This command will look like this in my situation:
The final command in your situation will be different. So make sure you run the command by supplying it the correct information. Otherwise, it will not work.
So once running this command, I’ll have all the details of this wifi network.
As you can see, there are two blocks in the image above. The first is listing all the information about the wifi network that I selected above.
…the second block here is giving information about the devices that are connected to selected wifi network.
…you can see, only one device is connected to this wifi network. Also, keep in mind I’m doing all this to capture the handshake. You also need to capture the handshake packet in your case.
But remember, what I said earlier…
…we can only capture a handshake only when a new device connects to the network.
Now you might be thinking that I’ll have to wait for a new device to connect to the network in order to get the handshake packet.
But, I got a little trick. I can disconnect this connected device from the wifi network using a simple command. Once the device is disconnected it will automatically try to connect to the network again. That is when a handshake packet will be captured.
I’ll simply run the command–
aireplay-ng –deauth [no. of packets] –a [MAC address of router] –c [MAC address of the device connected to the wifi]
The command will look like this:
Now, once I run the command the aireplay-ng program will send 4 deauthentication packets to the client device. This will make the client disconnect and reconnect to the wifi network and boom… I have now got the handshake packet.
A huge chunk of work is done now.
Step 2: Create a wordlist file
The next step is to create a wordlist file. The wordlist file will be used in the next step to crack the WPA password.
With crunch, we will create all the combinations of the letters that we think is in the wifi password.
For example, let’s say I know that this wifi network has a password which contains characters abc12345, but don’t know in which order. Also, I know the password is 8 characters long.
Now, one way is that I can try all the possible combination of these characters to connect to the wifi network.
The other way is that I’ll use the crunch utility to create all the possible combinations of these characters which have a length of 8. I’ll use this list against the handshake packet that I captured earlier.
I hope, you got the idea why we are using the crunch software.
Here is the basic syntax of the crunch that we are going to use:
crunch [min] [max] [characterset] -o [output filename]
Now I’ll create a wordlist file which has characters abc12345. The min and maximum length of the password will be 8 which will be stored in a file name my-wordlist in my case.
You can name it anything.
Once the wordlist is ready. We just need to crack the wifi password.
Step 3: Actually hacking the WiFi
We’ll use aircrack-ng to hack the wifi password.
Here is the syntax of the aircrack-ng command–
aircrack-ng [handshake-file] -w [wordlist]
In my case the command will look like this:
After supplying the handshake file and the wordlist file to the command hit enter, it will start the cracking process.
The aircrack-ng uses a special technique to check each wifi password stored in the wordlist file against the captured handshake. Once a match is found it will tell you the wifi key which can be used to connect to the network.
Now, we have successfully hacked the wifi network. The key found is abc12345, which is correct. Once you have found the key for your desired WiFi network, you can use to connect to it.
Rundown: How To Hack WiFi Passwords WPA & WPA2
So this was all about how to hack wifi using Kali Linux. As you can see the process of hacking wifi is very simple. You just have to follow some series of commands to hack any wifi network.
With the method above you can hack any WiFi network of encryption type WPA or WPA2. In the coming days I’ll be updating this post regularly to give you more methods on hacking wifi, so make sure you bookmark this page.
I hope this post was helpful for you!
If you have any doubts and queries, please leave a comment below. I’ll love to hear from you!