Hey Guys, In this article I’ll teach you how to Hack nearby WiFi routers using Kali Linux.
In the first part of WiFi hacking we will use two tools
Stack utilities of aircrack tool.
In this we’ll use 2 tools which are used under Wireless Hacking. For this I’m using AWUS036NHA Alpha Wifi Adapter. If you want to see the configuration process then click here.
Part 1 is finding nearby Devices.
Here is the process:
Step 1: Open your terminal and type the following command
sudo airmon-ng start wlan0
Explaination: The above command will change the mode from managed to monitor mode. Monitor mode is basically to catch all the nearby frequencies. It will shutdown wlan0 and will switch on wlan0mon. It means it shutdowned managed mode and switched on monitor mode.
Step 2(optional): then Type the following commands in terminal:
Explanation: ifconfig is a optional to check if its started or not. And iwconfig to see that monitor mode is on and power mode is off)
Step 3: Now type the following command to search nearby list of routers in your range.
sudo airodump-ng wlan0mon
BSSID: Mac Address of router
PWR: How near is the frequency
Beacons: Record all beacons in the dump file.
#Data: How much data is passed out.
CH: On which channel it is running
ENC: What encryption does router have mostly have WPA2
CIPHER: Encryption format
AUTH: PSK(Pre Shared Key)
ESSID: Name of WiFi router.
NOW IN THIS SEGMENT WE’LL USE TWO MORE TOOLS:
Now that we know how to see nearby devices Next thing will be to choose the target for executing our hacking skills on them.
Step 5: Ctrl +C to stop the process of finding and searching and Choose your target mine is with ESSID E12.
Step 6: sudo airodump-ng — bssid <bssid> — channel <ch> wlan0mon
This will show the devices connected to a particular bssid.
Step 7: Next write the following command:
aireplay-ng — deauth 0 -a <bssid> wlan0mon
Explanation: aireplay-ng is basically a utility under aircrack. The primary function is to generate traffic for the later use in aircrack-ng for cracking the WEP and WPA-PSK keys. There are different attacks which can cause deauthentications for the purpose of capturing WPA handshake data,fake authentications, Interactive packet replay and ARP-request reinjections.
— deauth: deauth means deauthentication. It means we will disconnect all the devices or particular device from the target router.
0: 0 means it will run infinite number of times. And also till you don’t stop the process no devices under that router will be able to recoonect.
-a : -a here means to enter target bssid.
Once disconnected & then try to connect it will leave the password. Here the Attack start for WiFi hacking.
Note: But in this case we will never run infinite times we’ll run for limited number of times say 10,20 etc. Because we want handshake after they disconnect and try to reconnect.
Step 8: type this command:
sudo aireplay-ng — deauth 25 -a <bssid> wlan0mon
This will send 25 deauth packets and after disconnecting when he will try to connect this will catch the password.
This is to disconnect all the devices. If you want to particularly disconnect 1,2 then you can use -c <station or client id> after -a in above command.
Note: Prefer disconnecting all just because sometimes it get in problem with WPA handshake. That’s why we hackers prefer disconnecting all
Step 9: sudo airodump-ng — bssid <bssid> — channel <ch> — write <anyname> wlan0mon
Explanation: This command will write with the data of traffic capturing. The password will be stored in the .cap file But problem will be that it cannot be human readable. It can only be cracked using password attacks.
Note: Try store this files in a folder so that it will look nice and also easy because you know where you saved it.
Now after this WPA Handshake should be written on top. If this is not showing you cannot connect or attack the wifi.
Because I’m working with adapter it will show me PKID found in place of “interface wlan0mon down”. It is showing me because I stopped the process and shutdowned the wlan0mon
If you’re not using adapter then in your case it will show WPA handshake.
Now the packet is been captured we’ll now bruteforce it.
Step 10: sudo aircrack-ng -w <password list file path> <.cap file>
Explanation: aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and anaylsis tool for 802.11 wireless LANs
-w: is used for the wordlist/password list file path.
.cap file: means .capture file in which password is stored.
Note: If you will get the password it will show PASSWORD FOUND !! just above the master Key.
If you want to shutdown wlan0mon then just type
sudo airmon-ng stop wlan0mon
Congratulations you have learned how to hack WiFi. Thanks and GOOD BYE !!!! hackers.