• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2015
  • August
  • 11
  • Hacking WiFi – Selecting the best strategy

Hacking WiFi – Selecting the best strategy

August 11, 2015November 18, 2017 Comments Off on Hacking WiFi – Selecting the best strategy
Aircrack-ng eavesdropping on data evil twin hacking hack wifi with kali hacking wifi hacking with aircrack-ng hacking with bully hacking with cowpatty hacking with reaver ICMPTX proxy authentication PSK wep cracking wpa2 cracking wps cracking

Not every hack will work under every circumstance, so choosing the right strategy is more likely to lead to success and less wasted hours and frustration.

Here, I will lay out the strategies based upon the simplest and most effective first, through the most complex and difficult last. In general, this same continuum will apply to the probability of success.

Before You Begin Wi-Fi Password Cracking

I strongly suggest that you read this article to become familiar with the terminology and basic technology of wireless hacking. In addition, to really be effective at Wi-Fi password cracking while using Aircrack-ng, the premier Wi-Fi cracking tool, you will need to have an Aircrack-ng compatible wireless adapter. Although it is not the perfect wireless cracking adapter, the Alfa AWUS036H is inexpensive, effective, and plug and play on Kali Linux.

1. Crack WEP

WEP, or the Wireless Equivalent Privacy, was the first wireless encryption technology developed. It was quickly found to be flawed and easily cracked. Although you will not find any new WEP-encrypted wireless access points being sold, there are still many legacy WEP APs still around. (On a recent consulting gig with a major U.S. Department of Defense contractor, I found nearly 25% of their APs were using WEP, so it’s still out there.)

WEP can easily be cracked with Aircrack-ng using a statistical cracking method. It is nearly foolproof (don’t prove me wrong on this). If you can collect enough packets (this is key), it’s a simple process. This is one of the reasons you need an Aircrack-ng compatible wireless adapter. You must be able to inject packets simultaneously to capturing packets. Most off-the-shelf wireless cards are incapable of this.

  • Don’t Miss: How to Crack WEP Passwords with Aircrack-ng

To know whether an AP is using WEP, you can simply hover your mouse over the AP and it will display its encryption algorithm. Note that this approach only works if the AP is using WEP. It does not work on any of the other encryption schemes on wireless. If you are lucky enough to find a wireless AP with WEP, you can expect to crack its password within 10 minutes, although some claim to have done this task in less than 3 minutes.

2. Crack WPS

Many Wi-Fi APs were equipped with Wi-Fi Protected Setup, or WPS, to make it simpler for the average home user without knowledge of Wi-Fi security measures to set up their wireless AP. Fortunately for us, if we can crack that WPS PIN, we can then access the control panel of the AP.

This PIN is relatively simple; just eight digits with one being a checksum, leaving just seven (7) digits, or 10,000,000 possibilities. A single CPU can usually exhaust those possibilities in a few days. Although this might seem slow, brute-forcing the PSK with many times the possibilities can take much longer.

  • Don’t Miss: How to Break a WPS PIN to Get the Password with Reaver
  • Don’t Miss: How to Break a WPS PIN to Get the Password with Bully

If the wireless AP has WPS enabled, this is the preferred method of cracking modern wireless APs with WPA2. You can use either the Reaver or Bully in conjunction with Aircrack-ng to break these WPS PINs.

3. Crack WPA2

After the disaster that was WEP, the wireless industry developed a new wireless security standard known as WPA2, or Wi-Fi Protected Access II. This standard is now built into nearly every new wireless AP. Although more difficult to hack, it is not impossible.

When a client connects to the AP, there is a 4-way handshake where the pre-shared key (PSK) is transferred from the client machine to the AP. We can capture that PSK hash and then use a dictionary or brute-force attack against it. This can be time-consuming and is not always successful. Success is dependent upon the wordlist you use and the time you have to crack it.

  • Don’t Miss: How to Crack WPA2-PSK Passwords Using Aircrack-ng
  • Don’t Miss: How to Crack WPA2-PSK Passwords Using Cowpatty

Once you have the hash of the PSK captured, you don’t need to be connected to the AP. With enough resources, you can brute-force any PSK.

4. Evil Twin

If we can’t crack the password on the AP, another strategy that can be successful is creating an Evil Twin—an AP with exactly the same SSID as the known AP, but controlled by us. The key is for the target to connect to our AP, rather than the authentic AP.

Generally, computers will automatically connect to the AP with the strongest signal, so turning up the power on your AP can be a critical element of this hack. When the user connects to our AP, we can then capture all their traffic and view it, as well as capture any other credentials they present to other systems.

  • Don’t Miss: How to Create an Evil Twin AP to Eavesdrop on Data

An effective variation on the Evil Twin is to set up a system with the same SSID and then present the user with a logon screen. Many corporate offices, hotels, coffee shops, etc. employ this type of security. When the user presents their credentials in our fake logon screen, we capture the credentials and store them. We can then use those credentials on their authentic AP to gain their access.

This process has been automated by a script called Airsnarf. Unfortunately, Airsnarf is out of date, but I have been working on updating it and will present the script and tutorial soon.

5. ICMPTX

If all else fails and you absolutely MUST have Internet access, ICMPTX often works on wireless networks that require authentication via proxy. These include some schools and universities, hotels, coffee shops, libraries, restaurants, and other public Wi-Fi spots. It relies upon the fact that ICMP (the ping protocol) is usually enabled on the AP and passes through to the intended IP address or domain. Since it is not TCP, it does not engage the proxy, it simply passes through.

  • Don’t Miss: How to Evade an Authentication Proxy Using ICMPTX

This hack is complex and time consuming and is not for the beginner to hacking. It is slow, as ICMP can only carry a small amount of data in each packet, but in the circumstance where you actually MUST have Internet access and the amount of data is small, such as email, it works great.

Other Strategies

There are numerous strategies to owning a target system including social engineering and the many Metasploit exploits. When you gain access to the target system, you can simply extract the wireless password from the target system by going to:

C::ProgramDataMicrosoftWlansvcProfilesInterface{Interface GUID}

There, you will find a hex-encoded XML document with the wireless password.

Gaining access to the wireless AP can be as simple as cracking the WEP key or as complex as using ICMPTX, but wireless access can be broken. If all else fails, target one machine on the network, own it, and then recover the password as described above.

Post navigation

Ollydbg – Cracking software like a pro
Building your own Web Crawler

Related Articles

HashCatch – Capture Handshakes of nearby WiFi networks automatically

- Wifi Hacking
September 24, 2019

Ehtools – Framework Of Serious Wi-Fi Penetration Tools

- Wifi Hacking
September 5, 2019

WifiBroot – Wifi Cracking Tool for WPA/WPA2

- Wifi Hacking
August 5, 2019August 5, 2019
hacker gadgets
hacker phone covers

Recent Posts

PyBeacon - A Collection Of Scripts For Dealing With Cobalt Strike Beacons In Python

PyBeacon – A Collection Of Scripts For Dealing With Cobalt Strike Beacons In Python

March 4, 2021
CVE-2021-21978: VMware View Planner Remote Code Execution Vulnerability Alert

CVE-2021-21978: VMware View Planner Remote Code Execution Vulnerability Alert

March 4, 2021
SharpSphere - .NET Project For Attacking vCenter

SharpSphere – .NET Project For Attacking vCenter

March 4, 2021
remote denial of server

CVE-2021-26708: Linux kernel vulnerabilities enabled local privilege escalation alert

March 4, 2021
dockle: Container Image Linter for Security

dockle: Container Image Linter for Security

March 4, 2021
vulnerable active directory

DynamicLabs: Windows & Active Directory Exploitation

March 4, 2021

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs
ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook
Twitter
Google-plus
Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW