How to Crack Wi-Fi PasswordsFor Beginners!

An internet connection has become a basic necessity in our modern lives. Wireless hot-spots (commonly known as Wi-Fi) can be found everywhere! If you have a PC with a wireless network card, then you must have seen many networks around you. Sadly most of these networks are secured with a network security key. Have you ever wanted to use one of these networks? You must have desperately wanted to check your mail when you shifted to your new house. The hardest time in your life is when your internet connection is down. Cracking those Wi-Fi passwords is your answer to temporary internet access. This is a comprehensive guide which will teach even complete beginners how to crack WEP encrypted networks, easily.

Table of Contents
1. 2. 3. 4. 5. 6. 7. How are Wireless networks secured? What you'll need Setting up CommView for Wi-Fi Selecting the target network and capturing packets Waiting... Now the interesting part... CRACKING! Are you a visual learner?

How Are Wireless Networks Secured?

In a secured wireless connection, internet data is sent in the form of encrypted packets. These packets are encrypted with network security keys. If you somehow manage to get hold of the key for a particular wireless network you virtually have access to the wireless internet connection Broadly speaking there are two main types of encryptions used: WEP (Wired Equivalent Privacy): This is the most basic form of encryption. This has become an unsafe option as it is vulnerable and can be cracked with relative ease. Although this is the case many people still use this encryption. WPA (Wi-Fi Protected Access): This is the more secure alternative. Efficient cracking of the passphrase of such a network requires the use of a wordlist with the common passwords. In other words you use the old fashioned method of trial and error to gain access. Variations include WPA-2 which is the most secure encryption alternative till date. Although this can also be cracked using a wordlist if the password is common, this is virtually uncrackable with a strong password. That is, unless the WPA PIN is still enabled (as is the default on many routers). Hacking WEP passwords is relatively fast, so we'll focus on how to crack them for this guide. If the only networks around you use WPA passwords, you'll want to follow this guide on how to crack WPA WiFi passwords instead.

What You'll Need...

A compatible wireless adapter:

This is by far the biggest requirement.The wireless card of your computer has to be compatible with the software CommVIew. This ensures that the wireless card can go into monitor mode which is essential for capturing packets.Click here to check if your wireless card is compatible

CommView for Wi-Fi : Aircrack-ng GUI: A little patience is vital!!

This software will be used to capture the packets from the desired network adapter.Click here and download the software from the website. After capturing the packets this software does the actual cracking.Click here-Click here and download the software from the website.

Step 1: Setting Up CommView for Wi-Fi

Download the zip file of CommView for Wi-Fi from the website. Extract the file and run setup.exe to install CommView for Wi-Fi. When CommView opens for the first time it has a driver installation guide. Follow the prompts to install the driver for your wireless card. Run CommView for Wi-Fi. Click the play icon on the top left of the application window.

Start scanning for wireless networks. CommView now starts scanning for wireless networks channel by channel. After a few minutes you will have a long list of wireless networks with their security type and signal. Now it is time to choose your target network

Step 2: Selecting the Target Network and Capturing Packets

A few things to keep in mind before choosing the target wireless network

This tutorial is only for WEP encrypted networks.

So make sure you select a network with WEP next to its name

Choose a network with the highest signal. Each network will have its details in the right column. Make sure the WEP network you are choosing has the least the least dB (decibel) value.

Once you have chosen your target network,select it and click Capture to start capturing packets from the desired channel. Now you might notice that packets are being captured from all the networks in the particular channel. To capture packets only from the desired network follow the given steps.

Right click the desired network and click on copy MAC Address. Switch to the Rules tab on the top. On the left hand side choose MAC Addresses Enable MAC Address rules For 'Action' select 'capture' and for 'Add record' select 'both'. Now paste the mac address copied earlier in the box below.

We need to capture only data packets for cracking. Hence select D on the bar at the top of the window and deselect M (Management packets) and C (Control packets). Now you have to save the packets so that they can be cracked later. To do this-

Go to the logging tab on top and enable auto saving. Set Maximum Directory Size to 2000 Set Average Log File Size to 20.

Step 3: Waiting...
Now the boring part- WAITING! NOTE: The amount of time taken to capture enough data packets depends on the signal and the networks usage. The minimum number of packets you should capture should be 100,000 for a decent signal. After you think you have enough packets (at least 100,000 packets)

Go to the log tab and click on concatenate logs. Select all the logs that have been saved. Do not close CommView for Wi-Fi Now navigate to the folder where the concatenated logs have been saved

Open the log file Select File- Export -Wire shark tcpdump format and choose any suitable destination. This will save the logs with a .cap extension to that location

Now the Interesting Part... CRACKING!

Download Aircrack-ng and extract the zip file. Open the folder and navigate to 'bin'. Run Aircrack-ng GUI Choose WEP Open your .cap file that you had saved earlier. Click Launch. In the command prompt type in the index number of your target wireless network. Wait for a while .If everything goes fine the wireless key will be shown.

You may also receive a request to try with more packets. In this case wait until more packets have been captured and repeat the steps to be performed after capturing packets BEST OF LUCK

How to Hack WPA WiFi Passwords by Cracking the WPS PIN

A flaw in WPS, or WiFi Protected Setup, known about for over a year by TNS, was finally exploited with proof of concept code. Both TNS, the discoverers of the exploit and Stefan at .braindump have created their respective "reaver" and "wpscrack" programs to exploit the WPS vulnerability. From this exploit, the WPA password can be recovered almost instantly in plain-text once the attack on the access point WPS is initiated, which normally takes 2-10 hours (depending on which program you use). This exploit defeats WPS via an intelligent brute force attack to the static WPS PIN. By guessing the PIN, the router will actually throw back, whether or not the first four digits (of eight) are correct. Then, the final number is a checking number used to satisfy an algorithm. This can be exploited to brute force the WPS PIN, and allow recovery of the WPA password in an incredibly short amount of time, as opposed to the standard attack on WPA. In thisNull Byte, let's go over how to use both tools to crack WPS. As of yet, no router is safe from this attack, and yet none of the vendors have reacted and released firmware with mitigations in place. Even disabling WPS still allows this attack on most routers.

Requirements

Linux OS A router at home with WPS The following programs installed (install by package name): aircrack-ng, python-pycryptopp, python-scapy, libpcap-dev

Tools
Reaver (support for all routers) wpscrack (faster, but only support for major router brands)

Crack WPS
Text in bold is a terminal command. Follow the guide that corresponds to the tool that you chose to use below.

Reaver
1. Unzip Reaver. unzip reaver-1.3.tar.gz Change to the Reaver directory. cd reaver-1.3 Configure, compile and install the application. ./configure && make && sudo make install Scan for an access point to attack, and copy its MAC address for later (XX:XX:XX:XX:XX:XX). sudo iwlist scan wlan0 Set your device into monitor mode. sudo airmon-ng start wlan0 Run the tool against an access point. reaver -i mon0 -b <MA:CA:DD:RE:SS:XX> -vv Wait until it finishes.

2.

3.

4.

5.

6.

7.

This tool makes it too easy.

wpscrack.py
1. Make the program an executable. chmod +x wpscrack.py Scan for an access point to attack, and copy its MAC address for later (XX:XX:XX:XX:XX:XX). sudo iwlist scan wlan0 Get your MAC address, save it for later. ip link show wlan0 | awk '/ether/ {print $2}' Set your device into monitor mode. sudo airmon-ng start wlan0 Attack your AP. wpscrack.py iface mon0 client <your MAC, because you're attacking yourself, right?> bssid <AP MAC address> --ssid <name of your AP> -v Await victory.

2.

3.

4.

5.

6.

Now, let's hope we see a lot of firmware update action going on in the near future, or else a lot of places are in a whole world of trouble.