How to Hack Wifi Password

This article explains how to hack a wifi password in detail. There are many ways through which we can hack wifi passwords, we are going to have a look at one of those many ways. The method we are using is to crack the wifi password using a tool called Aircrack-ng. Stick to the article to learn some hacking.

Disclaimer for hacking wifi password:

This article is just for educational purposes,  to show how things work. Never misuse your knowledge, and don’t perform this hack on a wifi network you don’t own.

Tools Required for password hacking:

There are some tools that you must have to perform this hack,

  • Wi-Fi adapter with monitor mode support.
  • Any Linux Distro (Kali Linux Preferably).

How does it work?

In this process to the hack the wifi password,

First Step: First things first, we will monitor the whole bunch of wifi networks around us and choose our target.

Second Step: We will start monitoring a particular wifi network that we have chosen.

Third Step: The device-A we are using to hack the wifi network will deauthenticate device B, which is already connected to that particular wifi network.

Fourth Step: When device-B tries to reconnect to the network using its reconnect functionality (which will serve as a vulnerability), our device-A will capture the handshake file that device-B will send to the router to re-authenticate himself because device-B already has the password for that wifi network saved.

Fifth Step: This file contains the password. But it’s not that simple. The password is present in some sort of hashed format. (What is this hashed format? We will discuss it later in our articles). We will use a tool that will convert it into plaintext for us, using either brute force or a dictionary attack.

IMPORTANT NOTE:

You need to install the KALI operating system if you haven’t already. This will also work with other distros of Linux such as Black Arch, Parrot OS, Ubuntu, Mint, Fedora, etc.

In case your Linux OS doesn’t have AirCrack-ng already installed, then Google is your best guide. Search from there.

From onwards we are considering that you have installed a Linux distro with Air crack-ng properly installed. Hacking Linux OS like KALI, Black Arch, Parrot OS, etc. comes with Air crack-ng preinstalled.

Wifi Password Hacking In Action

Now let’s practically examine the process to hack a wifi password using Aircrack-ng on a Linux machine.

Monitoring Wi-Fi networks around us:

Boot into your Linux distro and open the terminal. It will look something like this,

Linux terminal for hacking wifi passwords.

sudo su

and if it asks, provide the password that you have set while installing Linux. This will give you root user privileges, which means that you now have full control. This is something similar to “run as administrator” in the Windows operating system.

airmon-ng start wlan0

Putting wifi card into monitor mode to begin a search for the device of which we have to crack the password.

This will put the Wi-Fi adapter into monitor mode.

airodump-ng wlan0mon

This command will make your Wi-Fi adapter look for every possible Wi-Fi network in the range. The screen will look something like this,

Selecting a wifi network to be hacked

Press Ctrl+C to stop monitoring once all Wi-Fi networks are listed.

Monitoring on a Specific Wi-Fi Network:

Now that you have the list of all Wi-Fi networks, select your target network. Take note of the BSSID (which is nothing more than the router’s mac address) and the channel representing CH in the list.

airodump-ng --bssid X --channel Y wlan0mon --write Handshake

(Replace: X=BSSID, Y=Channel)

hacking the wifi password of the router whose BSSID is selected by taking it as a target.

This command will start monitoring a specific network. All the devices connected to that particular network will be also listed, and the screen will look something like this,

Specifying the target whose wifi password is to be hacked.

Deauthenticating a Connected User:

Now we have to deauthenticate a device that is already connected to it. Note the station of the device that is already connected. Open a new terminal and type sudo su again to get root privileges. Now,

aireplay-ng --deauth 1000 -a X -c Y wlan0mon

(Replace: X=BSSID of router, Y=Station of connected device)

Deauthenticating an already connected device from the wifi network.

This command will send 1000 packets that will deauthenticate the connected device. Press Ctrl+C to stop sending after 20 to 30 packets.

Capturing Handshake File:

Now the device that we forced to disconnect will try to reconnect to the router. It will send a handshake file with a password in it. Our device will capture and save the handshake file in the handshake file we created in step 2. Head towards our previous terminal, and you will notice that there will be a written “WPA Handshake: (MAC address of the router)” on the end of the line at the top.

Handshake file captured which contains the wifi password.

Cracking Password:

Now, we have the password in hashed format and have to convert it into plaintext. Open a new terminal and provide sudo privileges.

aircrack-ng Handshake-01.cap

This command will work with the router using the WEP protocol.

aircrack-ng Handshake-01.cap -w X

(Replace X= any good word list)

This method is for WPA and WPA2 protocols.

Cracking wifi password present in the handshake file using the word list.

An excellent and very huge word list is rockyou. Click here to download the rockyou.txt word list. Paste the word list that you are using in your home directory.

This will crack the password for you and the password will show something like this,

successfully hacked wifi password.
What is a wordlist, and why do we need one to crack the password?

A “word list” is a list of passwords. Passwords present in it are those that people use commonly and frequently. The Rockyou word list is also a list of passwords that people have used. We will later discuss in detail how to use this word list to crack passwords. We use it because it’s impossible to try every password with a technique called “brute force.” After all, WPA Wi-Fi networks use very strong hashing and encryption, which will take a huge amount of time to break with brute force. So, we need to shorten the number of passwords we are trying. That’s why we use a wordlist that contains those passwords.

Now, a question arises: why don’t we use a wordlist in the password cracking of a router using the WEP protocol?

We know that WEP hashing and encryption are weak, which makes them easily brute-forced.

So, we don’t even need a word list to break that.

Conclusion

The password will not crack every time in the case of WPA or WPA2. WPA and WPA2 passwords will crack only if they are present in the word list that you have used. So, it’s very difficult to hack the wifi password of a wifi network with the WPA and WPA2 protocols. Routers with WEP protocols will have their password cracked almost every time.

Tags: , , , ,

Saif Ur Rehman

Hey, I am an Ethical Hacker and a Cyber Security Expert. In this blog, I have tried to deliver knowledge about how different attacks are performed and how you can protect yourself from being a victim of those attacks.

Leave a Reply