Wireless Hacking
Common Wireless Hacking Strategies
To effectively protect your wireless network, it’s crucial to understand the common tactics employed by hackers:
- War-driving: Hackers use wireless scanning tools to identify and locate vulnerable wireless networks within range.
- Weak encryption: Hackers can easily penetrate networks using outdated or weak encryption protocols like WEP (Wired Equivalent Privacy) or WPA1.
- Phishing attacks: Hackers create fake access points with similar names to legitimate ones, tricking users into revealing sensitive information.
- Malware injection: Hackers compromise network devices or websites to inject malware, infecting connected devices with malicious software.
- Man-in-the-middle (MITM) attacks: Hackers intercept data transmissions between devices, allowing them to eavesdrop or modify sensitive information.
In this blog we will focus on compromising
2.Weak encryptions
Requirements –
Kali-linux , Aircrack-ng, Network Adapter supporting monitor mode , target Network , Wordlists of password guess
- Step 1 - Pre attack preparation : So as you know Hacking without permission is illegal. So lets be anonymous before hacking into the network. As you know in LAN networks devices gets identified by its MAC address
MAC address stands for Media Access Control address. It is a unique identifier assigned to each network adapter or network interface card (NIC) by the manufacturer. MAC addresses are 48-bit hexadecimal numbers, typically represented in colon separated pairs (e.g., 00:0C:29:9A:1B:1D).
It is also known as Physical address we can not change the MAC address because it is physically attached with our NIC but using some methods or hack-tricks we can spoof the MAC . Here we will use ifconfig utility to spoof the MAC else we can try for automatic MAC changer software’s as well
Here I have used ifconfig ens33 down to stop the interface, then I used command ifconfig ens33 hw ether 00:11:22:33:44:55 which is spoofing my original MAC with Provided fake MAC in the command. Then simply used ifconfig ens33 up to again start the services.
- Step 2 - Enumeration : Plug in your NIC which supports the monitor mode. And strat the monitor mode.I am using alpha here to sniff the data packets in my surroundings.
Lets do iwconfig quickly to see is your device is connected to system or not . below you can seewlx00c0caaff1f8is my interface name for my alpha adapter which is on managed mode currently
lets enable monitor mode using aircrack-ng for sniffing. There is another manual method you can find but this one is easy to go.
Now our monitor mode is enabled so lets try to dump the data packets to find the active devices near me .
In this command “airodump-ng [interfacename]” i can se it listing all the devices near to me. We can also see the BSSID (MAC) of the routers in my range. This command will list all the routers surrounding which are sending beacons data packets in my range.
Wi-Fi Beacon Frames: These are broadcast by Wi-Fi access points (APs) to advertise the presence of a Wi-Fi network and provide information such as the network name (SSID), security type, and supported data rates. Wi-Fi devices like laptops and smartphones listen for beacon frames to identify available Wi-Fi networks and initiate the connection process.
- Step 3 – Selecting the Target : From the above data I selected my target router which is “Sapphire”. Now I will try to sniff the packets of our target router only and I will save it to the specific file
1 | |
this command will target the specified router packets and will save all the sniffed data into file path we provided after “-w” .
Airodump with now monitor only the target network, allowing us to capture more specific information about it. What we’re really doing now is waiting for a device to connect or reconnect to the network, forcing the router to send out the four-way handshake that we need to capture in order to crack the password. Also, four files should show up on your desktop, this is where the handshake will be saved when captured, so don’t delete them! But we’re not really going to wait for a device to connect, no, that’s not what impatient hackers do. We’re actually going to use another cool-tool that belongs to the aircrack suite called aireplay-ng, to speed up the process. Instead of waiting for a device to connect, hackers use this tool to force a device to reconnect by sending deauthentication (deauth) packets to the device, making it think that it has to reconnect with the router. Of course, in order for this tool to work, there has to be someone else connected to the network first, so watch the airodump-ng and wait for a client to show up. It might take a long time, or it might only take a second before the first one shows. If none show up after a lengthy wait, then the network might be empty right now, or you’re to far away from the network
leave airodump-ng running and open a second terminal. In this terminal, type this command:
1 | |
The –0 is a short cut for the deauth mode and the 2 is the number of deauth packets to send. -a indicates the access point (router)’s bssid, replace [router bssid] with the BSSID of the target network, c indicates the clients BSSID, noted in the previous picture. Replace the [client bssid] with the BSSID of the connected client, this will be listed under “STATION.” And of course, mon0 merely means the monitor interface, change it if yours is different
Upon hitting Enter, you’ll see aireplay-ng send the packets, and within moments, you should see this message appear on the airodump-ng screen.
This means that the handshake has been captured, the password is in the hacker’s hands, in some form or another. You can close the aireplay-ng terminal and hit Ctrl + C on the airodump-ng terminal to stop monitoring the network, but don’t close it yet just incase you need some of the information later
This concludes the external part of this tutorial. From now on, the process is entirely between your computer, and those four files on your Desktop. Actually, the .cap one, that is important. Open a new Terminal, and type in this command: aircrack-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap -a is the method aircrack will use to crack the handshake, 2=WPA method. -b stands for bssid, replace [router bssid] with the BSSID of the target router,-w stands for wordlist, replace [path to wordlist] with the path to a wordlist that you have downloaded. In my case I am going to use default wordlist available in kali linux “rockyou.txt”.
1 | |
And Boom aircrak-ng will crack the wifi password using wordlist you provided .
Happy Hacking!