Posted on 1 Comment

Besside -ng : A tool to hack Wi – Fi automatically

Hello aspiring Ethical hackers. In this article, we will learn about a tool named Besside -ng, which can automatically crack WEP passwords and log WPA handshakes. This tool authored by Andrea Bittau is made in the line of another tool, Wesside-ng which only cracks WEP passwords automatically.

Before you run Besside-ng, monitor mode should be enabled on the wireless interface as shown below.

Once monitor mode is enabled on the wireless interface, we can run Besside-ng as shown below to automatically crack all the WEP passwords and log WPA handshakes.

If you want to crack the WEP password of a single Access Point, the command is as shown below

where “-c” is used to specify the channel the Wireless Access Point is running on and “-b” is the –bssid of the Wi -Fi access point.

Besside-ng automatically starts creating traffic and cracking the WEP key as shown below.

As you can see in the above image, it cracked a 64bit ASCII WEP key in less than 1 minute. How about 64 bit hexadecimal WEP key that’s a bit complex.

This key was cracked in 63 seconds. How long it will take to crack the same key we cracked earlier with aircrack?

It took just 45 seconds to crack the password. This time, I generated a complex WEP key and tried again. The key was cracked in around 15 minutes as shown below.

Here’s the WEP key I set.

Just like cracking WEP, even Cracking WPA can be automated using tool besside-ng. To do this, we run besside-ng on the target wi-fi network.

Besside-ng automatically captures WPA handshake. Then all we have to do is run aircrack on the wpa.cap file.

The WPA key has been cracked successfully.

Posted on Leave a comment

Crack WEP passwords with aircrack

Hello aspiring Ethical Hackers. In this post, we will see how to crack WEP passwords with aircrack. I bought a new Alfa Wireless Adapter and I want to get straight away into cracking a WEP password. My Attacker machine is Kali Linux which is installed on VMware. So I first connected the GOD given ALFA Wireless adapter to my laptop, make sure it is connected to the virtual machine, open a terminal in Kali Linux and type command “iwconfig” to make sure my wireless adapter is connected.

Then I start monitor mode on the wireless interface. Monitor mode is just like promiscuous mode on wired interfaces. When in monitor mode, the wireless adapter sniffs on all the wireless traffic around.

I once again run the “iwconfig” command to have a look at the wireless interfaces to confirm monitor mode started on the Wireless interface.

As you can see the name of the wireless interface changed from waln0 to wlan0mon. The monitor mode is on. To see all the traffic being observed by the wireless interface, I run the command airodump-ng on the wireless interface.

As you can see, this shows all the wireless traffic. There are many wireless networks available but my target is the Wi-Fi Access point I named “Hack_Me_If_You_Can”. I use the same airodump-ng to target the MAC address of target’s Access point and route all the traffic it has to a file named wep_hc_crack.

In the above image, you can see the clients connected to the targeted Wi-Fi Access point. All the traffic belonging to the Wi-Fi access point hack me if you can will be saved in the file wep_hc_crack.cap. What I am looking for is the initialization vectors that are used in cracking WEP. This initialization vectors play a key role in cracking the password of this Wi-Fi access point.

How? As I already told you, I will not tell you the technical jargon of this article for now. Just remember the more IV’s we have, the more the chances of cracking the WEP password. Since I need more traffic to crack the WEP password fast, I can use some Jugaad to create more traffic. A feature of aircrack-ng, aireplay-ng helps us to create more traffic. It has various methods of creating additional traffic. One such method is ARP request replay attack. According to the website of aircrack,

The classic ARP request replay attack is the most effective way to generate new initialization vectors (IVs), and works very reliably. The program listens for an ARP packet then retransmits it back to the access point. This, in turn, causes the access point to repeat the ARP packet with a ne- w IV. The program retransmits the same ARP packet over and over. However, each ARP packet repeated by the access point has a new IVs. It is all these new IVs which allow you to determine the WEP key. This attack can be started as shown below.

where “-h” option is used to specify the MAC address of any client we want to use. Here is another way in which you can start the ARP replay attack.

As initialization vectors start collecting in the wep_hc_crack file, I can use aircrack to try cracking the password. The command is “aircrack-ng wep_hc_crack.cap“.

If the initialization vectors are too less (in this case I have a new 20) aircrack wait for enough initialization vectors. I continue the ARP request replay attack until traffic increases.

You can see the traffic increasing. All have to do is play the game of patience now .

After collecting almost 25000 IV’s aircrack finally cracked the WEP password. The password of the Wi-Fi access point is 1234567899. It’s a 64bit hexadecimal key. As you can see, it took me around one hour thirty five minutes for me to crack the password.

Posted on Leave a comment

Wifi DOS Deauthentication attack with mdk3

Good Evening friends. Today we will learn how to perform Wifi DOS attack on Wifi networks. We will use a tool called mdk3 which is inbuilt in Kali Linux and we need a compatible wifi adapter for this attack. A Dos attack stands for Denial Of Service attack. If all is set, open a terminal and type command “mdk3” to see various attacks available in this tool as shown below.

Scroll down to see more options. We can see the various testing modes available in this tool. We will use the deauthentication attack for this Wifi DOS. As the name implies, this attack disconnects all clients connected to the wifi network.

Before we start our attack, we have to start our adapter in monitor mode. Type command “airmon-ng start wlan0“. (where wlan0 is your wifi interface and may differ for you).

Then type command “mdk3 mon0 d -i <ESSID name>” and you will see the tool disconnecting all the clients connected to the Wifi network you are targeting.  Here,

“mon0” – is the interface where monitor mode has been started. This can be different for you.

d  –  is the de authentication mode

ESSID – is the name of the Wifi network.

Hope this was helpful. Learn  how to crack wifi passwords.

Posted on 10 Comments

Crack WPA WPA2 password with aircrack

This is a tutorial on how to crack WPA WPA2 with aircrack. WPA stands for Wifi Protected Access. It is an encryption system to secure WLAN networks. It eliminates all known vulnerabilities in WEP(Wired Equivalent Privacy).  WPA uses 128 bit key and  48 bit initialization vector while WEP uses 108 bit key with 24 bit initialization vector. WPA2 is the successor of WPA. Both WPA and WPA2 use temporal key integrity protocol(TKIP) for encryption and  pre-shared key(PSK) authentication.  The only difference between WPA and WPA2 is that they use Rivest Cipher(RC4) and Advanced Encryption Standard(AES) encryption algorithms respectively. Both can be configured to use counter cipher block chaining mode(CCM) though. They are by far considered  most secure for Wifi networks.

So, today we are going to see WPA/WPA2 password cracking with aircrack. For this howto, I am going to use Kali Linux. ( For this howto, if you are running Kali Linux in Vmware or Virtualbox you need to have a compatible wifi usb adapter). I am running Kali Linux in live USB mode(see how to make kali live usb) as my laptop has Atheros adapter. So let’s start.

Once you have booted into Kali Linux, open terminal and type command “iwconfig”. It lists your wireless interfaces just like ifconfig shows wired interfaces.

We can see that we have a wireless interface wlan0. Now we are going to start monitor mode on our wireless interface. Monitor mode is same as promiscuous mode in wired sniffing. Type command “airmon-ng start wlan0″. We can see below that monitor mode has been enabled on “mon0″.

Now let’s see all the traffic collected by our wireless interface. Type command airodump-ng mon0.

Hit Enter. We can see all the wireless networks available as shown below.

We can see that all the wifi networks are configured with  WPA2 or WPA. We are going to hack the network “shunya”. We will collect the shunya’s network traffic into a file. Open a terminal and type command “airodump-ng –bssid <Mac address of wifi access point> -c 13 –write wpacrack mon0″.

where

–bssid stands for base station security identifier

<MAC address> is the Mac address of access point.

-c is used to specify the channel the wifi network is operating on.

–write to write to a file.

wpacrack  is the file name we are writing into.

mon0 is the interface

Hit Enter. We will see the result as below.

We can only hack a WPA/WPA2 protected wifi network by capturing it’s handshake process or association( when the client is trying to connect to the wifi network.).  So let’s try to disconnect all the clients connected to the wifi network “shunya” first. Open a new terminal and type the command “aireplay-ng  –deauth 100 -a <MAC> –ignore-negative-one mon0″.

where

–deauth are the deauthentication packets,

100 are the number of deauthentication packets we want to send.

-a stands for access point.

<MAC> is the MAC address of the wifi access point.

This command will send 100 DE authentication packets to the broadcast address of the wifi access point. This will make all the clients connected to the shunya get disconnected. As soon as this happens, all the clients will try to connect back to the wifi network once again. We can see that a WPA handshake has happened in the previous terminal.

Now let’s see where our capture file is located. Type “ls”. We will do dictionary password cracking here. So let’s find out where the dictionaries are.  Type command “locate wordlists”. This will show us a number of wordlists available by default in kali linux.

Our captured traffic is stored in .cap file. We will use the wordlist big.txt for cracking the password. Open a new terminal and type command “aircrack-ng wpacrack-01.cap -w /usr/share/dirb/wordlists/big.txt”.

Hit Enter. If our dictionary has the password, the result will be as below. If our dictionary doesn’t have the password, we have to use another dictionary.

Remember that the choice of dictionary will play a key role in WPA/WPA2 password cracking. So that is one way in which we crack wpa wpa2 password  with aircrack for you. Hope this was helpful. Learn how to crack wpa wpa2  with a graphical tool.

Posted on Leave a comment

Cracking WPA WPA2 password with Fern Wifi cracker

Hello everybody. In a previous howto, we saw cracking wpa / wpa2 using aircrack, a tool inbuilt in Kali Linux. But that needed lot of commands to be typed.

As already explained, WPA stands for Wifi Protected Access. It is an encryption system to secure WLAN networks. It eliminates all known vulnerabilities in WEP(Wired Equivalent Privacy). WPA uses 128 bit key and 48 bit initialization vector while WEP uses 108 bit key with 24 bit initialization vector. WPA2 is the successor of WPA. Both WPA and WPA2 use temporal key integrity protocol(TKIP) for encryption and pre-shared key(PSK) authentication. The only difference between WPA and WPA2 is that they use Rivest Cipher(RC4) and Advanced Encryption Standard(AES) encryption algorithms respectively. Both can be configured to use counter cipher block chaining mode(CCM) though. They are by far considered most secure for Wifi networks.

So today we are  learn cracking WPA/WPA2 passwords using a GUI tool also inbuilt in Kali Linux, Fern Wifi cracker. Open the tool, Fern Wifi cracker.

Select our wireless interface WLAN). Click on the tab “Scan for access points”. The tool will search for available access points as shown below.

Since we want to hack a WPA enabled wifi network, click on WPA tab. It will show all the available WPA enabled networks.

Click on the wifi network whose password we want to crack( in my case “shunya”). Browse to the dictionary file we want to choose as shown below.

Click on “Wifi attack” tab. The tool will automatically crack the password for you as shown below.

Hope this was helpful. See the video version of this howto.