Tag: wifi hacking

Posted on by

Evil Twin Attack

Hello aspiring ethical hackers. In this article, you will learn about Evil Twin Attack. Till now in our blog, readers have learnt about various wireless hacking tutorials like cracking WEP, cracking WPA/WPA2 and cracking WPS. Almost all of these hacking methods involved brute forcing or password cracking. What if there was another easier way to hack wireless networks without the need of brute forcing.

Well, Evil Twin Attack is one such attack. An evil twin attack is a wireless attack in which a fake Wi-Fi access point is set up with the same SSID as that of the original one. This fake access point appears to be legitimate but is actually set up to eavesdrop on wireless communications of the original one. The evil twin is the wireless LAN equivalent of the phishing scam.

Since it has the same name, it’s called twin and as it is malicious it can be termed Evil Twin. The aim of this attack is to confuse users trying to connect to the target Wi-Fi network and make them connect to the Evil Twin instead and thus capture sensitive data. Let’ s see it practically. There are many tools that can be used for this attack but let’s use a tool called Wifiphisher because it’s the simplest one. Our Attacker system is Kali Linux. Wifiphisher can be installed on Kali Linux as shown below.

Once installation is finished, Wifiphisher can be started using command.

sudo wifiphisher

Then the tool will prompt you to select the Wi-Fi Access Point of which you want to create an Evil twin.

For this tutorial as always (OK, most of the time) I will select the Wi-Fi network “Hack_Me_If_You_Can” as my target.

The tool will prompt you the available phishing scenarios available. For this case, OAuth Login Page attack is available.

The OAuth Login Page attack creates a fake login page asking for credentials of the users who want to connect. Note that while creating a fake access point, it is created as an open network unlike the one we are targeting. I select the OAuth Login Page attack and the attack starts.

So just imagine while we are running this Fake access point, some mobile user is looking for available Wi-Fi networks to connect to. He will see two networks with the same name and gets confused. Once he selects our Evil Twin to connect to, he will be prompted with a login page as shown below.

evil twin attack

Here, he is being asked to submit his Facebook credentials of course by dangling the carrot of free internet. The login page is so believable even to me. And if the user falls for the trick (or carrot) and submits his credentials as shown below.

On Kali Linux, the activity is recorded as shown below.

and the credentials are captured successfully.

That looked simple enough. But where can Evil Twin Attack become successful? In many areas but especially where there are free Wi-Fi access points. Imagine creating an Evil twin with the same name as the original.

Posted on by

Cracking Wifi passwords automatically with Wifite

Hello aspiring ethical hackers. In this article, you will learn about a tool named Wifite. It is an automatic Wireless password cracking tool that tries almost all known methods of wireless cracking like Pixie-Dust attack, Brute-Force PIN attack, NULL PIN attack, WPA Handshake Capture + offline crack, The PMKID Hash Capture + offline crack and various WEP cracking attacks.
Wifite is installed by default on Kali Linux. Just like any wireless password cracking method, Wifite needs monitor mode to be enabled on the wireless interface as shown below. However, it automatically enables this monitor mode but if it fails to enable it, you can enable it manually as shown below.

Let’s see how Wifite works in cracking WEP, WPA and WPS enabled networks. Once everything is ready, open terminal and start Wifite using command as shown below.

wifite

It starts displaying all the wireless networks in your vicinity as shown below.

Let’s target the Access Point “Hack_Me_If_You_Can” which has WEP security enabled. Once you select the access point you want to target, hit CTRl + C and enter the number of that access point. In our case it is “1”.

As soon as you enter the number of that access point, Wifite tries out various attacks against the access point and grabs its password as shown below.

WEP is too easy. Let’s see how it fares in cracking WPA password. We start Wifite as shown above. Our target is once again “Hack_Me_If_You_Can”. However, as you can see it is secured with WPA now.

It starts attacking employing various methods as shown below.

Now, let’s target a Access Point with WPS pin enabled.

As you can see, Wifite is successful in cracking WEP, WPA and WPS keys automatically without running any complex commands . Learn how to crack Wifi passwords with Besside-ng.

Posted on by 1 Comment

Besside -ng : A tool to hack Wi – Fi automatically

Hello aspiring Ethical hackers. In this article, we will learn about a tool named Besside -ng, which can automatically crack WEP passwords and log WPA handshakes. This tool authored by Andrea Bittau is made in the line of another tool, Wesside-ng which only cracks WEP passwords automatically.

Before you run Besside-ng, monitor mode should be enabled on the wireless interface as shown below.

Once monitor mode is enabled on the wireless interface, we can run Besside-ng as shown below to automatically crack all the WEP passwords and log WPA handshakes.

If you want to crack the WEP password of a single Access Point, the command is as shown below

where “-c” is used to specify the channel the Wireless Access Point is running on and “-b” is the –bssid of the Wi -Fi access point.

how to use besside to crack wifi passwords

Besside-ng automatically starts creating traffic and cracking the WEP key as shown below.

As you can see in the above image, it cracked a 64bit ASCII WEP key in less than 1 minute. How about 64 bit hexadecimal WEP key that’s a bit complex.

This key was cracked in 63 seconds. How long it will take to crack the same key we cracked earlier with aircrack?

It took just 45 seconds to crack the password. This time, I generated a complex WEP key and tried again. The key was cracked in around 15 minutes as shown below.

Here’s the WEP key I set.

Just like cracking WEP, even Cracking WPA can be automated using tool besside-ng. To do this, we run besside-ng on the target wi-fi network.

Besside-ng automatically captures WPA handshake. Then all we have to do is run aircrack on the wpa.cap file.

The WPA key has been cracked successfully.

Posted on by

Wifi DOS Deauthentication attack with mdk3

Good Evening friends. Today we will learn how to perform Wifi DOS attack on Wifi networks. We will use a tool called mdk3 which is inbuilt in Kali Linux and we need a compatible wifi adapter for this attack. A Dos attack stands for Denial Of Service attack. If all is set, open a terminal and type command “mdk3” to see various attacks available in this tool as shown below.

wifi dos

Scroll down to see more options. We can see the various testing modes available in this tool. We will use the deauthentication attack for this Wifi DOS. As the name implies, this attack disconnects all clients connected to the wifi network.

Before we start our attack, we have to start our adapter in monitor mode. Type command “airmon-ng start wlan0“. (where wlan0 is your wifi interface and may differ for you).

Then type command “mdk3 mon0 d -i <ESSID name>” and you will see the tool disconnecting all the clients connected to the Wifi network you are targeting. Here,

“mon0” – is the interface where monitor mode has been started. This can be different for you.

d – is the de authentication mode

ESSID – is the name of the Wifi network.

Hope this was helpful. Learn how to crack wifi passwords.

Posted on by 6 Comments

Crack WPA WPA2 password with aircrack

This is a tutorial on how to crack WPA WPA2 with aircrack. WPA stands for Wifi Protected Access. It is an encryption system to secure WLAN networks. It eliminates all known vulnerabilities in WEP(Wired Equivalent Privacy). WPA uses 128 bit key and 48 bit initialization vector while WEP uses 108 bit key with 24 bit initialization vector. WPA2 is the successor of WPA. Both WPA and WPA2 use temporal key integrity protocol(TKIP) for encryption and pre-shared key(PSK) authentication. The only difference between WPA and WPA2 is that they use Rivest Cipher(RC4) and Advanced Encryption Standard(AES) encryption algorithms respectively. Both can be configured to use counter cipher block chaining mode(CCM) though. They are by far considered most secure for Wifi networks.

So, today we are going to see WPA/WPA2 password cracking with aircrack. For this howto, I am going to use Kali Linux. ( For this howto, if you are running Kali Linux in Vmware or Virtualbox you need to have a compatible wifi usb adapter). I am running Kali Linux in live USB mode as my laptop has Atheros adapter. So let’s start.

Once you have booted into Kali Linux, open terminal and type command “iwconfig”. It lists your wireless interfaces just like ifconfig shows wired interfaces.

We can see that we have a wireless interface wlan0. Now we are going to start monitor mode on our wireless interface. Monitor mode is same as promiscuous mode in wired sniffing. Type commandairmon-ng start wlan0″. We can see below that monitor mode has been enabled on “mon0″.

Now let’s see all the traffic collected by our wireless interface. Type command airodump-ng mon0.

Hit Enter. We can see all the wireless networks available as shown below.

crack wpa

We can see that all the wifi networks are configured with WPA2 or WPA. We are going to hack the network “shunya”. We will collect the shunya’s network traffic into a file. Open a terminal and type command “airodump-ng –bssid <Mac address of wifi access point> -c 13 –write wpacrack mon0″.

where

–bssid stands for base station security identifier

<MAC address> is the Mac address of access point.

-c is used to specify the channel the wifi network is operating on.

–write to write to a file.

wpacrack is the file name we are writing into.

mon0 is the interface

Hit Enter. We will see the result as below.

We can only hack a WPA/WPA2 protected wifi network by capturing it’s handshake process or association( when the client is trying to connect to the wifi network.). So let’s try to disconnect all the clients connected to the wifi network “shunya” first. Open a new terminal and type the command “aireplay-ng –deauth 100 -a <MAC> –ignore-negative-one mon0″.

where

–deauth are the deauthentication packets,

100 are the number of deauthentication packets we want to send.

-a stands for access point.

<MAC> is the MAC address of the wifi access point.

This command will send 100 DE authentication packets to the broadcast address of the wifi access point. This will make all the clients connected to the shunya get disconnected. As soon as this happens, all the clients will try to connect back to the wifi network once again. We can see that a WPA handshake has happened in the previous terminal.

Now let’s see where our capture file is located. Type “ls”. We will do dictionary password cracking here. So let’s find out where the dictionaries are. Type commandlocate wordlists”. This will show us a number of wordlists available by default in kali linux.

Our captured traffic is stored in .cap file. We will use the wordlist big.txt for cracking the password. Open a new terminal and type command “aircrack-ng wpacrack-01.cap -w /usr/share/dirb/wordlists/big.txt”.

Hit Enter. If our dictionary has the password, the result will be as below. If our dictionary doesn’t have the password, we have to use another dictionary.

Remember that the choice of dictionary will play a key role in WPA/WPA2 password cracking. So that is one way in which we crack wpa wpa2 password with aircrack for you. Hope this was helpful. Learn how to crack wpa wpa2 with a graphical tool.