Hack WPA/WPA2 Wi-Fi Networks in Just a Few Minutes
Hacking WPA2 Wi-Fi Networks in Just a Few Minutes This is only for educational purposes. You can take extra security actions by reading this article.
This type of attack requires a lot of computing power and can take several days to complete. It involves trying every possible combination of characters in order to gain access to the network. This type of attack is not recommended as it is time-consuming and inefficient. Additionally, it is illegal in most countries.
Introduction to Hack WPA/WPA2 Wi-Fi
Here, we have to introduce you to Hack WPA/WPA2 Wi-Fi.
Wi-Fi Protected Access (WPA) was the original security protocol for Wi-Fi networks. It is a two-factor authentication scheme that uses a password and a PIN. WPA2 is a more advanced security protocol that uses a key exchange protocol (KEP) to create a shared key. This key is then used to encrypt data traffic between the client and the access point. WPA2 also uses a new type of security called 802.1X.
A Wi-Fi network can be hacked using pre-built hacking tools like Aircrack-ng, Kismet, Wifite, Hashcat, Wifiphisher, etc. But, the most popular are Aircrack-ng and Hashcat, so today we’ll be doing our Wi-Fi hacking using Aircrack-ng and Hashcat. These tools come pre-installed in Parrot OS Security edition and can be installed in Kali Linux by visiting https://www.kali.org/tools/aircrack-ng/ and https://www.kali.org/tools/hashcat/
How to Hack WPA/WPA2 Wi-Fi networks
What is a wordlist and where it’s used? Hack WPA/WPA2 Wi-Fi
A wordlist, also known as a dictionary file, is a text file that contains a list of words, which can be used as part of a password-cracking process. Now the important thing is you can only crack a password if it’s in the wordlist. But not all people keep their passwords very tough to guess so chances are that the password will be in wordlist.
For example, if a Wi-Fi password is 012345678 and that password was in the wordlist that you used while cracking the password hash it’ll be shown but if the password wasn’t in the wordlist it would not be cracked. There are a lot of Wordlists available on the internet, one that comes within Kali Linux and Parrot OS is RockYou, located in /usr/share/wordlists/.
There are also bigger wordlists that you can use like crack station. But for now, you can practice on RockYou
The aircrack-ng method (which makes use of CPU power). Hack WPA/WPA2 Wi-Fi
In this method, we need to first capture the WPA handshake and then crack the handshake using the Aircrack-ng tool.
To capture the handshake we first have to put our network card in monitor mode and we’ll be doing this by entering the following two commands in our terminal
// to kill all unnecessary processes that can disturb our actual work we will use the following command.
~$ sudo airmon-ng check kill
[sudo] password for user:
Killing these processes:
PID Name
964 wpa_supplicant
After this step, your Wi-Fi will be disabled now it’s time to put our NIC in monitor mode
//Command
~$ sudo airmon-ng start wlan0
wlan0 is the NIC name it can be different in your case check yours by entering ‘iwconfig’ in your terminal.
If no error occurred your NIC should be in monitor mode. Run ` iwconfig ` for checking the current status of your card
In the above screenshot you can see that our NIC is now in monitor mode now you will enter the following command in your terminal to start listening to your WPA handshake. First you have to run a general command to check which networks are available.
~$ sudo airodump-ng wlan0mon //wlan0mon is new name of our NIC
After running the command you’ll see similar results in this screenshot
After choosing your target you can copy the BSSID and channel of your target to a separate text file because we’re going to need this later when attacking a certain target. Now we can exit this process by CRTL+C or pressing ‘q’ two times.
Now we’ll use our saved BSSID and channel number to start capturing the handshake of our specific network.
We’ll use two emulator windows now one for capturing and the other for de-authenticating a user from the network to let it connect back and give us an authentication handshake J
Window 1!!
~$ sudo airodump-ng -d [bssid of target i.e 34:00:A3:11:72:70] –c [channel of target i.e 1] –w cap file
This will start capturing the packets of the network now we need to request a de-auth on this network so at least one target should disconnect. As shown below
Window 2!!
~$ sudo aireplay-ng -0 4 –a 34:00:A3:11:72:70
After this wait for a while and check if you are able to catch the WPA handshake as shown in the photo
If for some reason you are not able to catch the handshake run that aireplay-ng command again and again till you get the WPA handshake. Remember that -0 [number] is the number of de-auth requests you wanted to send to the device.
You should keep it between 3 to 8 and wait before repeating this command at least for 30 seconds.
After getting the WPA Handshake now it’s time to crack it into the password.
As we saved our capture result by –w capfile so our password should be in capfile-01.cap file that we’ll now crack.
Enter the following command in your terminal
~$ sudo aircrack-ng capfile-01.cap –w [path to wordlist i.e /usr/share/wordlists/rockyou.txt]
It’ll start capturing and once it’s done cracking it’ll show the result like this
TADA, we hacked our first Wi-Fi, Congratulations buddies.
I like this method because it may be a bit slower but it never disappoints us. It’ll always give us results, of course, if they are in the wordlist. Also, it’s very easy to learn.
Hashcat and hcx dump tool method (uses GPU power).Hack WPA/WPA2 Wi-Fi
This method uses GPU to brute force the password. Here we will discuss the commands and actions we can use to crack the password using our GPU.
So let’s start to know about to hack wpa2 wi-fi
First of all, we have to disable our services that may disturb our actual work for doing this we’ll enter these two commands
sudo systemctl shutdown NetworkManager.service
~$ sudo systemctl stop wpa_supplicant.service
The order of these commands is very important to avoid any problems later.
As now we have stopped the services, we can start our actual hacking process
Run this command to get the raw data of every network available.
~$ sudo hcxdumptool -i wlan0 -o dumpfile.pcapng –active_beacon –enable_status=15
You can change the name of your output file according to your need. I prefer naming it dumpfile.pcapng
Let this process run for a while so it actually get something in its dumpfile.
After about 10 to 15 minutes or whenever you see ‘EAPOL’ with your target network, you can stop it. The dumpfile is created but we need to still convert it to a hash file to process our brute force on it.
Let’s convert it to a hash file by entering the following command.
~$ sudo hcxpcapngtool -o hash.hc22000 -E essidlist dumpfile.pcapng
Remember the dumpfile.pcapng is the file name you gave while starting monitoring.
This will take 3 to 5 seconds to convert your pcapng file to hash.hc22000 file.
Note: Sometimes your generated hash file can be empty in this case you need to start the process from start. It happens because of less time given while scanning or maybe no handshake was captured.
Once you generated the hash.hc22000, write the following command to view it.
~$ sudo nano hash.hc22000
You can use any editor like vim, gedit, etc. but I’ll use nano because it’s easy to use.
Your file may contain more than 1 hash line but you need to select any one line of the given by searching it with your target’s mac address.
Once you deleted all the extra lines press CRTL+X to close nano and press Y to save the file and then press ENTER.
Once you saved your hash file with your target you can now enable all the services you disable first. Enter the following commands in your terminal.
~$ sudo systemctl start wpa_supplicant.service
~$ sudo systemctl start NetworkManager.service
Now your internet will work.
Finally, it’s time to get the Wi-Fi password from our hash.hc22000 file. Enter the following command in terminal
~$ hashcat -m 22000 hash.hc22000 /usr/share/wordlists/rockyou.txt
It’ll take some time and will get your password if it were the wordlist. Professional hackers with bigger resources use this technique and they also use bigger wordlists.
After some time it’ll show you the result of the cracked hash. In my case, it took less than a minute also my GPU isn’t so strong so it will take less time on bigger GPUs.
Practice, practice, and more practice will make you perfect. And you know very well to Hack WPA/WPA2 Wi-Fi
How to protect your network from being hacked. Hack WPA/WPA2 Wi-Fi
- Use a stronger password for your Wi-Fi
- Never use only numerical combinations just because it’s easy to tell
- Nowadays phones come with scan-to-connect functionality so it’s not a problem if your password can’t be easily told.
- Use more than 1 SSIDs, 1 for personal use and others for guests or anyone you’ve to tell passwords
- Remember a hacker inside your network is inside every device of yours, Wi-Fi password is your protection wall so try to make it as stronger as you can
- Hide your SSID because a hidden SSID can’t be detected by hackers
- Keep software and operating systems up to date.
- Use strong passwords and two-factor authentication.
- Limit access to privileged accounts. 4. Implement a firewall and configure it properly.
- Monitor activity on your network.
- Use encryption to protect sensitive data.
- Use secure protocols and VPNs.
- Educate your users about cyber security.
- Employ anti-malware and anti-spam measures.
- Regularly back up your important data.
Conclusion about Hack Wpa/Wpa2 Wi-Fi
In this blog, we discussed how to hack WPA/WPA2 Wi-Fi.
Wi-Fi using Aircrack-ng (method#1) and Hashcat and Hcxdumptool (method#2). Unfortunately, this isn’t a topic to be concluded in a few lines so read the whole article and choose which method you want to use for hacking a Wi-Fi network.
We’ll be comparing our methods here, if you have a stronger CPU you should use method#1 because it uses CPU power to get the Wi-Fi password and method#2 uses GPU power. Method#2 is a bit faster because of GPU’s immense power. So choose wisely but you can try both methods.
All information about Hack WPA/WPA2 Wi-FI provided above is for educational and learning purposes any misuse of this information by any reader is not the responsibility of ONEK Tech.
Have a nice day 🙂
Abdullah khan.
Great Work Informative for me. A lot of Thanks