Wpa is most common WiFi security that we use today. Its algorithm is secure enough, but still, you can hack it.
I have found two best way to hack WPA wireless network. First one is best for those who want to learn wifi hacking. The second method is best for those who want to hack wifi without understanding the process
This is still the most common way to hack WPA network. If you are looking for content to learn WPA hacking, then it is perfect for you.
Anyway, today our topic is how to hack WPA or wpa2 wifi from your home or without any signal.
If you are completely new to hacking then read my post hacking for beginners
In this technique, nothing new same software Aircrack-ng and crunch Just modified commands in the right way.
And you haven't wait for until a client joins that network. I will show you how to disconnect the client from the router.
Ok, let's start.
Ignore above warning if you did not understand this.
If you have any suggestion, complaint or unable to understand then don't forget to leave a comment.
I have divided tutorial into 2 parts. part 2 can be done from your home but for part 1 you need the wifi signal.
Part 1: Capturing WPA Handshake
what is WPA handshake
Power on your Machine and open terminal.
If you are not log in as the root user, then it will ask for root password.
Next step type ifconfig and press enter. It will show all available network interface. Take a look all of these. If there is wlan0 is present, then you can go ahead. In some distribution, it is named something different like wlXXXX. It indicates that you can use wifi.
Next step is about killing your internet. It is important. Here is the command.
ifconfig wlan0 down
Next step is about enables monitor mode.
iwconfig wlan0 mode monitor
Above command will enable monitor mode. You have to enable monitor mode. Monitor mode is used see information about wifi networks that are available in our range. For disconnecting the client from network monitor mode is important (read full post you will understand what I am talking about).
After that, you need to kill (stop) some computer process.
airmon-ng check kill
It will kill all the process that can cause a problem in wifi hacking. For e.x. Network manager. We all of us enable auto-connect to our network. For hacking, it causes a problem, so you have to stop this process.
After that, you can see all available network (depend upon your wireless card range). I from a village so there is only one wifi network available. To do this run following command.
It will show all network with a lot of information. It will continue until you did not stop it.
Press ctrl+c to stop it.
Next step is important to See everything about your target network BSSID is mac address ESSID is the name of Network. ENC shows security used network. Before going ahead make sure it is WPA or wpa2. CH shows your channel number.
Depending upon your target you have to change channel number. In my case, it is eight look it above screenshot.
iwconfig wlan0 channel 8
Your adapter channel will change from anything to 8.
Using following command you can capture WPA handshake.
airodump-ng -c 1 -bssid 90:8D:78:73:34:12 -w scan wlan0
Here -c is channel no. and --bssid is the id of a target network. -w is the file where we want to save handshake with the name of the scan.
This will try to capture handshake mean wait until somebody is not joining your wifi (which makes no sense). But you did need to wait. Open a new terminal and run this aireplay-ng -0 0 -a bssid here. Here is the full command.
aireplay-ng -0 0 -a 90:8D:78:73:34:12 wlan0
It will launch dos attack on Router so all connected devices(client) will be disconnected. When any device disconnects from the router, you will see WPA Handshake captured in the previous terminal.
When the handshake is captured press ctrl+c to stop aireplay-ng. It is important to stop because it stops internet of WiFI.
As you see I have posted the screenshot of both terminals. You can see WPA handshake is captured so no need of the second terminal.
Now part 1 is complete go back to your home. To confirm type ls if there is any file with the name of scan-01.Cap here is the screenshot.
Now relax because next steps are bit different from above commands.
Now you can go back to your home because the next steps can be done from anywhere in the world.
We have captured WPA handshake, but now we have to crack it using wordlist attack.
I hope you wordlist attack in hacking for beginners post (scroll to top)
If you already know then great. We will create word list text file using crunch.
Command to create the wordlist.
crunch min max characters -o filename to save results
Crunch 8 10 1234567890 -o password.txt
it will create a wordlist of digits 1234567890 (you can use characters too) where minimum length is 8 and the maximum length is 10. All that words will be saved in the password.txt file.
aircrack-ng -w password.txt scan.cap
it will try every word of password.txt as password. if password is in the file it will show you something like this.
Tips to Make cracking process faster:
- Close unnecessary tabs it will create process fast.
- Use More than One Computer with different word list files.
Task is not complete
Know you have hacked wifi, but you have to type some commands for disabling monitor mode and starting NetworkManager here are these commands
If you want to understand this technique read aircrack-ng method before this
One main problem with aircrack-ng is that it become long process when password length is greater than 8.
Some people use the unique character in the password which makes impossible to hack.
Fluxion is the solution to all these problems. It is future of wifi hacking
It is easy to use, and your task will be complete within few minutes.
Ok, no more words.
How fluxion works?
Well, first of all, it captures WPA handshake automatically and then applies Man in the middle attack.
Ii will ask your victim for the password (see the screenshot).
You know Best thing about Fluxion is
If user types the wrong password, it detects automatically (because it capture WPA handshake, so it try user input as the password using aircrack-ng ) and shows user warning like this
Mean your wifi hacking passwords chance are 99% (fucking amazing 🙂 ).
When victim typed correct password, then all service will be stopped running by fluxion, and so the user can use the internet.
Here is how to install it and use it
it is available at GitHub run this command to clone it.
git clone https://github.com/wi-fi-analyzer/fluxion.git
This command will save it to the current working directory which is ~ in my case.
After downloading we need to navigate to that directory so do it
This directory has some directories and files. But need to run only one bash script
This command will start fluxion script and detects all that is required. If any package is missing install because for a successful attack you need all packages.
In the case of Kali Linux or parrot, you haven’t do anything.
As you see in the screenshot you need to select your language. I am assuming that you know English so press 1.
In next step, it needs to scan your area you can select all channel or the specific channel. My router channel settings are set to auto So I will choose 1 for scanning all channels.
As you can see it will show you all networks available in your range when you see your target network close WIFI Monitor window.
On closing, it will show your networks in the terminal. In my case three networks available. You can select network using their ID I want to hack Maan network so I will choose 2.
In next window, you need to select attack option. Basically, it is how you create your own network. I will advise you to choose Hostapd which is also recommended by Fluxion and airbase-ng is buggy. Seriously it is.
Next step is about the location of handshake file. you can pass your own path but no need of it. Just press Enter. It will select automatically.
Hmm, you choose your path for handshake file but how you capture your handshake. There are two ways
- By pyrit
You can choose anyone but Fluxion recommended pyrit So select by pressing 1
This is essential step how you want to capture handshake Do you want to disconnect all devices or a specific one.
I recommended one because it asks for the password everyone.
So everyone supposed it would be definitely by ISP.
Pressing one will disconnect all devices connected to the network.
It will open three terminals.
1.One is for capture handshake
2.Second is for disconnecting client so you can capture handshake without waiting for the client who joins the network.
3. Third is fluxion so you can stop other two terminals when handshake is captured
Hey, beginner how to read it carefully, When you see WPA handshake is captured like this screenshot. Immediately press 1 in your terminal. Deauthing devices from the network stop internet
It will stop other two windows and ask for the SSL certificate. GO ahead and select 1.
Next window about interface you have only one option web interface select it.
Selecting the SSL certificate it needs the language of password login page. Choose your language. I will select English.
When you select the language fluxion script will open 4 terminal.
On the other side, your victim who is using wifi will be redirected to page like this
Suppose user type wrong password but I told you it capture WPA handshake so it will detect the wrong password and show a warning to the user.
IF you victim used the correct password, then he can use the internet.
Here is how got password using aircrack-ng and close all other processes. So your victim can use the internet without any problem
How to secure your wifi network from Fluxion
Best way to secure your WiFi is reduce your WiFi signal. Believe me it is very powerful. If you want to know how to fully secure you WiFi all attacks Read this How to secure your WiFi password