Disclaimer! Hacking Wireless networks that you do not own is forbidden in all the Countries. This Article has been created for Educational purpose only.
The Internet is a necessity today. From your work to your leisure, you are dependent on the internet.
It may be possible that internet connectivity is not available in an urgent situation. But, there are public Wifi Hotspots in the vicinity. Unfortunately, they all are secured with passwords.
You’d be helpless in this particular situation if you don’t know ways to hack public Wi-Fi Hotspots.
Most of the Wifi hacking apps available on the internet can trick you into installing adware. You will end up infecting your computer with malware or unrelated software. They don’t serve the purpose of cracking Wifi passwords.
This post aims to create awareness about the genuine apps and software that can be used for cracking Wifi passwords.
No idea how Wifi works? Watch this video on youtube
There are two principal ways to crack Wifi Passwords:
Passive sniffing, where the laptop’s Wifi settings are adjusted to detect and decipher all the network activities happening through a particular hotspot.
Man-in-the-middle Attack is another way in which a hacker sets up a fake Network Access point and tricks the user into connecting to it.
Before we discuss any further, let us have a look at the evolution of encryption levels in the Wifi hotspot security.
Wifi Encryption levels
It all started with WEP in the last decade of 20th century. WEP stands for “Wired Equivalent Privacy” which was launched in September 1999. From the starting, it was not a strong security system. It had many flaws. With time, increased revisions led to longer encrypted keys, revised algorithms for better protection until it was hacked officially by FBI using free software. Later, it was discontinued from 2004.
“Wifi Protected Access-Pre-Shared Key” (WPA-PSK) was the successor that used 256 bit key for advanced and stronger protection. A Special protocol called “Temporal Key Integrity Protocol” (TKIP) was used in WPA-PSK that was more secure than WEP.
But TKIP was an upgraded component for WEP that utilised some of the elements incorporated in WEP. This led to a security breach in WPA-PSK as well.
WPA2-PSK succeeded WPA-PSK. WPA2-PSK incorporated “Advanced Encryption Standards” (AES) algorithm for stronger encryption. But still, the “hashed password” obtained during the 4-way handshake (authentication protocol), can be cracked using Wi-Fi cracking softwares. Towards the end of this post, we have discussed cracking Stronger WPA2-PSK Wifi passwords using widely used Wifi hacking suite.
Six Ways to Hack any Public Wifi hotspot.
Let us now read on to know the various ways that i will be discussing here:
- Getting quick Access by Pressing WPS button
- Stealing Wifi passwords from already connected devices
- Using Wifi password sharing apps for Smartphones
- Using Wifi Hacking apps for Smartphones
- Stealing Wifi Passwords using “WifiPhisher” Hacking Tool
- Cracking Strong WPA2 Passwords using AirCrack-NG and Cowpathy.
The First Four methods are the easiest ones (straight forward) and need not require any extra efforts from your side.
While Methods 5 and 6 are also easy to execute, You will need to put in your efforts wisely and requires you to have Good Knowledge of Terminal Commands. Above all you need to have a lot of patience.
So lets get started!
1) Getting quick Access by Pressing WPS button
This is the easiest method of getting access to a wireless network.
Most of the routers have a Wireless Protected Setup (WPS) button adjacent to the Ethernet ports. You just have to press the button to activate it.
Your device will show the available wireless networks. Select the preferred network and you are all set to surf the internet.
Not only router but wireless printers and other wireless devices also have WPS button. The connecting procedure is similar to that of the router.
Watch these videos for detailed Instructions:
The wireless network can be secured using an eight digit PIN code as well. You can either use the predefined PIN available in the WPS configuration page or set up the PIN code for the client to access the network.
In some cases, The PIN is also printed on the back side of the router. All you have to do is enter this PIN instead of Access point Password and you are in.
But what if you cannot reach out to the router? You could just try all the PIN combinations since the PIN code is vulnerable to brute attacks by the hackers. The code is stored in two separate blocks in the router. A hacker, with simple tools, can find the PIN code by brute force attacks and access the wireless network. Read on to method 4 to know the app that does just this.
2) Stealing Wifi passwords from already connected devices
This one is easy to accomplish. Let’s assume, you want to connect your device to the wireless network.
Now, you may remember the password or you don’t. In the latter case, you can either send a password information request to the administrator or you can directly ask for it.
If the administrator is your friend, don’t hesitate in grabbing the device and reveal password from the settings!
Here’s what you have to do:
For windows machines:
Open “Command Prompt” in Administrator mode (search for CMD, Right-Click on it and choose Run as Administrator )
Enter the following Command and Hit ENTER to reveal Wifi Password:
netsh wlan show profile name=hacker9 key=clear | findstr Key
Your password will be displayed in plain text next to “Key Content” field.
[ * ] Replace “hacker9” with your network name “SSID” of the WiFi hotspot you want to connect to.
Open Terminal >> Type the following command >> Hit Enter.
security find-generic-password -wa hacker9
You will be asked to authenticate yourself, Enter your Mac username and password and click ok. Your password will be displayed on the screen in plain text.
For Android Smartphones:
If your Android phone is Rooted, you can use this “Wifi Password Viewer” app to reveal your wifi password.
3) Use WiFi password sharing apps for Smartphones
There are smartphone apps with a database of credentials of various Wi-Fi access points across the world.
These Public but protected Wi-Fi access points can be of any coffee shop, hotel or hospital.
The users, who have already accessed these protected Wifi hotspot, share the details in the app for others to use.
In these apps, you could find the Wifi password of a restaurant in your locality or if you are traveling in any part of the world, there is a possibility that you get Wifi access information of a café or Airport there.
Here are some of the popular apps:
4) Use WiFi Hacking apps for Smartphones
There are two kinds of Wifi password cracking apps for smartphones.
1) Apps that abuse WPS PIN vulnerability found in the Router
These sophisticated apps can hack WPS-enabled Wifi Hotspots by exploiting the WPS protocol. Some work on rooted devices while others are compatible with non-rooted devices. At the same time, there are apps that can work on both rooted and non-rooted devices.
Popular apps that abuse WPS vulnerability:
These apps make use of various algorithms like Zhao, TrendNet, Dlink and Arris to crack the password.
2) Apps that use Bruteforce and Dictionary attacks to crack passwords
Brute force attack is a trial and error method for deciphering the password. You can enter the alphabets and length of the password and the app will try all the possible combinations.
WIBR Plus is one such app for Android that will let you hack any Wifi connection that uses a weak password protection.
Essentially, the app makes use of a brute force attack that allows you to perform dictionary-based attacks on the targeted router and discover the password.
It may take from few thousand attempts to millions depending upon the password strength.
5) Stealing Wifi Passwords using “WifiPhisher” Hacking Tool
Note: Before you start reading about his method, I recommend you to go through Method #6 to understand what “Hacking suite” is made up of and what hackers rely on.
WifiPhisher has a different approach to obtain Wifi passwords.
In this method, The user itself reveals the password and you don’t need to crack the password by exploiting the algorithm or employing brute attacks.
Sounds Good?.. Yes, you can steal WiFi passwords using WiFiPhisher Tool from any secured network.
WifiPhisher uses the man-in-the-middle approach where the attacker creates a replica of the original Wireless Access Point. After that it compels the user to de-authenticate from the existing access points by jamming all the access points.
When the user tries to re-authenticate, the exact but fake Wireless Access Point’s interface is displayed with a webpage that notifies them that a “firmware upgrade” has taken place, and that they need to authenticate again.
The user Enters the password on that webpage thinking its a legitimate warning. The password is then passed to the hacker who had set-up fake Access point and as soon as he receives the password he then allows the user to connect to the real access point by disabling his fake one. This way, Wifi network credentials can be obtained.
Full Tutorial here: How to use WifiPhisher
Official Github repo: WifiPhisher
6) Cracking Strong WPA2 Passwords using AirCrack-NG and Cowpathy.
Till now, we discussed simple tricks and smartphone apps that can help in cracking or stealing the Wi-Fi hotspot password. With WPA2 encryption, most of the times, it is difficult to crack the password.
As mentioned earlier, WPA2 uses Advanced Encryption Standards (AES) protocol. This results in longer and stronger passwords.
To crack WPA2 wifi passwords, you need a reputed and effective hacking suite. Using a hacking suite requires software and hardware with heavy configuration.
Hackers and Penetration testers around the world use “Kali Linux Operating System” for carrying out any type of hacking, Including Wireless hacks.
Inside Kali OS, There are different hacking modules for different purposes. Aircrack-NG is the most widely used wireless hacking suite (module) in the world. It comprises of a complete set of tools that can be used for maneuvering and cracking Wi-Fi networks.
Despite being the most advanced hacking suite, it is sometimes very slow in cracking passwords. To compensate the slow speed, researchers have developed another wireless hacking tool called CoWPAtty which is an alternative for Aircrack-NG but often hackers use both to get optimal results. I.E. CoWPAtty can be used to speedup cracking WPA2 password by implementing dictionary or brute force attack.
Let us look at the basic steps to successfully crack strong Wifi passwords:
Our main task is to obtain “encrypted password”, So that we can decrypt it for plaintext password.
The first step is to make sure that our Wifi adapter/card is able to receive all traffic data. By default your wireless card will only receive packets that are intended for it.
But since you do not have access to the network, you will not receive any traffic data unless you convert your wireless card into a promiscuous mode.
So the first tool that is being used is Airmon-ng, which will allow our wireless card to hook-up with traffic data, no matter it was intended for it or not.
The next tool that is neing used is Airodump-ng, which enables us to capture packets that we are interested in.
This tool will display all the Access points nearby with their BSSID (MAC address) including other information like the channel, the encryption method, the speed, the type of cipher used to hash the password, SSID, etc. We will be focussing only on the BSSID and the channel.
After finalising on best Access point with Knows SSID/ESSID, we will be carrying out attack on this particular Access point. To be able to capture the encrypted password for this Access point, we need to capture the 4 way handshake (authentication protocol) and this is only possible when someone (other client) is in the process of authentication.
To be able to achieve this scenario, We will first de-authenticate any client and allow them to authenticate again. So we use another tool called Aireplay-Ng to de-auth any user.
Once we de-auth the client, he will automatically try to authenticate again and during this process out previous tool Airodump-ng will silently attempt to grab their encrypted password in the new 4-way handshake.
Now that we have the encrypted password, we now attempt to crack it by using a password file (Default password list included with aircrack-ng). Depending on the length of your password list, It might take a few minutes to a few days.
Refer this tutorial on using Cowpatty – Wireless hacking tool.
If you are using a normal PC to decipher the hashed password, it can take years to crack it. This is because of infinite possible combinations of characters.
To simplify your job, You need a fast and reliable multi-core CPU. Given the infinite number of possible combinations for a password, you cannot process the software on a normal CPU. The cores in the CPU make difference. Opt for a multi-core processor before initiating password cracking process.
You also require a powerful wireless adapter. Now, your device already has a WiFi adapter/card that can detect network and connect to them. But, it cannot be used for the hacking purpose. We cannot initiate our hacking process without the right wireless adapter.
The adapter should be able to accomplish two tasks. First, it should work in the monitor mode where it can detect all the networks irrespective of the frequency.
Secondly, it should be able to inject as well as detect all the packets in the air. A packet is a unit of data that is being transferred from the access point to the user and vice versa.
Now you know that you do need powerful resources to actually hack strong Wifi passwords and it is a Big deal to make your wireless passwords as much strong as possible.