Table of Contents
Hacking WiFi or Wireless WLAN networks isn’t easy. You may find several videos on YouTube promising to hack and crack WPA/WPA2 WiFi password. However, almost all of them are mostly fake or doesn’t work.
You see cracking WEP protected WiFi network is too easy but hacking and cracking a WPA/WPA2 protected WiFi is quite difficult. Now I will not go into the details what is WEP/WPA/WPA2 etc. You can find details on these authentication methods on the web.
In this guide, I will show you how hackers actually hack a WiFi password of a WPA/WPA2 protected WiFi router by exploiting its weakness.
DISCLAIMER: This guide is for educational purposes only. It shows proof of concept that WPA/WPA2 passwords can be cracked by exploiting WPS Pin.
DO NOT USE THIS FOR ANY ILLEGAL ACTIVITY.
The Weakness of WPA/WPA2 WiFi
Modern WLAN routers enabled with WPA/WPA2 comes with a wireless network security feature called WPS or Wi-Fi Protected Setup.
WPS helps connecting wireless devices to a WPA/WPA2 protected WiFi router without a password, much faster and easier. This authentication is done through 8-digit WPS pin.
If a WiFi router is WPS enabled, you can crack this 8-digit pin and then use this pin to get the WiFi password.
And the good or maybe bad thing is that most WiFi routers come with WPS enabled by default. So in this guide, we will exploit the WPS feature of the WPA/WPA2 protected WiFi network to crack the WiFi password.
NOTE: Some routers come with a WPS push button. Unfortunately, this method works with routers configured not to use the WPS push button.
Steps to Hack WPA/WPA2 WiFi Password
To crack WPS pin and hack WPA/WPA2 WLAN password, hackers use Kali Linux setup. It could be on VirtualBox or an actual laptop or PC with WiFi. If your PC doesn’t have WiFi, get a compatible WIFi dongle.
You may also buy single board computer such as Raspberry Pi 3 or Raspberry Pi 4. In this guide, I am using my old Raspberry Pi 3.
I have installed Kali Linux OS on it and currently accessing it over SSH commands through my Macbook. Quite easy to setup. Here’s a guide to setup Kali Linux on Raspberry Pi 3 or 4.
Did you know that you can install Kali Linux on Android Phone without Root.
Step 1: Scan WPS Enabled WiFi Networks
To scan WPS enabled Wireless network, you need to start your system’s WiFi in monitor mode. Login to SSH or open terminal window in your Kali Linux Machine and type following commands.
sudo apt update && sudo apt upgrade
Wait until this completes. This may take a while. Then enter following commands
The command displays the wireless adapter if found on your system. You may need to install drivers for WiFi on kali Linux machine to access the WiFi adapter.
ifconfig wlan0 down
This will shutdown the wlan0 WiFi adapter. Now restart the wlan0 network in Monitor Mode by entering following command.
airmon-ng start wlan0
To check if the WiFi is running in monitor mode, enter following command.
Note the wireless adapter name which is running in monitor mode. In this case, it’s wlan0mon
Now, your system is ready to scan WPS enabled WPA/WPA2 Wifi network. To scan all nearby WPS networks, enter the following command.
wash -i wlan0mon
If this doesn’t work, install reaver by entering
apt-get install reaver command in the terminal. After this, try the above command to scan WPS networks.
In case the wash command executes but doesn’t display results, run
mkdir /etc/reavercommand and then enter the
Wash -i wlan0mon command.
After 30 seconds, you can press CTRL+C to stop scan.
Step 2: Hack WiFI Password by Cracking WPS PIN
Then open a new terminal and enter this command to run reaver for a brute-force attack on WPS router.
reaver --bssid 40:31:3C:E7:40:82 --channel 11 -i wlan0mon --vvv -no-associate
40:31:3C:E7:40:82 with the WiFi router’s BSSID that you want to hack and crack. Then open another terminal window and type the following command.
Copy the wifi adapters’ mac address which is the first 12 digits. In this case, it’s wlan0mon. Then in the previous terminal window, run the following type,
aireplay-ng --fakeauth 20 -a 40:31:3C:E7:40:82 -h B6:23:ED:3V:42:6S wlan0mon
40:31:3C:E7:40:82 with BSSID of the WiFi network that you want to crack and
B6-23-ED-3V-42-6S with mac address of your WiFi adapter that you copied in earlier step. Remember to replace
: in the mac address.
This will help connect to the WiFi network once pin is cracked. Let both run in different terminal windows until reaver cracks the WPS pin and displays the WPA/WPA2 password.
As you can see in the output window, reaver is trying different WPS pins to connect with the router. It will continue doing it until it finds the WPS pin. Once it gets the WPS pin correct, it immediately displays the WPS pin and the WPA/WPA2 password.
You can now use this password to connect to that WifI and monitor all their activity using various Kali Linux tools.
Resolve Common Errors
If an error such as this comes up, kill the WiFi adapter processes by entering
airmon-ng stop wlan0mon command. Then restart wlan0 adapter in monitor mode with the same channel as of the WiFi network that you want to hack. In this case, the WiFi network has channel 11. So we run command
airmon-ng start wlan0 11 commands.
So my suggestion, keep WPS off if you don’t use it. That way, you can prevent hackers from hacking your WiFi.
This will resolve the error. Please subscribe to my YouTube channel. I will soon upload a video tutorial on this showing how it’s done. So if you are curious but find these written steps hard to follow, subscribe now and turn on notification by pressing the bell icon so that you get notification of the video as soon as I upload.