Open in app

Sign in

Write

Sign in

WIFI Hacking (My Favorite Write up`s Till date)

Akash Venky
7 min readSep 28, 2022

What is wifi hacking ?

Wireless networks are accessible to anyone within the router’s transmission radius. If your Password/Access is compromised then your hacked.

By using a technique called DNS (Domain Name Server) hijacking, hackers can breach the security of your home Wi‑Fi and potentially cause you a great deal of harm. They can redirect your traffic to a website run by them, causing you to unwittingly give your credit card number or Facebook login credentials to a criminal.

Wifi hacking is essentially cracking the security protocols in a wireless network, granting full access for the hacker to view, store, download, or abuse the wireless network. Usually, when someone hacks into a Wifi, they are able to observe all the data that is being sent via the network.

— — — — — — — — — —-Don't Try this unofficially …!!! — — — — — — — — — — — -

Is WIFI hacking a crime?

hacking a Wi-Fi network, regardless of the fact that it is public or private, is a punishable offence, as laid down under Section 66 of the IT Act. According to the section, it will be punishable with imprisonment for a term of up to three years or with a fine of up to five lakh rupees, or with both.

How is WIFI hacking done?

The most common practice that hackers use is called sniffing. This method allows hackers to hijack any packet of data that is being transmitted between a device and a router. Once the packet has been hijacked, the hacker transfers it onto their device and runs brute force programs on it in an attempt to decipher it.

Few Keywords in WIFI Hacking:

WiFi Adapter/WiFi Interface: This is the piece of hardware in your computer that transmits and receives signals, and thus allows your computer to communicate with wireless networks.

Station: WRT wireless networking, a station is simply a computer that can communicate on an 802.11 network. As a user with a laptop connected to a wireless network, you would be considered a mobile station. I

Access Point/Router: An access point is a device that facilitates a mobile station’s access to the internet via a wireless medium.

Infrastructure mode: A network of stations connected to an access point. The access point maintains the routing table of all connected stations and facilitates a connection between those stations and the internet.

Ad-hoc mode(IBSS): An ad-hoc network is a network of computers connected directly to each other. Each computer maintains their own routing table, which is dynamically changing because routes are constantly adapting based on the best path. The computers can share files and data with each other, but are not connected to the internet unless perhaps one of the computers in the ad-hoc network has a route to the internet via Ethernet.

Monitor Mode: This mode allows a WiFi adapter to pick up all manner of data packets from any stations in the vicinity whose traffic the network card is capable of detecting.

MAC (Media Access Control) Address: This is a unique identifier in the form of a 48-bit hexadecimal number. Which has been kept during manufacturing of systems.

SSID: The SSID the actual name of your wireless network.

Encryption: Here’s where you actually use a password to be able to use the access point to reach the internet. It’s not as simple as just sending the password to the router through the air.

WEP and WPA

WEP

WEP is the acronym for Wired Equivalent Privacy. It was developed for IEEE 802.11 WLAN standards. Its goal was to provide the privacy equivalent to that provided by wired networks. WEP works by encrypting the data been transmitted over the network to keep it safe from eavesdropping.

WEP Authentication types:

Open System Authentication (OSA) — this methods grants access to station authentication requested based on the configured access policy.

Shared Key Authentication (SKA) — This method sends to an encrypted challenge to the station requesting access.

WEP Weakness

WEP has significant design flaws and vulnerabilities.

  • The integrity of the packets is checked using Cyclic Redundancy Check (CRC32). CRC32 integrity check can be compromised by capturing at least two packets.
  • WEP uses the RC4 encryption algorithm to create stream ciphers. The stream cipher input is made up of an initial value (IV) and a secret key. The length of the initial value (IV) is 24 bits long while the secret key can either be 40 bits or 104 bits long. The total length of both the initial value and secret can either be 64 bits or 128 bits long.
  • Weak Initial values combinations do not encrypt sufficiently. This makes them vulnerable to attacks.
  • WEP is based on passwords; this makes it vulnerable to dictionary attacks.
  • Keys management is poorly implemented. Changing keys especially on large networks is challenging. WEP does not provide a centralized key management system.
  • The Initial values can be reused

Because of these security flaws, WEP has been deprecated in favor of WPA

WPA

WPA is the acronym for Wi-Fi Protected Access. It is a security protocol developed by the Wi-Fi Alliance in response to the weaknesses found in WEP. It is used to encrypt data on 802.11 WLANs. It uses higher Initial Values 48 bits instead of the 24 bits that WEP uses. It uses temporal keys to encrypt packets.

WPA Weaknesses

  • The collision avoidance implementation can be broken
  • It is vulnerable to denial of service attacks
  • Pre-shares keys use passphrases. Weak passphrases are vulnerable to dictionary attacks.

How to Crack WiFI (Wireless) Networks

WEP cracking

Cracking is the process of exploiting security weaknesses in wireless networks and gaining unauthorized access. WEP cracking refers to exploits on networks that use WEP to implement security controls. There are basically two types of cracks namely;

  • Passive cracking– this type of cracking has no effect on the network traffic until the WEP security has been cracked. It is difficult to detect.
  • Active cracking– this type of attack has an increased load effect on the network traffic. It is easy to detect compared to passive cracking. It is more effective compared to passive cracking.

WiFi Password Hacker (WEP Cracking) Tools

  • Aircrack
  • WEPCrack
  • Kismet
  • WebDecrypt
  • Metasploit
  • Wireshark
  • Nmap
  • Ophcrack

General Attack types

  • Sniffing– this involves intercepting packets as they are transmitted over a network. The captured data can then be decoded using tools such as Cain & Abel.
  • Man in the Middle (MITM) Attack– this involves eavesdropping on a network and capturing sensitive information.
  • Denial of Service Attack– the main intent of this attack is to deny legitimate users network resources. FataJack can be used to perform this type of attack.

How to Hack WiFi Password

There are many numbers of Open source untrusted tools with false (95%) and true (5%)results. Also if your running Operating system on VM`s then WIFI hacking is not possible.

Cain and Abel (Wify password hacking tool)

Wifite (Wireless security audit)

Kismet (wireless network sniffer)

Wifiphisher (to perform MITM attacks by exploiting Wi-Fi)

CloudCracker (password cracking tool for cracking WPA Wi-Fi)

CoWPAtty (password-cracking tool attacks to crack WPA passwords)

Reaver (open-source password-cracking tool)

Fern Wifi Wireless Cracker (cracking WEP/WPA/WPA/WPA2 keys on Wi-Fi)

Sample WIFI Hacking Process

When you want to hack wifi, you need to capture “handshake”. With handshake you do not need to be in wifi range anymore, you can hack password with handshake and wifi name. Now you need to capture all the packets that are sent through the wifi router and all personal computers in network.

  1. Capture the Wifi traffic in wireshark and save in cap file

2. use Aircrack.ng and crack the password.

>aircrack-ng [handshake filename] –w [wordlist] [interface] Ex: >aircrack-ng is-01.cap –w list wlan0mon

Catching handshake

  1. Start airodump-ng on the target AP (Access Point):

The syntax is something like this: >airodump-ng — channel [channel] –bssid [bssid] –write [file-name] [interface] Ex: >airodump-ng –channel 6 –bssid 11:22:33:44:55:66 — write out wlan0mon

2. Wait for a client to connect to the access point, or DE authenticate a connected client (if any) so that their system will connect back automatically.

The syntax is something like this: >aireplay-ng — deauth [number of deauth packets] –a [AP] –c [target] [interfac] Ex: >aireplay-ng –deauth 1000 –a 11:22:33:44:55:66 –c 00:AA:11:22:33 mon0

Note: If the handshake catched, kali will inform you by top right corner of airodump-ng will say “WPA handshake”.

Standards for WIFI Network IEEE (Institute of Electrical and Electronics Engineers) 802.11

IEEE 802.11 is part of the IEEE 802 set of local area network (LAN) technical standards, and specifies the set of media access control (MAC) and physical layer (PHY) protocols for implementing wireless local area network (WLAN) computer communication.

The next write up has Live Scenarios on WIFI Hacking….!!!! STAY TUNNED for more updates

Suggestions are most welcomed,

Please write a mail to Akash.venky091@gmail.com, Also you can follow me here for more updates on Security, Ethical hacking Akash Venky or contact me @ https://www.linkedin.com/in/akash-h-c-4a4090a7/

Hacking
Cybersecurity
Security
Wifihacking
Bug Bounty

--

--

Akash Venky

Written by Akash Venky

243 Followers

A white hat Hacker...!!!

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams