Hi Everyone,
This is the part2 tutorial on How to hack wifi | Wifi Hacker to hack wifi for free
Lets continue...
As evident from the Image, My Wireless Interface "wlan0" has been enabled for monitor mode at "mon0"
Now, We will Scan the Area for Presence of WPA/WPA2 encrypted Networks. Before we Scan for WPA/WPA2 Networks, There is something I want to make a note of here.
NOTE:
WPA/WPA2 stands for Wireless Protected Access. WPA is a notch up in Security when compared to WEP which was cracked in 2000. WPA/WPA2 uses Two types of Authentication Methods
TKIP - Temporal Key Integrity Protocol.
TKIP uses a Ever Changing Key which makes it Usesless to Crack.
PSK - Pre Shared Key.
PSK uses a Key Defined by the Network Administrator. Hence, The Key remains the same. Unless the Administrator decides to change it.
Neck of it all, It is useless to crack a TKIP Authenticated WPA/WPA2. This Tutorial will only help you crack PSK Authenticated WPA/WPA2.
Now, We have taken care of What Our Target Should look like. So, We'll go ahead and Scan the Area.
The Command is
Code:
airodump-ng --encrypt wpa mon0
Once, You Press Enter, You will see a Similar Screen.
![[Image: scanimage-1.png]](http://i1216.photobucket.com/albums/dd365/sindhsyber/scanimage-1.png)
What you are Seeing is A List of All the WPA/WPA2 Encrypted WIFI Networks around you. There are some details in there too. Here's a simple explanation of a few of them
BSSID = MAC Address of the slave (Most Important)
PWR = Signal Strength
CH = Channel Number
ENC = Encryption Type
ESSID= Name of Target's Network
#Data = Amount of IVS Collected (Most Important)
#/s = IVS Per Second
You Might just wanna copy the BSSID as it is going to be used a lot.
Our Target's Details
BSSID= 00:25:9C:EE:59:49
CH = 1
ESSID= {censored}
STATION= 00:17:C4:2C:8E:26
Since, In this case, We already have a Station connected to the Network. Lets Configure the airodump-ng command to focus Specifically on The Target Network.
The Command is Simply,
Code:
airodump-ng --channel 1 --bssid 00:25:9C:EE:59:49 --write wep --ivs mon0
Our Wireless Interface "mon0" will now capture Packets only from Channel 1 from a Specific BSSID and write all the data to a File called "wep.ivs".
![[Image: Screenshot-ScanStatus-1.png]](http://i1216.photobucket.com/albums/dd365/sindhsyber/Screenshot-ScanStatus-1.png)
So, Lets De-Authenticate the Client and Get the Handshake.
The Command is,
Code:
{If You wish to Target a Specific Client (-c)}
aireplay-ng --deauth 10 -a 00:25:9C:EE:59:49 -c 00:17:C4:2C:8E:26 mon0
{If You wish to make an Open-ended Attack. i.e. De-Authenticate all the Clients Associated with the AP.}
aireplay-ng --deauth 10 -a 00:25:9C:EE:59:49 mon0
NOTE: A Client Targeted De-Authentication Attack is more Successful than an Open-Ended Attack.
Deauth is Followed by "Attempt Counts" i.e 10 Attempts in my Case. You can make it "--deauth 100". "a" is simply the BSSID of the Target AP and "c" is the Client that is Associated with the AP and we wish to De-Authenticate this Client.
![[Image: deauth-1.png]](http://i1216.photobucket.com/albums/dd365/sindhsyber/deauth-1.png)
If You have Successfully, De-Authenticated the Client then You Should be able to see a "WPA Handshake" at the Top-Right Corner where You have the Targeted Airodump Running.
Here's What it Might Look Like.
![[Image: wpahandshake-1.png]](http://i1216.photobucket.com/albums/dd365/sindhsyber/wpahandshake-1.png)
