Hello, devils! Today I'm going to introduce you to a network security feature of Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II
(WPA2) networks named Wi-Fi Protected Setup (WPS).The WPS was released as an additional security measure for WPA/WPA2 routers. WPA and WPA2 were security protocols which were far more secure than the former protocol, Wired Equivalent Privacy (WEP). It was found that the Pre-Shared Key (PSK) or simply, password of WEP could be cracked very easily. Therefore, in 2003, WPA/WPA2 Wi-Fi security protocols were released. The WPS has a PIN feature to connect network devies to the Access Points. Later, it was found to have a major security bug which allowed hackers to crack the PIN and with the PIN, attackers could have access to the WPA-PSK/WPA2-PSK (Password). In this post, I'm going to teach you how to crack WPS of a router.
Make sure you are equipped with the following things:
NOTE : This article is intended for educational purposes only. Hacking someone's Wi-Fi without his/her permission is a crime. I'll not be responsible for anything the reader does.
Let's begin!
Step 1 :
Open a Terminal window and set your Wireless adapter from managed mode to monitor mode.
:~# airmon-ng start wlan0
Here, wlan0 is the interface of your Wi-Fi card. It can be different in your computer. To check the interface of your card, type:
:~# ifconfig
Step 2 :
Now, your wireless adapter has been set to monitor mode.
To check the interface now, type the above command again:
:~# ifconfig
Now you can see that my wireless interface has been changed from wlan0 to wlan0mon (monitor mode).
(WPA2) networks named Wi-Fi Protected Setup (WPS).The WPS was released as an additional security measure for WPA/WPA2 routers. WPA and WPA2 were security protocols which were far more secure than the former protocol, Wired Equivalent Privacy (WEP). It was found that the Pre-Shared Key (PSK) or simply, password of WEP could be cracked very easily. Therefore, in 2003, WPA/WPA2 Wi-Fi security protocols were released. The WPS has a PIN feature to connect network devies to the Access Points. Later, it was found to have a major security bug which allowed hackers to crack the PIN and with the PIN, attackers could have access to the WPA-PSK/WPA2-PSK (Password). In this post, I'm going to teach you how to crack WPS of a router.
Make sure you are equipped with the following things:
- A GNU/Linux based system with aircrack-ng, wash and reaver.
- A Linux compatible wireless adapter supporting monitor mode and packet injection.
NOTE : This article is intended for educational purposes only. Hacking someone's Wi-Fi without his/her permission is a crime. I'll not be responsible for anything the reader does.
Let's begin!
Step 1 :
Open a Terminal window and set your Wireless adapter from managed mode to monitor mode.
:~# airmon-ng start wlan0
Here, wlan0 is the interface of your Wi-Fi card. It can be different in your computer. To check the interface of your card, type:
:~# ifconfig
Step 2 :
Now, your wireless adapter has been set to monitor mode.
To check the interface now, type the above command again:
:~# ifconfig
Now you can see that my wireless interface has been changed from wlan0 to wlan0mon (monitor mode).
Step 3 :
Let's scan all the networks around us. The 'airodump-ng' tool from aircrack-ng suite scans the networks in range and displays on the screen. It not only shows us the Wi-Fi name but also it's MAC address, power, beacons, channel, encryption method, manufacturer and much more.
Let's have a look at the command syntax and it's options.
:~# airodump-ng
These are the operations which we can perform using the airodump-ng tool. The real power of the aircrack-ng suite is far beyond this tutorial.
Let's dump the network traffic on the screen :
:~# airodump-ng wlan0mon
Wait until the desired network gets displayed on the screen. Then press Ctrl+C to stop the scanning process.
Here, the network I'm going to hack is named JUST_CHECKING (Obviously mine. I'm not a criminal).
Let me tell you the meanings of the important column headings.
BSSID - The MAC Address of the router.
PWR - The power of signal. (Signal strength)
#Data - The data packets airodump-ng dumps
CH - Channel
ENC - Encryption method
ESSID - Name of the Wi-Fi network
For WPS hacking, we just need BSSID and Channel of the network. Copy and paste them in a text file.
Step 4 :
Time to check whether the target network can be cracked for WPS PIN. This can be done using the 'wash' tool.
wash checks if WPS is locked on the router.
Enter the command :
:~# wash -i wlan0mon
-i switch is used to set the wireless interface to use.
Now look at our target network in the above window. The WPS Locked column says 'No'. It means that the WPS is not locked on the router and we can continue with the attack. Only the routers with unlocked WPS are vulnerable to the attack.
Now, as we know that we can go further, let's open another Terminal window and proceed with our bad boy, reaver.
Reaver is a WPS attack tool developed by Tactical Network Solutions. Type the following command :
:~# reaver -i wlan0mon -b BSSID -c CH -vv
Here, replace BSSID with the Mac address and CH with the Channel copied in the text file.
-vv means very verbose output. For more options, you can always type :
:~# reaver --help
Now let the beast work. Grab a Marlboro light and watch him work for you.
Here's what reaver looks like while working :
After the job's done, reaver displays the Wi-Fi name with WPS PIN and password.
Cheers! The WPS PIN is 18381683 and the password is 'motherfuckerjones'.
If you have any doubt related to the cracking session, please feel free to ask in the comment section below.
Also, don't forget to like us on Facebook to stay updated with the future tutorials and articles.
Thank you.
:~# shutdown -h now
Comments
Post a Comment