Skip to main content

Most Viewed Post

Wireless Hacking : How To Hack WPS Wi-Fi Netwoks

Wireless Hacking : How To Hack WPS Wi-Fi Netwoks

Hello, devils! Today I'm going to introduce you to a network security feature of Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II
(WPA2) networks named Wi-Fi Protected Setup (WPS).The WPS was released as an additional security measure for WPA/WPA2 routers. WPA and WPA2 were security protocols which were far more secure than the former protocol, Wired Equivalent Privacy (WEP). It was found that the Pre-Shared Key (PSK) or simply,  password of WEP could be cracked very easily. Therefore, in 2003, WPA/WPA2 Wi-Fi security protocols were released. The WPS has a PIN feature to connect network devies to the Access Points. Later, it was found to have a major security bug which allowed hackers to crack the PIN and with the PIN, attackers could have access to the WPA-PSK/WPA2-PSK (Password). In this post, I'm going to teach you how to crack WPS of a router.

Make sure you are equipped with the following things:
  • A GNU/Linux based system with aircrack-ng, wash and reaver. 
  • A Linux compatible wireless adapter supporting monitor mode and packet injection.

NOTE : This article is intended for educational purposes only. Hacking someone's Wi-Fi without his/her permission is a crime. I'll not be responsible for anything the reader does. 

Let's begin!

Step 1 :

Open a Terminal window and set your Wireless adapter from managed mode to monitor mode.

:~# airmon-ng start wlan0





Here, wlan0 is the interface of your Wi-Fi card. It can be different in your computer. To check the interface of your card, type:

:~# ifconfig





Step 2 :

Now, your wireless adapter has been set to monitor mode.
To check the interface now, type the above command again:

:~# ifconfig




Now you can see that my wireless interface has been changed from wlan0 to wlan0mon (monitor mode).


Step 3 : 

Let's scan all the networks around us. The 'airodump-ng' tool from aircrack-ng suite scans the networks in range and displays on the screen. It not only shows us the Wi-Fi name but also it's MAC address, power, beacons, channel, encryption method, manufacturer and much more.
Let's have a look at the command syntax and it's options.

:~# airodump-ng 





These are the operations which we can perform using the airodump-ng tool. The real power of the aircrack-ng suite is far beyond this tutorial.

Let's dump the network traffic on the screen :
:~# airodump-ng wlan0mon




Wait until the desired network gets displayed on the screen. Then press Ctrl+C to stop the scanning process.

Here, the network I'm going to hack is named JUST_CHECKING (Obviously mine. I'm not a criminal).
Let me tell you the meanings of the important column headings.

BSSID - The MAC Address of the router.
PWR - The power of signal. (Signal strength)
#Data - The data packets airodump-ng dumps
CH - Channel
ENC - Encryption method
ESSID - Name of the Wi-Fi network

For WPS hacking, we just need BSSID and Channel of the network. Copy and paste them in a text file.

Step 4 :

Time to check whether the target network can be cracked for WPS PIN. This can be done using the 'wash' tool.
wash checks if WPS is locked on the router.
Enter the command :

:~# wash -i wlan0mon

-i switch is used to set the wireless interface to use.




Now look at our target network in the above window. The WPS Locked column says 'No'. It means that the WPS is not locked on the router and we can continue with the attack. Only the routers with unlocked WPS are vulnerable to the attack.
Now, as we know that we can go further, let's open another Terminal window and proceed with our bad boy, reaver.

Reaver is a WPS attack tool developed by Tactical Network Solutions. Type the following command :

:~# reaver -i wlan0mon -b BSSID -c CH -vv

Here, replace BSSID with the Mac address and CH with the Channel copied in the text file.
-vv means very verbose output. For more options, you can always type : 

:~# reaver --help

Now let the beast work. Grab a Marlboro light and watch him work for you.

Here's what reaver looks like while working :




After the job's done, reaver displays the Wi-Fi name with WPS PIN and password.



Cheers! The WPS PIN is 18381683 and the password is 'motherfuckerjones'.

If you have any doubt related to the cracking session, please feel free to ask in the comment section below.
Also, don't forget to like us on Facebook to stay updated with the future tutorials and articles.

Thank you. 

:~# shutdown -h now

Comments

Popular posts from this blog

Post Empty Status Update (Facebook)

Whenever we open Facebook, the first thing it asks is - " What's on your mind? ". You can type anything there and share it with your friends and family. Guess what will be the reaction on your friends if you post an empty status update ...... Cool! Ain't it? See full post to know the way to do it.

How To Create Strong Password

My last post taught you about making your PC say something. This post is gonna teach you creating strong passwords. Password is a secret word or phrase that must be used to gain admission to something... It allows you gain access to a computer, interface or a system. As pentesting is one of my interests, it's my daily work to crack passwords and make my system more secure. We, network security administrators know the methods to crack weak passwords easily and trust me, even a noob or script kiddie can crack them just by using some tools. A lot of noobs try social engineering too to gain access to your important stuff. If you have a strong password, it's difficult for people to guess it and hence, your account remains safe and secure.

Detecting the Operating System manually through open ports

It's Friday evening. You got no plans for the weekend and you're sitting at your machine with a cup containing caffeine by your side. You hate that motherfucker in your class who gets everyone's attention as he always pretends being a hacker by using the phishing method to store and change people's Facebook's passwords. He hacked the college Wi-Fi without having any skills. You know he's just a script kiddie. Time to check what he really is!