WiFi Hacking for Beginners: Wireless Networks

WiFi Hacking for Beginners: Wireless Networks
Content List
WiFi Hacking for Beginners: Learn Hacking by Hacking WiFi networks (Penetration testing, Hacking, Wireless Networks)

Setting up the lab

In this chapter, you will learn how to set up the lab for hacking. So, you may have an operating system like Windows, Linux, or Mac OS X, but for hacking, you need a specified operating system like Kali or Backtrack. These operating systems are created for hacking and penetration testing. They have supported almost all hacking programs. Good news, these operating systems are free. In this book, we are going to install and use Kali.

Both operating systems are Linux, but there are few differences. When we install Kali, there will be preinstalled programs that can be used for hacking. Maybe you think there is a problem that you must install a new operating system on your computer, but there are some programs that help you virtualize operation systems. There are two famous programs called "VirtualBox" and "VMware Workstation."

We are going to use VirtualBox because it is free and it has almost the same functions. VirtualBox is a free and open-source program that lets you virtualize operation systems like Windows, Linux, Mac OS X, and even your own operating systems. It supports almost all operating systems.

So, you don't even need to install Kali on your computer; you can install Kali in VirtualBox and then use it as a shared computer. First of all, download VirtualBox latest version and install it. Here is a link available:

WiFi Hacking for Beginners: Wireless Networks

virtualbox .org/wiki/Downloads

if you are using windows operation system, you should download for windows hosts binary release, if you are using Linux download for Linux operation system and if you are using Mac OS X download for it. We also need something called "Virtualbox Extention Pack" (you can find and download it from VirtualBox the download link), which lets us input USBs, wireless adapters, and many portable devices. First, install VirtualBox and then double-click extension pack and click install, installation is straightforward, so I am not going to explain it.

Once you have installed it, we need a Kali operation system to install on VirtualBox. But why lose time when you can download already installed Kali? There is a link to download Kali virtual images; then, you can open these virtual images on VirtualBox and start Kali. There are for VMware Workstation and for

You and VirtualBox must download for VirtualBox no matter what operating system you have. Once you have finished downloading, go to the Downloads folder and search Kali virtual image, the extension must be "ova," then double-click it and wait before the process ends.

If the image has successfully been installed, look for the settings button and click it. First of all, go to the system and correctly enter ram usage for the virtual machine (remember, your operating system needs at least two GB of ram). You will go to the system>processor and enter usage of the processor; also essential is to set up the network connection because, without that, you will not be able to do something with Kali.

To do this, go to the network and choose "Bridged Adapter" this means that the program will use your built-in wireless adapter. Now you are ready to start a virtual machine. Click "Start" and wait before the username prompt appears.

The default username is "root," and the default password is "toor," but for security, we are going to change it later. The screen should look like this:

WiFi Hacking for Beginners: Learn Hacking by Hacking WiFi networks (Penetration testing, Hacking, Wireless Networks)

On the left side should be a program called "terminal," click on it, and you will see that a black screen appears with the red prompt "[email protected]#." You may have a question like "what does root means?", the excellent root is an access type; to understand easily this is accessible when you have full access over the computer, you can do anything that your computer can do.

In windows, you may think that "Administrator" is the highest level access, but that is not so. The highest level of access is root. This is where we are going to run our commands. From the terminal, you can run programs quickly and do whatever you want.

Our system is may out of date, so run the command "apt-get update" to update the system and wait until a prompt appears. The apt-get is a program that lets us update the system and install programs easily (we will use it often later), so with the command "apt- get update," we are calling the apt-get program and telling it to update the system. Once you have updated the system, we need to change the password because it is the default, and anyone can access it.

To change password, open again terminal and run command "passwd," then it going to ask you old password, enter "toor" and click enter, and enter a new password (does not matter what it will be) and remember it. To power off the virtual machine correctly, click on the button to the up and right and then click on the power of sign. Now we set up everything and ready to learn how to hide our identity how to become untraceable.

Hide identify, become untraceable

The essential hacking thing is to be untraceable. To be able to hack something is nothing without hiding your identity. For example, imagine that you hacked someone's WiFi and did not hide your identity; in a few days, police will analyze the WiFi router, and there will be your computer information. Finally, they will find you and throw you into prison.

So an essential part of entire hacking to hide identity and make hack untraceable. In this chapter, you are going to learn about how to be anonymous, hide your identity, and how to become fully untraceable.

What is the mac address?

A MAC address (media access control address) is a unique identifier assigned to network interfaces for communications on the physical network segment. Every computer device has a different MAC address. The MAC address is built-in to every computer device when it is created. When the computer starts, the operating system reads from a hardware device.

When you are connected to the wireless network, it sends packets to you, and then your computer converts this information to websites, movies, images... Imagine that two computers are connected to the wireless network. The first computer wants the website google.com, and the second computer wants amazon.com; the network sends packets to these computers, but how do these computers know what packets ignore and what packets to receive?

Computers identify packets to receive or ignore by MAC address; when the network is sending the packet to the computer, it also writes in the packet the MAC address of the computer it is sending. that is how wireless networks and computers are connecting each other. So, if you do not change your IP and hack someone's wireless network, you let them investigate your identity by analyzing network history.

How to hide MAC address?

You may think that how you can change the MAC address if the computer reads it from hardware? You are not going to make modifications to hardware; you are going to change RAM. When the computer starts, the MAC address loads in RAM, and we are going to change the already loaded MAC address... So, when you change your MAC address, police will find your fake MAC address, and they will not be able to trace the hacker. Now you have basic information about what MAC address is, the dangers of hacking without changing MAC address, how police can trace you, how we can change it.

Change MAC address by Kali.

Kali has already installed a program called "macchanger," which lets us change loaded MAC address in RAM. Open VirtualBox, start kali virtual machine, and open terminal. We need to stop our wireless card from changing the MAC address. Type in "ifconfig wlan0 down".

The config is a program, wlan0 is our wireless card, and the down is action what we want to do. This command will stop every wireless service, and it is necessary to stop the network card before changing the MAC address. Then type in the following command "macchanger --help."This command tells Kali to call macchanger and show help. There are program usage instructions.

In my case, I will use a random MAC address by entering "macchanger –random wlan0" .macchanger is the program name –a random is an option, and wlan0 is a wireless card. If everything is correct, the screen should look like this:

It shows you what was the permanent (built-in in network card) MAC address and its corporation in brackets, and down it shows that there is a new MAC address that does not have a corporation.

So, now we changed the mac address, and we need to hack into anyone's network. But you are not ready for that now, because you do not know what monitor mode is and how to use it. In the next chapter, you will learn what monitor mode is and how to use it with Kali.

Wireless modes

When you want to hack WiFi, you need to capture a "handshake." The handshake connects the personal computer and wireless network; network packets and personal computer packets meet each other.

With a handshake, you do not need to be in the WiFi range anymore; you can hack passwords with a handshake and WiFi name (you will learn this later).

Now you need to capture all the packets sent through the WiFi router and all personal computers in the network.

There is a question like "if the MAC address is used to ensure that each packet gets delivered to the right place then how we capture it?" and the answer is that "Yes and no, it is used to send packets to the right destination, and we as hackers can only receive packets that are sent to our MAC address , but this only applies to the default mode of your wireless card, which is 'managed' mode, however there is mode that allows us to capture all the packets in our WiFi range, not only the ones sent to our device, hence the name monitor mode.". So, now you know the basics and actually ready to catch a handshake. First of all, change MAC address, enter monitor mode by typing in these commands on the photo:

You can see that finally when I checked wlan0 mode, it was monitor, as you can see on the image. So you are ready to capture handshake, then it is straightforward to hack wireless network by handshake and wordlist.

Catching handshake

Handshake packets are sent every time a client associates with the target AP. So to capture it, we are going to capture every packet that is sent. In this chapter, we are going to use a program called "airodump-ng." This program lets us sniff and capture the packets that are sent over the network. This program is also a preinstalled program. There are two-step steps to catch a handshake.

1.Start airodump-ng on the target AP (Access Point):

The syntax is something like this:

>airodump-ng --channel [channel] –bssid [bssid] –write [file-name]

 [interface] Ex: >airodump-ng –channel 6 –bssid 11:22:33:44:55:66 --write out wlan0mon

2.Wait for a client to connect to the access point or deauthenticate a connected client (if any) so that their system will connect back automatically.

The syntax is something like this:

>aireplay-ng --death [number of death packets] –a [AP] –c [target]

 [interfac] Ex: >aireplay-ng –death 1000 –a 11:22:33:44:55:66 –c 00:AA:11:22:33 mon0

If the handshake is caught, kali will inform you by the top right corner of airodump-ng will say "WPA handshake."

Follow these steps, and when you will catch a handshake, your screen should like this:

When you catch a handshake, you are ready actually to crack the password.

Cracking any wireless network

Now you have a handshake, and you need to download the largest wordlist in the world to have a chance to hack passwords. You can download this wordlist from the following website:

hackreports .com/2013/05/biggest-password-cracking- wordlist-with.html

second link:

when you download one of them, you are ready to hack the network. We are going to use aircrack-ng to crack the key. By combining each password in the wordlist with access point name (SSID) to compute a Pairwise Master Key (PMK) using the pbkdf2 algorithm, the PMK is compared to the handshake file. The syntax looks like this:

>aircrack-ng [handshake filename] –w [wordlist] [interface]

Ex: >aircrack-ng is-01.cap –w list wlan0mon

Run this syntax and wait before aircraft-ng cracks it. When the password is hacked, the screen should look like this:

Congratulations!!! You already hacked the WPA-secured wireless network!!! It is time to secure our wireless network because, as you know, it is straightforward to hack, and if someone does, he can then capture packets that are sent over the network and analyze them.

There will be your mail password, your social network password, card pin, and so on. It is very dangerous to do not have a secure wireless network. Next chapter, you will learn how to secure your network and become almost unhackable.

Securing Your Network From The Above Attacks

Now that we know how to test the security of all known wireless encryptions (WEP/WPA/WPA2), it is relatively easy to secure our networks against these attacks as we know all the weaknesses that can be used by hackers to crack these encryptions.

So let's have a look at each of these encryptions one by one:

1. WEP: WEP is old encryption, and it's fragile; as we saw in the course, several methods can be used to crack this encryption regardless of the strength of the password and even if there is nobody connected to the network.

These attacks are possible because of the way WEP works; we discussed WEP's weakness and how it can crack it, some of these methods even allow you to crack the key in a few minutes.

2. WPA/WPA2: WPA and WPA2 are very similar, the only difference between them is the algorithm used to encrypt the information, but both encryptions work in the same way. WPA/WPA2 can be cracked in two ways

1. If the WPS feature is enabled, then there is a high chance of obtaining the key regardless of its complexity; this can be done by exploiting a weakness in the WPS feature.

WPS is used to allow users to connect to their wireless network without entering the key; this is done by pressing a WPS button on both the router and the device that they want to connect; the authentication works using an eight-digit pin; hackers can brute force this pin in a relatively short time (in an average of 10 hours), once they get the right pin they can use a tool called reaver to reverse engineer the pin and get the key, this is all possible because the WPS feature uses an easy pin (only 8 characters and only contains digits), so its not a weakness in WPA/WPA2, its a weakness in a feature that can be enabled on routers that use WPA/WPA2 which can be exploited to get the actual WPA/WPA2 key.

2. If WPS is not enabled, then the only way to crack WPA/WPA2 is using a dictionary attack; in this attack, a list of passwords (dictionary) is compared against a file (handshake file) to check if any of the passwords are

the actual key for the network, so if the password does not exist in the wordlist, then the attacker will not find the password.


1. Do not use WEP encryption, as we saw how easy it is to crack it regardless of the password's complexity and even if there is nobody connected to the network.

2. Use WPA2 with a complex password; make sure the password contains small letters, capital letters, symbols, and numbers and;

3. Ensure that the WPS feature is disabled as it can be used to crack your complex WPA2 key by brute-forcing the easy WPS pin.

The Most Powerful Hidden Spying App to Monitor Android , IOS Cell Phone & Tablet Device Remotely. Best Android Parental Control App for Kids & Teens Online Safety.

Now take the liberty to monitor Android , IOS devices with exclusive features better than ever before

Monitor all Voice & Text Messages Communication Record, Listen & Watch Surroundings in Real-time Unleash Digital Parenting with Android , IOS Spy App Spy360 (Surround Listing & Front/Back Camera Bugging) IM’s VoIP call recording on Android OS 10 & above With 250+ Surveillance Tools at your fingertips using Android Tracking & Parental Monitoring Software.