How to Crack a Wifi Password? [WEP, WPA, WPS]

by · September 18, 2014

Crack Wifi Password (WEP):

Wireless hotspots (commonly known as Wi-Fi) can be found everywhere! If you have a PC with a wireless network card, then you must have seen many networks around you. This is a comprehensive guide which will teach even complete beginners how to crack WEP encrypted networks, easily. Have you ever wanted to use one of these networks? You must have desperately wanted to check your mail when you shifted to your new house.

Table of Contents

  • How are wireless networks secured?
  • What you’ll need.
  • Setting up CommView for Wi-Fi.
  • Selecting the target network and capturing packets.
  • Waiting.
  • Now the interesting part. CRACKING!

Step 1: How Are Wireless Networks Secured?

In a secured wireless connection, internet data are sent in the form of encrypted packets. If you somehow manage to get hold of the key for a particular wireless network you virtually have access to the wireless internet connection.

WEP (Wired Equivalent Privacy)

This has become an unsafe option as it is vulnerable and can be cracked with relative ease.

Step 2: What You’ll Need

A compatible wireless adapter:
This ensures that the wireless card can go into monitor mode, which is essential for capturing packets. This is by far the biggest requirementThe wireless card of your computer has to be compatible with the software CommVIew.

CommView for Wi-Fi :
This software will be used to capture the packets from the desired network adapter. Click here to download this software for crack wifi password.



Aircrack-ng GUI:
After capturing the packets this software does the actual cracking. Click here to download this software.



Step 3: Setting Up CommView for Wi-Fi

CommView has now started scanning for wireless networks channel by channel.
Extract the file and run setup.exe to install the CommView for Wi-Fi.
When CommView opens for the first time it has a driver installation guide.
Download the zip file of CommView for Wi-Fi from the website. After a few minutes you will have a long list of wireless networks with their security type and signal.


Step 4: Selecting the Target Network and Capturing Packets

Once you have chosen your target network, select it and click Capture to start capturing packets from the desired channel. A few things to keep in mind before choosing the target wireless network: This tutorial is only for WEP encrypted networks, so make sure you select a network with WEP next to its name. To capture packets only from the desired network, follow the given steps.
  • Right click the desired network and click on the copy MAC Address.
  • Switch to the Rules tab on the top.
  • On the left hand side choose MAC Addresses.
  • Enable MAC Address rules.
  • For ‘Action’ select ‘capture’ and for ‘Add record’ select ‘both’.
  • Now paste the MAC address copied earlier in the box below.
  • We need to capture only data packets for cracking. So, select D on the bar at the top of the window and deselect M (Management packets) and C (Control packets).
Now you have to save the packets so that they can be cracked later. To do this step:
  • Go to the logging tab on top and enable auto saving.
  • Set Maximum Directory Size to 2000.
  • Set Average Log File Size to 20.

Step 5: Waiting

Now the boring part- WAITING! NOTE: The amount of time taken to capture enough data packets depends on the signal and the network usage.
Go to the log tab and click on concatenate logs.
  • Select all the logs that have been saved.
  • Do not close the CommView for Wi-Fi.
  • Now navigate to the folder where the concatenated logs have been saved.
  • Open the log file.
  • Select File-Export-Wire shark tcpdump format and choose any suitable destination.
  • This will save the logs with a .cap extension to that location.

Step 6: Now the Interesting Part.CRACKING!

  • Download Aircrack-ng and extract the zip file.
  • Open the folder and navigate to ‘bin’.
  • Run Aircrack-ng GUI.
  • Choose WEP.
  • Open your .cap file that you had saved earlier.
  • Click Launch.
  • In the command prompt type in the index number of your target wireless network.
  • Wait for a while. If everything goes fine, the wireless key will be shown.
In this case wait until more packets have been captured and repeat the steps to be performed after capturing packets.

Crack Wifi Password (WPA)

From this exploit, the WPA password can be recovered almost instantly in plain-text once the attack on the access point WPS is initiated, which normally takes 2-10 hours (depending on which program you use). This can be exploited to brute force the WPS PIN, and allow recovery of the WPA password in an incredibly short amount of time, as opposed to the standard attack on WPA.

This exploit defeats WPS via an intelligent brute force attack to the static WPS PIN.

WPA (Wi-Fi Protected Access)

Efficient cracking of the passphrase of such a network requires the use of a wordlist with the common passwords. If the only networks around you use WPA passwords, you’ll want to follow this guide on how to crack WPA Wi-Fi passwords instead. Hacking WEP passwords is relatively fast, so we’ll focus on how to crack them for this guide. Although this can also be cracked using a wordlist if the password is common, this is virtually un-crackable with a strong password. Variations include WPA-2 which is the most secure encryption alternative till date.
Requirements:
  • Linux OS
  • A router at home with WPS
  • The following programs installed (install by package name): aircrack-ng, 
  • pythonpycryptopp, python-scapy, libpcap-dev


Tools:
  • Reaver (support for all routers)
  • wpscrack (faster, but only support for major router brands)

Crack WPS

Text in bold is a terminal command. Follow the guide that corresponds to the tool that you chose to use below.
  • Reaver
Unzip Reaver.
unzip reaver-1.3.tar. gz
  • Change to the Reaver directory
cd reaver-1.3
  • Configure, compile and install the application
./configure && make && sudo make install
  • Scan for an access point to attack, and copy its MAC address for later (XX:XX:XX:XX:XX:XX)
sudo iwlist scan wlan0
  • Set your device into monitor mode
sudo airmon-ng start wlan0
  • Run the tool against an access point
reaveri mon0 -b <MA:CA:DD:RE:SS:XX> -vv
Now, wait till it’s reach at their finish point. This tool makes it too easy.

wpscrack.py

  • Make the program an executable
chmod +x wpscrack.py
  • Scan for an access point to attack, and copy its MAC address for later (XX:XX:XX:XX:XX:XX)
sudo iwlist scan wlan0
  • Get your MAC address, save it for later
ip link show wlan0 | awk ‘/ether/ {print $2}’
  • Set your device into monitor mode
sudo airmon-ng start wlan0
  • Attack your AP
wpscrack.pyiface mon0 –client <your MAC, because you’re attacking yourself, right?> –bssid <AP MAC address> —ssid <name of your AP> -v
Through this way, we can crack wifi password (WPA). 

Follow:

More