The title suggests that the task was not very easy and I am happy to share what I just have learned the past 3 days. This tutorial is for educational purposes only and hacking someone else's wifi network is illegal.
The equipment I used was my Gole 1 mini PC, This tiny pc has a wifi card that supports network monitoring mode. I was able to discover this feature by running cmd as admin, then typing "netsh wlan show all" and I looked for the section "Wireless Device Capabilities" and the following screenshot shows it:
The software I used are the following:
- Windows 10
- Commview(trial version) for Wifi
- Aircrack-ng gui
- Wordlist text file
This is my first time to check if my password is hackable so it took me a few days to research how to carry out the task. My main source of information is youtube, there are quite a few tutorials there but often the information they shared was not the same as my scenario. I have no wireless usb adapter that is supported by kali linux, that's why I thought this task is quite impossible to do but with my endless perseverance and patience, I made it.
Commview for Wifi is a network packet sniffer similar to wireshark but the difference is Commview is created to capture network packets even if the device is not connected to that network. It means, it just keeps on receiving information from wireless routers as long as those wifi routers are within the reception range of my wifi card. There are so many tutorials on the web on how to use commview which I recommend(I will not discuss here anymore) but were not complete. The information missing common to all those tutorials I watched on youtube was the type of packets that needs to be captured by the software which are the following: Management Frame, Beacon Frame, Deauthentication frame and Authentication Frame. These 4 frames are created when a device requests to connect to the router. It is also called the famous 4 way handshake. The captured packets must be saved as .cap file. Just remember that while commview is running, the wifi adapter will enter into monitor mode which means the computer can not connect to the internet.
Aircrack-ng gui is the software I used to attack my router using bruteforce method. And to enable me to do it, I would need millions of random words(wordlist text file). But since I am just attacking my own router, I only used a few words which already included my wifi password. Aircrack-ng suite is also very popular among kali linux users because it is free. The linux version has a software that would force a device to be disconnected to the router just to make the device to reconnect and as I mentioned earlier this reconnecting event will trigger the 4 way handshake. Kali linux users does not need to use commview anymore, I think those features are also available in the windows version but because due to lack of documentation and still very few windows users are familiar with Aircrak-ng software suite, I am not able to take advantage of those features.
And here is the result:
Conclusion: The password can be hacked if I used only common words, but the file I used which contained 1.1m words does not contain my password. This does not end here, hackers are very clever, they have a system that collects passwords used by real people and they used social engineering techniques which are also machine learning models to collect profiles and typical habits of their targets. To avoid getting hacked I should not follow certain patterns and develop regular habits which would give hackers clues.
No comments:
Post a Comment