Learn Ethical Hacking Episode #27: Introduction to WiFi Cracking


If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!


Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
Certified Ethical Hacker Boot Camp for 2018!
The Complete Ethical Hacker Course: Beginner to Advanced!
Build an Advanced Keylogger for Ethical Hacking!

Hello everybody and welcome to this tutorial. Today, I will begin a chapter on wireless hacking.

So, first off, you need to know that there are different types of encryption. There is WEP, and whoever is still using WEP shouldn’t be on a wireless network. The WEP protocol is quite easy to crack, and it’s practically as if you are on an open WiFi network. However, if you’re using WPA or WPA2, that is another story. These two protocols are quite difficult to crack, especially if the passwords are complex. There are different methods for direct wireless hacking, and I would not recommend using them. There are some circumstances which are favorable to these sort of methods, however it is better to get the IP of the router, and then attack the router itself. Routers usually have far more vulnerabilities than WPA2 encryption.

However, since we are cracking wireless, I’m going to go ahead and type in ifconfig here, and you will notice that I don’t have a wireless interface here. Why is that? Well, even though I have a network integrated card, a wireless one, within my laptop, this is a virtual machine, and virtual machines do not support integrated network cards. They can only go through your host machine, and in such a way virtual machines are secure. So, you can install all sorts of programs on them, viruses, etc., and your host machine will be safe. However, we can use a USB wireless card, then you can set up a pass-through for your virtual machine, and in such a way be able to connect to a wireless network.

However, password cracking from a virtual machine is not a good idea. I mean, it’s a terrible idea. Especially using VirtualBox. Maybe if you were using Xen where you have 90-95% native performance, that would be great, but using VirtualBox for password cracking isn’t very effective. Let me show you why. If you go to devices, and I’m just going to go ahead and click on network settings and then I will get the menu for the other things. So, let’s just go ahead and click on general. Is it here? No, system, sorry. Look here at the base memory. This can be altered when the machine is off. You cannot change these settings here while the machine is turned on. First of all, it says that I have 2 gigs of RAM available for this particular virtual machine. Now, that’s great for day-to-day operations, especially for Linux which only requires 512 megabytes to run. However, if you want to brute-force a password, if you want to take that path, by generating huge password lists and trying to guess it, this is not a sufficient amount of memory. If we click on the processor you will see that the execution cap is 100%, but we only have a single core assigned to this virtual machine. It says here one CPU core in the upper bar, in the upper status bar, where it says processors. It’s gray at the moment because you can’t change the number of processors that a machine is using while it’s running. In any case, it only has one CPU assigned to it. I know it says 4 here, but I have an Intel i7 inside and the VirtualBox supports only 4 CPU cores for its machines. You shouldn’t need more than 4 for a virtual machine, unless you’re doing something that is strongly related to graphics. One CPU is perfect. You won’t need any more computing power.

Anyway, I’m going to go ahead and click OK here, and I want to show you that the resources of your virtual machine are simply not sufficient in order to support the brute force method. As I said, you can buy a wireless USB card for $20 or so, plug it in, pass through the ports, and it’s going to work, but it’s going to be terribly slow. You will need to run Linux as the primary operating system on your host machine. So, because my main machine is Fedora Linux, I have installed all the necessary tools on it. You can install the same tools on Fedora as you can on Kali, and I will be doing my pen-testing from here, from Fedora. Let me exit the virtual machine. However, if you are a Windows user, if you don’t have a native Linux system on your host machine, you will also be able to do this in Windows. I will only show you the installation process, I will not show an actual brute-force demonstration. But, the principles are the same. When you do it in Windows you have to use the GUI mode, and quite frankly for these sort of things I personally do not like to do them via a GUI. It’s far more effective to do them from the Linux terminal. Some of the tools that we will need I will mention them here, and feel free to read up on them a little bit on the net as you progress through the course, and then go through the videos as well. There’s a lot of extra information out there on the net, especially if you come accross any problems using the software. Also, feel free to post in the discussion section if something is not working. I will be more than happy to walk you through it.

So, just type in yum search. This is one of the tools that we will need, aircrack-ng, press enter, and it should find it shortly. There we go. Aircrack is in the default repositories of Fedora, and you will be able to find it there without any sort of problems. So, it says aircrack-ng.x86_64, this is a standard for wireless, and it says sniffer and WEP/WVP-PSK key cracker. We’re interested in this part, key cracker. Basically, you can install it anywhere, we can even install it on the virtual machine. We could capture the file on the virtual machine, and then transfer the file to the host machine to crack it. However, that is not what we wil be doing today. Let’s go ahead and install aircrack and I will teach you how to use it.

There a few more tools related to aircrack, but there is one more tool that we will use that employs a completely different method, it uses a completely different way of cracking wireless passwords, and we will mainly be covering the WPA and WPA2 password encryption methods. I will do a brief demonstration of how to crack WEP, but, I mean, chances of you encountering WEP in today’s world are practically non-existent. If you open up your cell phone, I don’t know if you’re using Android, or an Apple phone, or a Windows Phone, and whatever else is out there, just take a look at the wireless networks around you, and take a look at the encryption methods because they will be shown to you. You will almost never see WEP. If you ever do see it, it’s practically open Wi-Fi. WEP has been cracked, it takes a very short amount of time to break it. You don’t need to use any sophisticated methods, a child could crack it without any problems. Basically, just follow through the procedure, and that’s it.

Now, as I was saying, there is another method of doing this for WPA, and the name of the tool is Reaver. Reaver is not in Fedora’s default repository, so we will need to go through the installation process and find it on the net. But, basically, what Reaver does is guess the pins on your router. So, most routers these days have pin authentication. This enables you press a button and everybody around you can connect to that router. Basically, these things have been invented primarily for Windows users. Rarely, very rarely, will you find a Linux distro with support for pins. This method is highly insecure. I mean, that is really one of the downsides of wireless networks. If you’re using pin authentication, you should definitely disable it on your home routers as it enables malicious attackers to take your WiFi, get your IP address, and from there move on to more serious things. I will show you how to disable these things as well on one of my routers that I have here. I believe I have a tp-link router. I will plug it in later on and show you what it does.

As a part of the aircrack package you will get a few other programs which we will use. One program in the aircrack package enables you to perform a DoS attack on wireless networks around you. So, you will be able to deauthenticate whoever you want, whenever you want, as long as two conditions are met. The first condition is proximity, that you are close enough to the network, and the second condition is that you actually have to scan in monitor mode, with your network card, and figure out what is going on around you. You need the the MAC address of that access point, and the MAC address of the person you want to jam. This is not difficult to do, this is easy, as both MAC addresses are public information. All you need to do is listen for them. That is what monitor mode enables you to do. Network cards have multiple modes which they can operate in, but there are only two which are of interest to us. There is promiscuous mode where your card will receive all packets on the same network segment, whereas the normal mode will only accept packets addressed to your MAC address. Typically, your card will disregard encrypted information not addressed to it. However, if you put your network cards in to monitor mode, they will take all of this traffic, process it, and see what they can retrieve from it. Most of this information is encrypted, but some of it isn’t. MAC addresses can’t be encrypted. You can take it, and you can jam whoever you want. You can deny wireless access to pretty much everybody within the range using your laptop, no extra devices are needed. Of course, it is necessary that your network card supports monitor mode. There is a compatibility list on the net, I will show it to you in the follow-up tutorial.

For the time being, I just wanted to introduce you to the chapter, and to show you what we shall be doing. I would advise you perform a quick search of aircrack-ng on Google, or whatever your favorite search engine is. For Reaver as well. Read some additional information on these two software packages. I will show you how to install aircrack-ng and Reaver in the follow up tutorial. I will also show how to install aircrack-ng on Windows, and I will attempt Reaver as well. Reaver tends to break on Windows, and that can be problematic. I will show you how to install aircrack-ng. I’ll show you how to use it a bit, it’s not difficult, there’s a graphical interface. However, I restate once again, you should have a Linux host machine which you can use, to which you have access. These tools work much faster on Linux machines. They work much better, they’re faster, and quite frankly they are easier to install. Plus, you get a higher degree of anonymity. Anyway, I bid you all farewell, and I’ll see you in the follow up tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:


You can also enroll in the course and download the videos for offline viewing:


Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Leave a Reply

Your email address will not be published. Required fields are marked *