Hack WiFi using WifiSlax 4.11 in Mac OS X and Windows By utilizing a Bootable USB, we can boot WifiSlax on both Mac or Windows PC. At for Mac, after press, the Power catch, simply continue holding the Option key to go to the Boot menu Turn Off the Laptop, plug the USB into, then boot into the USB. Hacking Wi-Fi in Aircrack-ng with Crunch-generated passwords on the fly Crunch is a dictionary generator with passwords in which you can define a standard or specified encoding. Crunch can create a list of words with all sorts of combinations and permutations in accordance with specified criteria. If you want to hack a WEP Wi-Fi, then you can easily crack its password from your computer, laptop and windows pc, or Kali Linux. Aircrack-ng must have heard the name of this software itself, and it is available for both Windows + Linux only. If you use a windows pc, with the help of this software you can easily crack the password of any WEP wifi. For Aircrack they normally refer to the network you're attacking. BSSID: An access point MAC (hardware) address; WPA2-PSK: Wifi networks that you connect to by providing a password that's the same for everyone; WPA2-EAP: Wifi networks that you authenticate to by providing a username and password, which is sent to a RADIUS server. Aircrack Wifi Hack free download - Wifi Hacker, CommView for WiFi, WiFi Hotspot, and many more programs.
Yesterday, my friend Victor wanted to crack a wifi network (his, of course) using his MacBook Pro.
I told him to use the excellent VirtualBox images of Kali Linux from Offensive Security and aircrack-ng.
I had just forgotten that:
- Using advanced wireless features is impossible from a virtual machine
- Even if he used Kali Linux with a dual boot, installing the wireless drivers to make it work with the airport card is tiresome.
- Most (not
airmon-ng
) aircrack-ng tools can be installed on macOS with MacPorts, butairodump-ng
andaireplay-ng
crash.
So PLEASE, if you want to do other advanced networking things than network sniffing or what is described in this article, do yourself a favour and buy an USB adapter to use with the virtual machine.
There is a list on the website of aircrack-ng
, and I think the Alfa AWUS051NH v2 is great.Some people say it is expensive, but last time I checked on Google Shopping, it cost less than half an Apple mouse.
There are 3 steps:
- Identify the target acces point: name (= BSSID), MAC address (= SSID) and channel (~ radio frequency)
- Sniff the channel in monitor mode to retrieve:
- a beacon (easy)
- a handshake (= four-way handshake), or some frames of it (hard)
- Crack the password using the dump
What makes the retrieval of the handshake hard is that it appears only when somebody connects to the access point.
The good news is that you can deauthentificate people from the wifi network - it's called wifi jamming and it's useful to impress a girl and piss off people at Starbucks.When they reconnect, they re-send the handshake. That adds a Deauth step.
'Install'
Scan
It saves the .cap
capture file and displays the path.
If you don't have the beacon or the handshake, it will fail accordingly.
For wordlists, see below.
As I said, aireplay-ng
doesn't work on a MacBook Pro.The catch is that aireplay-ng
can do a lot of other things besides deauth attacks.
You might read that airport cards do not support packet injection, but packet injections are for WEP attacks and nobody uses WEP anymore. We only want to send some deauthentification frames.
Use JamWiFi. A ready-to-use application is provided there.
In fact, you can indentify the target with it too, and it has a really nice GUI.
Once you have selected the access point, you can deauth one or multiple users. Stop after about 50 'Deauths', or else the persons might have trouble to reconnect during several minutes.
It might not work it you are too far from the target as your airport card is far less powerful than the router.
Using airport
presents some issues. You cannot know if you got the beacon and the handshake until you stop the capture and try with aircrack-ng
.
You capture a lot of unuseful packets too.
Using tcpdump
is more efficient.
When you launch those lines, the first tcpdump
easily captures a beacon and the second waits for the handshake.
Use JamWiFi to deauth some users, and when tcpdump
shows you it got 4 frames or more, Ctrl-C. It appears you can use less that 4 frames, but it depends on the frames you got (for instance 1,2 or 2,3 are sufficient). Anyway you should normally get at least 4. If nothing shows, try to deauth another user.
Now you have everything in capture.cap
. You can also run aircrack-ng
on it.
Like aireplay-ng
, aircrack-ng
offers so many features that it cannot be the best in everything.
We can really speed up the process by using hashcat.
Install with brew
Convert with cap2hccapx
hashcat
doesn't take cap files, only hccapx files.
Just install hashcat-utils and use cap2hccapx
Alternatively, use this online tool.
Crack
This page provides some examples.
To use with a dictionnary:
You have a lot of other options, like brute force:
Refer to the documentation fot more patterns.
Speed
hashcat
works on the GPU.
On my MacBook Pro, it yields a performance of 5kH/s: it tests 5000 passwords in a second.
On a Tesla K20m, the speed is 75kH/s. I managed to crack the 5 last lowercase letters of a wifi password in about 1 minute (26**5 // 75000 = 158 seconds to test them all).
We can see here that a GTX 1080 breaks 400kH/s.
I recommend:
For more efficiency, target the networks with silly names (good examples are 'mozart', 'I love cats', 'Harry and Sally'), and avoid the ones called 'National Security Agency', 'sysadmin' and 'sup3r h4x0r'.
To find a password, you have to be lucky and have a good idea of its shape.
A lot of default wifi passwords are composed of 8 or 10 hexadecimal digits.
In average (worst case divided by 2) and according to the above benchmark, with a GTX 1080:
- 8 hexadecimal characters take 90 minutes.
- 10 hexadecimal characters take 16 days.
- 12 hexadecimal characters take 11 years.
If you only want free wifi, just do MAC spoofing on a hotspot that uses web login.
Step By Step Hack WPA/WPA2 Wi Fi Passwords Using Aircrack Ng
In this tutorial I will tell you how to crack wpa/wpa2 wi-fi in kali linux using aircrack-ng. To do this, first you should install kalinux or you can use live kali linux.
To crack Wi-Fi, first, you need a computer with kali linux and a wireless card which supports monitor/injection mode. If your wireless card is not able to do this, you need to get an external wireless card which is capable of monitor/injection mode.
Apart from these tools, you need to have a word-list to crack the password from the captured packets.
First you need to understand how Wi-Fi works. Wi-Fi transmits signal in the form of packets in air so we need to capture all the packets in air so we use airodump to dump all the packets in air .After that we should see that if any one is connected to the victim Wi-Fi. If anyone is not connected the Wi-Fi, cracking is not possible as we need a wpa handshake. We can capture handshake by sending deauthentication packets to client connected to Wi-Fi. Aircrack cracks the password.
Step-1:-
First open terminal. We need to know the name of the wireless adapter connected to the computer because computer has many adapters connected.
command for this is : iwconfig
In my case, my wireless adapter is with the name wlan0. In your case, it may be different. If connected to an external wireless card, it may be wlan1or2.
Step-2:-
For some wireless cards, it gives error messages to enable monitor mode on wireless cards. For that, you should use airmon-ng check kill.
Step-3:-
In this step, you need to enable the monitor mode on the wireless card. The command is as follows:
airmon-ng start wlan0 (interface of wireless card).
Now this command will enable the monitor mode on the wifi card. So while using interface in any terminal or command line use wlan0mon.
Note : You should use the interface which is indicated with red mark.
Step-4:-
We need to use the command airodump-ng wlan0mon, this will display all the access points in your surroundings and also the clients connected to that access points.
Now this command captures the packets in the air. This will gather data from the wireless packets in the air.
Note : Do not close this terminal. This will be used to know wpa has been captured or not.
Hack Wifi Using Aircrack-ng Mac
Step-5:-
In this step we will add some parameters to airodump-ng.
command is : airodump-ng -c channel –bssid [bssid of wifi] -w [path to write the data of packets] wlan0mon[interface].
Hack Wifi Aircrack Mac Os
- bssid − in my case bssid is indicated with red mark.
- c − channel is the channel of victim wifi in my case it is 10(see in previous screenshot for channel number).
- w − It is used to write the captured data to a specified path in my case it is ‘/root/Desktop/hack'
Interface in my case is wlan0mon.
- Identify the target acces point: name (= BSSID), MAC address (= SSID) and channel (~ radio frequency)
- Sniff the channel in monitor mode to retrieve:
- a beacon (easy)
- a handshake (= four-way handshake), or some frames of it (hard)
- Crack the password using the dump
What makes the retrieval of the handshake hard is that it appears only when somebody connects to the access point.
The good news is that you can deauthentificate people from the wifi network - it's called wifi jamming and it's useful to impress a girl and piss off people at Starbucks.When they reconnect, they re-send the handshake. That adds a Deauth step.
'Install'
Scan
It saves the .cap
capture file and displays the path.
If you don't have the beacon or the handshake, it will fail accordingly.
For wordlists, see below.
As I said, aireplay-ng
doesn't work on a MacBook Pro.The catch is that aireplay-ng
can do a lot of other things besides deauth attacks.
You might read that airport cards do not support packet injection, but packet injections are for WEP attacks and nobody uses WEP anymore. We only want to send some deauthentification frames.
Use JamWiFi. A ready-to-use application is provided there.
In fact, you can indentify the target with it too, and it has a really nice GUI.
Once you have selected the access point, you can deauth one or multiple users. Stop after about 50 'Deauths', or else the persons might have trouble to reconnect during several minutes.
It might not work it you are too far from the target as your airport card is far less powerful than the router.
Using airport
presents some issues. You cannot know if you got the beacon and the handshake until you stop the capture and try with aircrack-ng
.
You capture a lot of unuseful packets too.
Using tcpdump
is more efficient.
When you launch those lines, the first tcpdump
easily captures a beacon and the second waits for the handshake.
Use JamWiFi to deauth some users, and when tcpdump
shows you it got 4 frames or more, Ctrl-C. It appears you can use less that 4 frames, but it depends on the frames you got (for instance 1,2 or 2,3 are sufficient). Anyway you should normally get at least 4. If nothing shows, try to deauth another user.
Now you have everything in capture.cap
. You can also run aircrack-ng
on it.
Like aireplay-ng
, aircrack-ng
offers so many features that it cannot be the best in everything.
We can really speed up the process by using hashcat.
Install with brew
Convert with cap2hccapx
hashcat
doesn't take cap files, only hccapx files.
Just install hashcat-utils and use cap2hccapx
Alternatively, use this online tool.
Crack
This page provides some examples.
To use with a dictionnary:
You have a lot of other options, like brute force:
Refer to the documentation fot more patterns.
Speed
hashcat
works on the GPU.
On my MacBook Pro, it yields a performance of 5kH/s: it tests 5000 passwords in a second.
On a Tesla K20m, the speed is 75kH/s. I managed to crack the 5 last lowercase letters of a wifi password in about 1 minute (26**5 // 75000 = 158 seconds to test them all).
We can see here that a GTX 1080 breaks 400kH/s.
I recommend:
For more efficiency, target the networks with silly names (good examples are 'mozart', 'I love cats', 'Harry and Sally'), and avoid the ones called 'National Security Agency', 'sysadmin' and 'sup3r h4x0r'.
To find a password, you have to be lucky and have a good idea of its shape.
A lot of default wifi passwords are composed of 8 or 10 hexadecimal digits.
In average (worst case divided by 2) and according to the above benchmark, with a GTX 1080:
- 8 hexadecimal characters take 90 minutes.
- 10 hexadecimal characters take 16 days.
- 12 hexadecimal characters take 11 years.
If you only want free wifi, just do MAC spoofing on a hotspot that uses web login.
Step By Step Hack WPA/WPA2 Wi Fi Passwords Using Aircrack Ng
In this tutorial I will tell you how to crack wpa/wpa2 wi-fi in kali linux using aircrack-ng. To do this, first you should install kalinux or you can use live kali linux.
To crack Wi-Fi, first, you need a computer with kali linux and a wireless card which supports monitor/injection mode. If your wireless card is not able to do this, you need to get an external wireless card which is capable of monitor/injection mode.
Apart from these tools, you need to have a word-list to crack the password from the captured packets.
First you need to understand how Wi-Fi works. Wi-Fi transmits signal in the form of packets in air so we need to capture all the packets in air so we use airodump to dump all the packets in air .After that we should see that if any one is connected to the victim Wi-Fi. If anyone is not connected the Wi-Fi, cracking is not possible as we need a wpa handshake. We can capture handshake by sending deauthentication packets to client connected to Wi-Fi. Aircrack cracks the password.
Step-1:-
First open terminal. We need to know the name of the wireless adapter connected to the computer because computer has many adapters connected.
command for this is : iwconfig
In my case, my wireless adapter is with the name wlan0. In your case, it may be different. If connected to an external wireless card, it may be wlan1or2.
Step-2:-
For some wireless cards, it gives error messages to enable monitor mode on wireless cards. For that, you should use airmon-ng check kill.
Step-3:-
In this step, you need to enable the monitor mode on the wireless card. The command is as follows:
airmon-ng start wlan0 (interface of wireless card).
Now this command will enable the monitor mode on the wifi card. So while using interface in any terminal or command line use wlan0mon.
Note : You should use the interface which is indicated with red mark.
Step-4:-
We need to use the command airodump-ng wlan0mon, this will display all the access points in your surroundings and also the clients connected to that access points.
Now this command captures the packets in the air. This will gather data from the wireless packets in the air.
Note : Do not close this terminal. This will be used to know wpa has been captured or not.
Hack Wifi Using Aircrack-ng Mac
Step-5:-
In this step we will add some parameters to airodump-ng.
command is : airodump-ng -c channel –bssid [bssid of wifi] -w [path to write the data of packets] wlan0mon[interface].
Hack Wifi Aircrack Mac Os
- bssid − in my case bssid is indicated with red mark.
- c − channel is the channel of victim wifi in my case it is 10(see in previous screenshot for channel number).
- w − It is used to write the captured data to a specified path in my case it is ‘/root/Desktop/hack'
Interface in my case is wlan0mon.
In the above command the path /root/Desktop/hack hack is the name of the file to be saved.
Above command displays this terminal.
Step-6:-
In this step we deauthenticate the connected clients to the Wi-Fi.
The command is aireplay-ng –deauth 10 -a [router bssid] interface
In the above command it is optional to give the client mac address it is given by
This will disconnects the client from access point.
Screen shot of a client connected to access point.
After this the client tries to connect to the Wi-Fi again. At that time, we will capture the packets which sends from client. From this result, we will get wpa handshake.
Step-7:-
Now we should start cracking the Wi-Fi with captured packets command for this is
path to word list in my case it is ‘/root/Desktop/wordlist.txt'
If you did not have word list, get one. If you want to generate your custom wordlist, you can visit our other post: How generate word list using crunch.
Now press enter aircrack will start cracking the Wi-Fi.