0x01 Preparation Tool
1.Kali Linux 2.0
2. Wireless Card (compatible with Kali or installed drivers)
3. Dictionary-Http://www.qqtn.com/down/80787.html#szdz
0x02 Method One: aircrack dictionary brute force hack
1. Enter terminal input: Airmon-ng View network card information
2. Enter in Terminal: Airmon-ng start Wlan0 (NIC name) to turn on NIC promiscuous mode
Then enter Iwconfig to see if the network card name becomes Wlan0mon (here My network card is wlan0, so is Wlan0mon, the discriminant method is the NIC name +mon)
3. Enter: Airodump-ng Wlan0mon (nic name +mon) starts scanning WiFi signal,
4. Open a new terminal, enter: Airodump-ng-w Test(Handshake package Save name) -C CH --bssid bssid Wlan0mon -- Ignore-negative-one
PS: Here The Bold font is the parameter value we need to change, the handshake package name can be arbitrary, CH (channel) and BSSID (MAC address) can be seen in the third step, Wlan0mon or NIC name +mon (turn on promiscuous mode will be like this)
Then executes, will enter a constantly refreshed interface (here will show the user under this router), station is the MAC address of the router, where the interface appears bssid refers to the user's MAC address of the local area network, and the third step of the LAN MAC address bssid different
5. Open a new terminal, enter:aireplay-ng--deaut -a capture package user MAC address -C router (WiFi) MAC address Wlan0mon --ignore-negative-one
Here we should note that the number after the--deaut parameter (which is written here is 20) refers to the number of capture packets, the capture will temporarily cause the user to seize the packet network interruption , so here we set the number of capture packets, in case forget to stop grabbing the packet caused the user network has been interrupted (this is a prank), Then the grab user mac address after the-a parameter is the BSSID mentioned in the fourth step (the MAC address of the user under the LAN), and the router MAC address after the-c parameter is the third step we get the Wifimac address , Wlan0mon is the name of the original NIC +mon
6. After the clutch is complete, we can view the generated handshake package in the terminal input LS
Because I previously entered the-w Test command, I generated the handshake package named Test-*.cap, and then we dragged the prepared dictionary into the same directory
Execute in Terminal:aircrack-ng-w dictionary name test-*.cap (Handshake package name)
And then wait for the completion of the hack, if the successful hack out of the WiFi password, the interface will appear key found!, if the failure is the opposite.
Summary: This method and dictionary test is not reliable, good character has great inevitable factors, in other words, if you do not have a strong dictionary, estimated in the current security situation, it is difficult to crack out a WiFi, because now the majority of users set WiFi password is the letter + number of such a combination, For example, last name + mobile phone number, name + birthday This type of password, crack difficulty greatly improved, of course, do not rule out some weak password Wi-Fi presence.
0x03 method two: Reaver crack pin Code
1. In terminal input:wash-i Wlan0mon (Turn on promiscuous mode wireless card name) Scan open wps WiFi, if not turn on NIC Promiscuous mode reference method Step two
2. Open a new terminal input:reaver-i Wlan0mon -b target WiFi mac -a-s-vv-c CH (channel) and wait for the break to complete
Some routing pins can be calculated by: Tengda and Lei ke products if the routing MAC address starts with "c8:3a:35" or "00:b0:0c", you can calculate the pin value directly.
Kali Linux wifi password hack