Is your home wireless router secure? Did anyone rub the net? Where is the vulnerability of the wireless router? So avoid rubbing the net?
To understand this, you must understand the principles of encryption and decoding.
- 1
The decryption of the WEP signal
This kind of encryption is very insecure, if your home router uses this encryption method, please replace it immediately.
The decryption of WEP encrypted wireless signals relies on two factors.
First, signal strength
Second, whether there are online clients
- 2
If the signal is strong, there are also clients online, through the WEP Hack tool, 10 minutes of things. This type of hack is done by grasping the packet, injecting, and then acquiring the password, as long as there is such a signal, 100% can be broken.
Tools for yourself, WIFITE,MINIDWEP.
Both of these tools are under Linux, but this is not the focus of the day and needs to be used flexibly according to the following tutorials.
- 3
Decrypt the WPA encrypted WiFi signal.
There are two kinds of WPA signals, one is early, no WPS function, the other is 2012 ago router, support WPS function, and QSS function.
Look at your home behind the router, whether there is a QSS tag, if there is, you should be careful.
- 4
WPA WiFi password cracking in two ways, one is the legendary grab bag, one is to run PIN code.
- 5
To hack the tool to use:
1, Linux environment (recommended to use Cdlinux, their own search, small, convenient, integrated tools and more)
2, external wireless network card
3. Empty U disk
- 6
There are several ways to crack: Although the method is different, but the process and procedure are consistent, so I first say the method, say the steps. (There are many more fierce methods, but all are command-line interface, frankly, there are graphical interface and can be used, I do not like to delve into the command-line interface method, even if those methods are good)
1, the Linux environment through the soft disk (UltraISO) to burn to a U disk (method on the Internet, lazy direct search keywords "How to use Soft disk (UltraISO) to make Ubunutkylin Startup Disk" This is also my experience, Replace the ISO file in the tutorial with the cdlinux ISO to write to the USB flash drive, and use the USB stick to boot the computer into the Linux environment to hack.
2. In a Windows environment, install a virtual machine and run the Linux environment from the virtual machine. Virtual machine installation and use, should not be a problem, and need, their own Baidu, or contact me.
3, install a Linux system (for a bit of Linux), such as BT Series, Kali, or the most common Ubuntu, and then install their own cracked tools, such as minidwep,wifite, pumps, bottles and so on.
END
- 1
Grasping the packet crack, theoretically speaking, is 100% can be cracked.
- 2
Let's talk about the principle of grasping the bag:
WiFi signal is encrypted, if you want to log on to the wireless router, it is necessary to send a request to the router, the request and the wireless router to establish a connection, this request is a package, called the handshake package, this package contains you send a password in the past, but this password is encrypted.
- 3
The success or absence of a catch-wrap hack depends on the following five areas:
1, signal strength;
2, whether there are clients online;
3, the machine is strong enough to run the package;
4. Is the dictionary useful?
5. Luck
- 4
Start to grab the bag, grab the bag tool using MINIDWEP Bar, this tool can grab the bag, also can run PIN.
After entering the Cdlinux environment, click MINIDWEP-GTK, the software will have a hint,
- 5
In this case, you need to attach the external network card inside the virtual machine, if you are using a USB stick to guide the system to crack, ignore this step:
Click "Virtual Machine"-"mobile device"-"your wireless Card"--"connection" at this time the wireless network card is only hanging in the virtual machine inside, in order to normal use.
When the software is turned on, the recognized network card is displayed in the upper left corner, click Scan, and start searching for nearby wireless signals.
- 6
After the scan, there will be a lot of signals, but not all the signals you have to crack, first select have cracked value.
1, the signal is limited (the lower the absolute value of the signal, the stronger, for example, 55 of the signal is the strongest.) )
2, have the client's priority
3, the priority of the 7x24 boot
- 7
Select a signal, then click "L Start"
The next step is to send a software attack command, forcing the client to come offline, re-connect, and then get a handshake packet.
At this point to see the number of packets caught, the more the probability of cracking the higher. If the other side is watching video, or download, anyway, there is network activity, then the likelihood of catching the bag is very high.
Bencons value If there is no significant increase within 10 minutes, you can give up.
Just a little bit, and I got a bag. 2
Click OK to explode.
- 8
At this time there are two options, one is in the virtual machine with MINIDWEP for blasting, the other is to grasp the hand bag copy out, to Windows with other powerful computer to crack, such as with EWSA. This software support graphics acceleration, will cost you to improve the speed of the crack, recommend this approach. But the premise is that you have a strong enough dictionary and good enough machines and good luck.
Click OK to select a dictionary to hack. Running the dictionary situation 2
- 9
Found the password, that's what it looks like.
This method depends on the strength of your patience and password dictionary, as well as the machine and character that runs the dictionary.
The advantage of this approach is that as long as the time is long enough to catch the bag, it will certainly be able to crack out.
The downside is that you need a strong password dictionary and strong hardware support.
In case of bad character, encounter a 15-digit password, then the headache. I hope you encounter a weak password.
END
- 1
Here is the play, run pin code hack wifi password. This method is faster than the above.
WPS (Wi-Fi Protected Setup) is the abbreviation for Wi-Fi protection settings. WPS is a certification program implemented by the Wi-Fi Alliance organization, which focuses on simplifying the configuration of wireless LAN installation and security performance. WPS is not a new security feature, it simply makes existing security technologies easier to configure.
- 2
For general users, WPS provides a fairly simple encryption method. This feature not only enables fast interconnection of both Wi-Fi devices with WPS functions and wireless routers, but also randomly generates a eight-digit string as a personal identification number (PIN) for cryptographic operations. Eliminates the need to manually add the network name (SSID) and the tedious process of entering a lengthy wireless encryption password when the client needs to connect to the wireless network.
- 3
How long does it take to hack the network? is a matter of primary concern. If the crack time takes days or weeks, or even a non-terminating time, the vulnerability might not be so important.
Someone once did a test that would take 8 hours to complete a 8-digit WPA password on 3K/SEC's computer. If the PIN code is random 8 bits, consider the bad signal, the device is overloaded, there is a reasonable delay waiting for PIN authentication results (if the PIN code verification fails, the program will wait for a long time to prompt, here specifically QSS software) and other factors ... It's not realistic to think of WPA encryption in a short time. Some people may think that 10 hours can be fixed, it will take 100 hours, 1000 hours to finish. But this kind of manpower and material resources, really good value for money? Unless it's a wireless AP with a big meaning, it's worth it.
- 4
First, the PIN code in WPS encryption is the only requirement for access between network devices, and no other means of identification is required, which makes brute force possible.
Second, the 8th digit of the WPS pin is a checksum (checksum), so the hacker simply calculates the first 7 digits. In this way, the number of unique pins is reduced by one level to 10 7, which means there are 10 million variations.
- 5
When implementing pin identification, the access point (the wireless router) is actually to find out if the first half of the PIN (the first 4 bits) and the second half (the last 3 bits) are correct. When the first PIN authentication connection fails, the router sends a EAP-NACK message back to the client, and through that response, the attacker will be able to determine whether the first half of the pin or the second half is correct. In other words, a hacker simply finds a 4-digit PIN and a 3-digit PIN from a 7-digit PIN. In this way, the order is reduced, from 10 million changes, reduced to 11000 (10 of 4 +10-square) species change. Therefore, in the actual crack attempt, the hacker can only Test 11,000 times, on average, only about 5,500 times to solve the test. This also confirms the feasibility of cracking the pin code within 2 hours.
END
- 1
Enter the Cdlinux interface, open the MINIDWEP, scan the signal, the usual:
1, Signal Strong Limited (the smaller the absolute value of the signal, the stronger. )
2, have the client's priority
3, the priority of the 7x24 boot
4, at this time to select a signal with a WPS mark after the crack.
- 2
Select a signal with a WPS marker, then click "Reaver"
There are a lot of parameters that can be changed before you know what they mean, just by default.
Click OK
- 3
The hack interface is as follows:
If the crack speed is lower than 5s/pin, indicating that the signal is not strong enough, it is recommended to put the wireless card as close as possible to the source of the place, or change a signal.
If you are prompted to wait 60 seconds to try again, that means that the route is a new version of the anti-pin function, but I secretly tell you that this anti-pin to you is a pseudo-anti-pin, and so on 60 seconds after the software continue to crack. Such a router has a benefit, because you each pin him for a while, the router rejects you for a minute, equivalent to a router rest a minute, you know, so the router is not easy to die.
If the PIN code is always the same value, the router hangs, another time to pin, here to illustrate a point, if you use the virtual machine pin, each pin end, do not get results, do not shut down the virtual system, directly shut down the virtual machine, point "hang", so you next open the virtual machine, reconnect the network card, Or choose the signal you do not have a pin to play, you can continue the last progress.
If it is a USB stick boot to crack, you need to manually save the log file, the next time the hack and then copy the log files to Linux, to continue the last progress.
- 4
Here is the wait.
By the principle mentioned above can know, crack is first to crack the first four, if wrong, and then a four-digit number to crack, so you are likely in a very short time, the crack progress jumped to 90%.
That means the first four bits of the 8-digit PIN have been fixed. You can see that the first four digits of the pin value will not move, the following three will continue to change, is the poor lift, the last one is the checksum, regardless.
General signal good, good quality router (will not be pin dead)
The hack will end within two hours.
Wait for the password!
Once the password is found
At this point you need to record someone else's pin, so that when someone changes the password, you can use this PIN code to easily get a new password.
There is someone else's password: It's the back part of the WPA PSK.
END