Wireless wi-fi password cracking (WPA)

Pin cracking is the most effective way to crack Wi-Fi passwords in recent years. So what is pin? What is the purpose?
Here we should first describe the concept that WPS and WPS (WiFi protected setup) are a recommended Wireless Configuration Protocol for password-free and SSID-free devices. The advantage of this protocol is that WPS supports devices, when you connect to a device for the first time, you can automatically establish a connection without entering the SSID and password.
It is dangerous because it is convenient. If we know the SSID and pin of a route, we can enter the Wi-Fi network in a bright and bright manner. It doesn't matter if we don't know the Wi-Fi password. Once we know the pin, the wpa2 encryption method is also useless. We can use the Reaver software mentioned above to obtain the password.
The format of the PIN code is very simple. The last digit (8th digits) is the check digit (which can be calculated based on the first seven digits). During verification, the first four digits are checked first, if they are consistent, a message is returned. Therefore, you only need to scan the first four digits for 10 thousand times. If the first four digits are determined, you only need to try again for 1000 times (the next three digits ), the check bit can be calculated from the first 7 to verify the pin code. So you don't know how to calculate the check bit, so you can get the pin by trying 10000 + 1000 + 10 times = 11010 times to get the WiFi password, isn't it much simpler?
First, let's show the figure. Here, I will take my route as an example to facilitate the demonstration. Assume that you have obtained the PIN (14099281), which is the PIN code of my tplink. Obtain from the routing interface.

(1) As in the previous section, we first scanned the available wireless networks, but this time we didn't need to capture packets. Because you use a direct pin route, you do not need to have a device online. Click Reaver.
 

 

(2) Add-p14099281 in the command bar, which means that the pin starts from 14099281. In this way, you can get the PIN code at once. If you do not know it normally, do not enter it, click OK and wait for the password to come out.

Because the test pin is known here, the password will appear in less than 10 seconds.

 

 

In addition, a copy is saved under BT5 root/tmp.

In this way, it is self-evident that the Wi-Fi password is very efficient and theoretically broken.

I learned the pin for demonstration in advance, so it was very fast, but under normal circumstances I don't know what the PIN is. What should I do at this time? Here are some tips.
The pin is an 8-digit 10-digit number randomly generated. Therefore, this is generated by various routing vendors. Tenda routes (c83a35, 00b00c) are generated by converting the first six hexadecimal numbers of Mac into seven hexadecimal numbers and one verification code, the algorithm is weak. Therefore, it can be calculated directly through dec2hex. For example, if dlink has a delay on Pin errors, the pin speed may be slow, which indirectly prevents the pin. There are many other issues. For different routes, you can go to the Internet to find relevant information. Some tplink directly comes with the anti-pin function. Of course, this all takes time, so be patient.
There are some suggestions for Pin optimization. Do not believe that the PIN is not optimized. If the PIN is missed, you have to change the position and try again.

You can use the feedingbattle bottle on the BT5 desktop to obtain the hidden SSID.
Next, let's talk about the dangers of wifi hacking.
Of course, the good type is just to use the network and save money to share the network. At most, opening and downloading leads to a slight network disconnection.
However, if the attack is malicious, ARP attacks can be initiated to you after the intrusion into your Wi-Fi network. For example.

I rubbed Guo Siang's wifi, just as Si Niang and Han were chatting.
By sending false ARP information to Si Niang's computer, I disguise my host as a gateway. This process is reasonable and cannot be found. Because the 802.11 protocol is mutually trusted by default in the next layer LAN, because only when mutual trust is achieved, you will be in the same LAN. But at this time, I secretly entered, and siniang and the gateway did not know.
Said Si Niang: Han, I hate you.
As a disguised gateway, I first received this message and then tampered with it: "Han, I love you ". Then send the message to the real gateway, and the gateway sends the message to Han.
Han back:
Then I sent a false ARP message to the gateway and disguised myself as a Siang. Then, the facial expression is received. Then tamper with: "". And then send it to the real four mothers.
Finally, the two of them are together.
This is a bad example, but it shows the harm of Local Area Networks. Of course, not only are hackers doing this. The above process is not difficult to implement. Just make a few original socket packages and encapsulate the TCP/IP protocol header for sending. Then, you can obtain and tamper with the data. In fact, this is also the active defense principle of 360. It sends ARP information to the gateway to prevent spoofing.