We’re going to begin with a tiny opening to Kali Linux, because that is the OS I favor, is the most easy for this task and comes with all the tools we need. “Kali” is the successor to the much acclaimed Backtrack, which many of you reading this post will most likely know of and is a Linux distribution. There are various methods for installing and using Kali, if anyone needs any help, leave in the opinions, and I will most likely write another post about installing and its fundamentals in the foreseeable future.
In this tutorial, I’m going to hack into a Wi-Fi hotspot that I simply set up, named – Anonymus.
Given that we have Kail Linux, open a terminal window, type in ifconfig “ that is “ up. This will list all the networking interfaces connected to your apparatus.
Here, we only need (wlan0) which is our Wi-Fi card, so we can disable the others by doing “ifconfig <name of the interface> down”.
(“lo” does no matter)
Now, we type “airmon-ng start wlan0”
(airmon-ng is just a tool for monitoring air traffic, “start” basically starts the tool, and “wlan0” specifies the interface we are using for monitoring)
It’ll probably show “some processes that could cause trouble”, we’ll simply kill those processes by entering “kill <process ID>”.
Now if we do “ifconfig”, it should show us the newly made monitoring interface “mon0”.
Then, put in, “airodump-ng mon0”.
In the screenshot below, the highlighted bssid is our target (and it is my own), named “Anonymus”, the channel is 13 as we can see under the “CH” column.
For our next step we type in, “airodump-ng –c <channel> -w <name> –bssid <bssid> mon0”.
Let me explain a few things here, “airodump-ng” is a tool for capturing Wi-Fi packets, “<channel>” means the channel your target is running on, “-w” basically writes a file by the name that succeeds it in “<name>”, (I did “handshake” just for the convenience of it) bssid is a string of numbers specific to a hotspot.
Now, open up a new terminal and type in “aireply-ng -0 0 –a <bssid> mon0”, this command send a deauthentication signal (usually called a deauth packet) to all the devices connected to that hotspot. Then after a few seconds we stop it by “Ctrl+C”. Now, as we can see, the other terminal shows that the WPA Handshake was successfully captured.
We can close both windows at this point, and open a new one. Type “ls”; that should list the files in the current directory. We can clearly see that the files from the above operation are present. But we only need the file ending with “-01.cap”.
Then we do, “aircrack-ng –w <full location of the wordlist> <the file name>”.