Saturday, November 26, 2016

// //

Best wifi password hacker Tools | Wifi Hacking

Wi-fi password hacking is all possible because of wifi password hacker tools. Because if you don't have the proper tools to perform certain hacking processes how you do gonna hack wifi password.
For this reason we have compiled a list of  best wifi password hacker tools for newbies and beginners.
Let's get to our list of wifi password hackers.

1. Aircrack

Aircrack is one of the most popular wireless passwords cracking tools which you can use for 802.11a/b/g WEP and WPA cracking. Aircrack uses the best algorithms to recover wireless passwords by capturing packets. Once enough packets have been gathered, it tries to recover the password. To make the attack faster, it implements a standard FMS attack with some optimizations.
wifi password hacker image_1 | By Thzone.net
The company behind the tool also offers an online tutorial where you can learn how to install and use this tool to crack wireless passwords. It comes as Linux distribution, Live CD and VMware image options. You can use any of these. It supports most of the wireless adapters and is almost guaranteed to work. If you are using a Linux distribution, the only drawback of the tool is that it requires deeper knowledge of Linux. If you are not comfortable with Linux, you will find it hard to use this tool. In this case, try Live CD or VMWare image. VMWare Image needs less knowledge, but it only works with a limited set of host OS, and only USB devices are supported.
Before you start using this too, confirm that the wireless card can inject packets. Then start WEP cracking. Read the online tutorial on the website to know more about the tool. If you will follow steps properly, you will end up getting success with this tool.
2. AirSnort
AirSnort is another popular tool for decrypting WEP encryption on a wi-fi 802.11b network. It is a free tool and comes with Linux and Windows platforms. This tool is no longer maintained, but it is still available to download from Sourceforge. AirSnort works by passively monitoring transmissions and computing encryption keys once it has enough packets received. This tool is simple to use. If you are interested, you can try this tool to crack WEP passwords.
wifi password hacker image_2 | By Thzone.net
3. Cain & Able
Cain & Able is a popular password cracking tool. This tool is developed to intercept network traffic and then discover passwords by bruteforcing the password using cryptanalysis attack methods. It can also recover wireless network keys by analyzing routing protocols. It you are trying to learn wireless security and password cracking, you should once try this tool.
wifi password hacker image_3 | By Thzone.net

4. CoWPAtty

CoWPAtty is an automated dictionary attack tool for WPA-PSK. It runs on Linux OS. This program has a command line interface and runs on a word-list that contains the password to use in the attack.
Using the tool is really simple, but it is slow. That’s because the hash uses SHA1 with a seed of SSID. It means the same password will have a different SSIM. So, you cannot simply use the rainbow table against all access points. So, the tool uses the password dictionary and generates the hack for each word contained in the dictionary by using the SSID.
wifi password hacker image_4 | By Thzone.net
The new version of the tool tried to improve the speed by using a pre-computed hash file. This pre-computed file contains around 172000 dictionary file for around 1000 most popular SSIs. But if your SSID is not in those 1000, you are unlucky.
5. Airjack
Airjack is a Wi-Fi 802.11 packet injection tool. This wireless cracking tool is very useful in injecting forged packets and making a network down by denial of service attack. This tool can also be used for a man in the middle attack in the network.

6. WepAttack

WepAttack is an open source Linux tool for breaking 802.11 WEP keys. This tool performs an active dictionary attack by testing millions of words to find the working key. Only a working WLAN card is required to work with WepAttack.
7. CloudCracker
CloudCracker is the online password cracking tool for cracking WPA protected wi-fi networks. This tool can also be used to crack different password hashes. Just upload the handshake file, enter the network name and start the tool. This tool has a huge dictionary of around 300 million words to perform attacks.
wifi password hacker image_5 | By Thzone.net

8. Fern Wifi Cracker

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks.
wifi password hacker image_6 | By Thzone.net
Fern Wifi Cracker currently supports the following features:
  • WEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or WPS attack
  • WPA/WPA2 Cracking with Dictionary or WPS based attacks
  • Automatic saving of key in database on successful crack
  • Automatic Access Point Attack System
  • Session Hijacking (Passive and Ethernet Modes)
  • Access Point MAC Address Geo Location Tracking
  • Internal MITM Engine
  • Bruteforce Attacks (HTTP,HTTPS,TELNET,FTP)
  • Update Support

9. Wifite

To attack multiple WEP, WPA, and WPS encrypted networks in a row. This tool is customizable to be automated with only a few arguments. Wifite aims to be the “set it and forget it” wireless auditing tool.
wifi password hacker image_7 | By Thzone.net
Features:
  • sorts targets by signal strength (in dB); cracks closest access points first
  • automatically de-authenticates clients of hidden networks to reveal SSIDs
  • numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
  • customizable settings (timeouts, packets/sec, etc)
  • “anonymous” feature; changes MAC to a random address before attacking, then changes back when attacks are complete
  • all captured WPA handshakes are backed up to wifite.py’s current directory
  • smart WPA de-authentication; cycles between all clients and broadcast deauths
  • stop any attack with Ctrl+C, with options to continue, move onto next target, skip to cracking, or exit
  • displays session summary at exit; shows any cracked keys
  • all passwords saved to cracked.txt

10. PixieWPS

Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs (pixie dust attack). It is meant for educational purposes only. All credits for the research go to Dominique Bongard.
wifi password hacker image_8 | By Thzone.net
Features:
  • Checksum optimization: it’ll try first for valid PINs (11’000);
  • Reduced entropy of the seed from 32 to 25 bits for the C LCG pseudo-random function;
  • Small Diffie-Hellman keys: don’t need to specify the Public Registrar Key if the same option is used with Reaver.
The program will also try first with E-S0 = E-S1 = 0, then it’ll tries to bruteforce the seed of the PRNG if the –e-nonce option is specificed.

11. CeWL

CeWL is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.
wifi password hacker image_9 | By Thzone.net
CeWL also has an associated command line app, FAB (Files Already Bagged) which uses the same meta data extraction techniques to create author/creator lists from already downloaded.

12. Crunch

Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations.
wifi password hacker image_10 | By Thzone.net
Features:
  • crunch generates wordlists in both combination and permutation ways
  • it can breakup output by number of lines or file size
  • now has resume support
  • pattern now supports number and symbols
  • pattern now supports upper and lower case characters separately
  • adds a status report when generating multiple files
  • new -l option for literal support of @,%^
  • new -d option to limit duplicate characters see man file for details
  • now has unicode support

13. Hydra

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.
wifi password hacker image_11 | By Thzone.net
It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

14. john the ripper

John the Ripper is designed to be both feature-rich and fast. It combines several cracking modes in one program and is fully configurable for your particular needs (you can even define a custom cracking mode using the built-in compiler supporting a subset of C). Also, John is available for several different platforms which enables you to use the same cracker everywhere (you can even continue a cracking session which you started on another platform).
wifi password hacker image_12 | By Thzone.net
Out of the box, John supports (and autodetects) the following Unix crypt(3) hash types: traditional DES-based, “bigcrypt”, BSDI extended DES-based, FreeBSD MD5-based (also used on Linux and in Cisco IOS), and OpenBSD Blowfish-based (now also used on some Linux distributions and supported by recent versions of Solaris). Also supported out of the box are Kerberos/AFS and Windows LM (DES-based) hashes, as well as DES-based tripcodes.

We hand picked these tutorials for you


When running on Linux distributions with glibc 2.7+, John 1.7.6+ additionally supports (and autodetects) SHA-crypt hashes (which are actually used by recent versions of Fedora and Ubuntu), with optional OpenMP parallelization (requires GCC 4.2+, needs to be explicitly enabled at compile-time by uncommenting the proper OMPFLAGS line near the beginning of the Makefile).
Similarly, when running on recent versions of Solaris, John 1.7.6+ supports and autodetects SHA-crypt and SunMD5 hashes, also with optional OpenMP parallelization (requires GCC 4.2+ or recent Sun Studio, needs to be explicitly enabled at compile-time by uncommenting the proper OMPFLAGS line near the beginning of the Makefile and at runtime by setting the OMP_NUM_THREADS environment variable to the desired number of threads).
John the Ripper Pro adds support for Windows NTLM (MD4-based) and Mac OS X 10.4+ salted SHA-1 hashes.
“Community enhanced” -jumbo versions add support for many more password hash types, including Windows NTLM (MD4-based), Mac OS X 10.4-10.6 salted SHA-1 hashes, Mac OS X 10.7 salted SHA-512 hashes, raw MD5 and SHA-1, arbitrary MD5-based “web application” password hash types, hashes used by SQL database servers (MySQL, MS SQL, Oracle) and by some LDAP servers, several hash types used on OpenVMS, password hashes of the Eggdrop IRC bot, and lots of other hash types, as well as many non-hashes such as OpenSSH private keys, S/Key skeykeys files, Kerberos TGTs, PDF files, ZIP (classic PKZIP and WinZip/AES) and RAR archives.
Unlike older crackers, John normally does not use a crypt(3)-style routine. Instead, it has its own highly optimized modules for different hash types and processor architectures. Some of the algorithms used, such as bitslice DES, couldn’t have been implemented within the crypt(3) API; they require a more powerful interface such as the one used in John. Additionally, there are assembly language routines for several processor architectures, most importantly for x86-64 and x86 with SSE2.

15. Ncrack

wifi password hacker image_13 | By Thzone.net
Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.
Ncrack’s features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap’s and many more. Protocols supported include RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet.

16. RainbowCrack

RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. It crack hashes with rainbow tables.
RainbowCrack uses time-memory tradeoff algorithm to crack hashes. It differs from brute force hash crackers.
wifi password hacker image_14 | By Thzone.net
A brute force hash cracker generate all possible plaintexts and compute the corresponding hashes on the fly, then compare the hashes with the hash to be cracked. Once a match is found, the plaintext is found. If all possible plaintexts are tested and no match is found, the plaintext is not found. With this type of hash cracking, all intermediate computation results are discarded.
A time-memory tradeoff hash cracker need a pre-computation stage, at the time all plaintext/hash pairs within the selected hash algorithm, charset, plaintext length are computed and results are stored in files called rainbow table. It is time consuming to do this kind of computation. But once the one time pre-computation is finished, hashes stored in the table can be cracked with much better performance than a brute force cracker.

17. Reaver

Reaver is an open-source tool for performing brute force attack against WPS to recover WPA/WPA2 pass keys. This tool is hosted on Google Code and may disappear soon if developer has not migrated it to another platform. It was last updated around 4 years ago. Similar to other tools, this tool can be a good alternate to other tools in the list which use same attack method.
wifi password hacker image_15 | By Thzone.net

18. oclHashcat

oclHashcat is not a dedicated Wifi hacking tool and it also does  not come with  Kali Linux. But it can do brute force attacks and dictionary attacks on captured handshakes at a very high speeds  using the raw power of GPU. 
wifi password hacker image_16 | By Thzone.net

Comparing to other tools like Aircrack-ng suite, oclHashcat  is fast since it is using  a GPU instead of a CPU. An average GPU can do upto  50,000 combinations per second with oclHashcat.
Read More

Friday, November 25, 2016

// //

How to do wifi password recovery | Wifi Hacking

Normally, Wi-fi has the function of wifi password recovery in its device or router. Anyone with the basic knowledge to gadgets can perform simple password recovery or wifi  password reset using the button on wifi device.
Here we are going to do a tutorial on wifi password recovery. We are going to cover four methods to recover wifi password. 1st method is by using the default username and password.

1. Wifi password recovery using device local address

Here’s the good news: because you’ve locked down your wireless network and router configuration settings, you’re one step ahead of anyone trying to access your network and its devices.
The bad news? Depending on which password you’ve forgotten – the Wi-Fi password that enables you to connect devices to your router, or the administrative password you use to log directly in to your router —you’re either in for a short visit to your router’s Web configuration screen or a total router reset.
The Forgotten Wi-Fi Password
I’ll start with the easy one: the forgotten Wi-Fi password. Once you’ve set and saved a Wi-Fi password on your laptop, after all, you won’t ever need to change it — though I do recommend you change all of your passwords a few times a year.
Resetting your D-Link® router’s Wi-Fi password is easy:
  • Type your router’s IP address —192.168.0.1— into your Web browser.
  • At the login screen, select “Admin” from the drop down menu and enter your admin password.
  • Once you access the Web configuration screen, click “Setup” in the top menu.
  • Select the “Wireless Settings” link on the left-hand side.
  • From there, click on the “Manual Wireless Connection Setup” button.
  • Scroll down to the field representing my “Pre-Shared Key”. If you don’t see it, select a security mode from the dropdown menu at the bottom of the screen first.
  • Type in a new password. (I use a hybrid WPA/WPA2 security mode.)
That’s it! Now for the more challenging of the two: the forgotten admin password.
Wifi password recovery image_1  | By Thzone.net
The Forgotten Admin Password
If you forget your Web configuration password, you’re stuck: you have no way to change any settings on your router. Your only recourse is to use a paperclip or other pointy object to reset your router to its factory settings. With the
paperclip, hold down the tiny reset button on the back of your router for about five seconds. Your router lights will blink to confirm the factory reset. You can now use the router’s default password to log into its Web configuration screen (look in your router manual if you can’t remember what this is). Once you’re in, be sure to change this password to something unique.

2. Recover wifi password using device reset button

Factory Restore is the only option.
If everything fails you could always perform a factory restore. However it comes with its set of problems. For starters you loose all your PTCL settings that are essential for you to use your DSL. So bear in mind that if  you factory reset the modem you would have to call the PTCL help line and get all the settings redone over the phone. So do this at your own risk!
Wifi password recovery image_ 2 | By Thzone.net
What you need is a pin or a needle and your modem. If you look carefully at the back of the modem you will see a tiny rest hole. This is where you insert the pin/needle with the modem powered on and hold it for a few seconds till the modem restarts. You now have your modem factory restored and wiped of all settings
Note that your SSID (wireless network name) would change back to PTCL-BB. Router configuration page would be reset to 192.168.1.1. Username & Password to access it would be reset to admin (both). You would now be required to call PTCL and have them talk you through the configuration.

Read More


3. Find the Default Username and Password

Before resetting your router to its default settings, you should first try using the default username and password to log in. You’ll need these anyway if you plan on resetting the router to its factory default settings. There are several ways to find this information:
  • Read your router’s manual. Different models of routers – even ones from the same manufacturer – often have different username and password combinations. To locate the default username and password for the router, look in its manual. (If you’ve lost the manual, you can often find it by searching for your router’s model number and “manual” on Google. Or just search for your router’s model and “default password”.)
  • Look for a sticker on the router itself. Some routers – particularly ones that may have come from your Internet service provider – ship with unique passwords. These passwords may sometimes be printed on a sticker on the router itself.
  • Try a common username and password combination. Many routers use the password “admin”  (don’t type the quotes) and a blank username, a blank password and “admin” as the username, or “admin” as both the password and username. You can find a fairly comprehensive list of default usernames and passwords for various routers on RouterPasswords.com.
    Wifi password recovery image_ 3 | By Thzone.net
Try to log in with the default credentials after finding them – it’s possible the router was already reset or someone never changed its password. If they don’t work, continue to the next section – you’ll need the default credentials after resetting the router.

4. You can always hack wifi password to recover it

you need to find out the following about you target network-
  • Does it have WPS enabled. If not, then the attack will not work.
  • The BSSID of the network.
Now to check whether the network has WPS enabled or not, you can either use wash or just use the good old airodump-ng. Wash is specifically meant to check whether a network has WPS enabled or not, and thereby is much easier to use. Here are the steps-
Wifi password recovery image_ 4 | By Thzone.net
  • Set your wireless interface in monitor mode- 
airmon-ng start wlan0
  •  Use wash (easy but sometimes unable to detect networks even when they have wps enabled). If any network shows up there, it has WPS enabled.
wash -i wlan0mon

Wifi password recovery image_ 5 | By Thzone.net
  • This is an error which I haven't figured out yet. If you see it, then you'll have to do some howework, or move on to airodump method. Update :  wash -i wlan0mon --ignore-fcs  might solves the issue.
    Wifi password recovery image_6  | By Thzone.net
  • Use airodump-ng. It will show all networks around you. It tells which of them use WPA. You'll have to assume they have WPS, and then move to next steps.
airodump-ng wlan0mon
Wifi password recovery image_7  | By Thzone.net
BSSID of the network - Now irrespective of what you used, you should have a BSSID column in the result that you get. Copy the BSSID of the network you want to hack. That's all the information you need.

So by now you must have something like XX:XX:XX:XX:XX:XX, which is the BSSID of your target network. Keep this copied, as you'll need it.

Reaver

Now finally we are going to use Reaver to get the password of the WPA/WPA2 network. Reaver makes hacking very easy, and all you need to do is enter-
reaver -i wlan0mon -b XX:XX:XX:XX:XX:XX 
Explanation = i  - interface used. Remember creating a monitor interface wlan0mon using airmon-ng start wlan0. This is what we are using. -b species the BSSID of the network that we found out earlier.
This is all the information that Reaver needs to get started. However, Reaver comes with many advanced options, and some are recommended by me. Most importantly, you should use the -vv option, which increases the verbosity of the tool. Basically, it writes everything thats going on to the terminal. This helps you see whats happening, track the progress, and if needed, do some troubleshooting.  So final command should be-

reaver -i wlan0mon -b XX:XX:XX:XX:XX:XX -vv
After some hours, you will see something like this. The pin in this case was intentionally 12345670, so it was  hacked in 3 seconds.
Wifi password recovery image_8  | By Thzone.net
WPA PSK : X
X is the password of the wireless network.

Here is an extra section, which might prove useful. 

Known problems that are faced - Troubleshooting

  1. As in the pic above, you saw the first line read "Switching wlan0 to channel 6". (Yours will be wlan0mon instead of wlan0). Sometimes, it keeps switching interfaces forever.
  2. Sometimes it never gets a beacon frame, and gets stuck in the waiting for beacon frame stage.
  3. Sometimes it never associates with the target AP.
  4. Sometimes the response is too slow, or never comes, and a (0x02) or something error is displayed.
In most cases, such errors suggest-
  1. Something wrong with wireless card.
  2. AP is very choosy, won't let you associate.
  3. The AP does not use WPS.
  4. You are very far from the AP.
  5. Rate Limiting implemented in the router (most new router have this)
Possible workarounds-
  1. Sometimes, killing naughty processes helps. (see pictures below)
    Wifi password recovery image_9  | By Thzone.net
    Wifi password recovery image_ 10 | By Thzone.net
  2. Move closer to target AP
  3. Do a fakeauth using aireplay-ng and tell Reaver not to bother as we are already associated using -A (just add -A at the end of your normal reaver code)
  4. If you are using Kali Linux in Vmware, try booting into Kali using USB. I don't know why, but sometimes internal adapters work wonders, and can't be used from inside of a VM. In my case, booting up from USB and using internal adapter increased the signal strength and speeded up the bruteforce process. Update : It has nothing to do with internal adapter. I have verified this with many others, and it is now a known problem with Reaver. It does not work well inside Virtual machines. It is recommended that you do a live boot.
  5. As far as rate limiting is concerned, there are few workarounds available in forums across the web,but nothing seems to work with 100% certainty. Here is a relevant discussion of gitlab, here is a solution on hack5 forums which has a script and uses mdk5 tool (it doesn't work for me, it's supposed to DOS the router and reset the ban temporarily), and here is a thread on Kali Forumson the same issue, which has various possible solutions listed (including a method which changes your MAC address regularly [sorry if the download link on the thread there doesn't work] and hence allows reaver to work against routers which lock the particular MAC address which is attacking them and don't lock down completely). 
  6. Update: For some people the reason Reaver is not working is because the version of Libpcap you are using is not compatible with the version of Kali you are using.
A lot of people have shared their experiences in the comments section. Help out if you can, seek help if you need any. I can't always respond, but someone usually does.

Can't get it to work

Even after all your attempts, if you can't get it to work, then the AP just isn't vulnerable. You have the following alternatives-
  1. If you were following the tutorials one by one in the order shown in the top navigation bar (Hack With Kali -> Wireless Hacking), then you have learnt all you needed in this tutorial (even if you failed to get WPA-PSK), and can move to the next ones.
  2. If you just want to see if you can hack a WPA network, then there are three posts below which will help you with that without relying on WPS vulnerability.
Read More
// //

How to hack wifi with these simple steps | Wifi Hacking

Wifi is also written as wi-fi. how to hack wifi is most searched term on google. And Let me tell you that hacking a wifi is really easy and you can hack wifi with this simple step by step tutorial. It does not matter wheather you are a beginner or a pro if you don't know how to hack wifi, this tutorial is for you to learn how to hack wifi. Let's get to the tutorial.
We are going to use Kali Linux for hacking a wifi password. As our readers knows that Kali Linux is a hacking operating system. and It is used for various hacking attacks. Because it has hacking tools pre-configured in it. And the tool we are going to use is Fern. Fern has a lots of features and is made for wifi hacking and pentesting.
How to hack wifi | Image by Thzone.net


Fern Wi-fi Cracker can crack WEP, WPA, and WPA2 secured wireless networks. Fern basically takes the command line utilities to crack these networks and puts them in a GUI. Very simple to use… scary easy! Fern also provides some extra functionality for hijacking sessions and locating a computers geolocation via its Mac address, but I have not tested with these  features.
Note: For this demo I’m using a lab environment network that is not routed to the internet. I will be using the Fern WiFi Cracker open source wireless security tool included in the Kali Linux security distro. Before attempting to use Fern or any other utility in Kali please make sure to read the help and MAN pages for a complete description of the program options and switches. This demo is for wireless pentesting educational purposes and to emphasize the insecurities of using a weak or common dictionary word for wireless network authentication and encryption security key or passphrase.
Starting the Fern Program
To start Fern from the Terminal type in the following commands
#cd /pentest/wireless/fern-wifi-cracker
#python execute.py
or start Fern via the GUI using the Kali Linux menu
What is Fern WiFi Wireless Cracker?
Fern Wifi Cracker is a Wireless attack software and security auding tool that is written using the Python Qt GUI library and Python Programming Language. This tool can can recover and crack WPA/WEP/WPS keys and can run other network based attacked on ethernet or wireless based networks.
Is Fern WiFi Wireless Cracker Free?
Yes Fern Wifi Cracker is free of charge.
Does Fern WiFi Wireless Cracker Work on all Operating Systems?
This works on Kali Linux operating systems.
What are the Typical Uses for Fern WiFi Wireless Cracker?
This tool helps in assisting with Network security by enabling the user to view and discover network traffic in real-time and therefor can identify the hosts and network data discovery. With the network server data features, it will help toughen your server and discover vulnerabilities before they are exploited.
How to hack wifi
Select the Interface and Fern enables monitor mode. If your wireless interface does not show in the list hit the Refresh button and try again.
How to hack wifi_1 | Image by Thzone.net
Before starting the scan double-click on any blank area of the Fern home screen to bring up the Access Point Scan Preferences screen. You can set the channel option to scan a single channel or leave it at the default All Channels. 

Read More



One nice feature is to check the Enable XTerms option which will have Fern open up the Terminal windows during its usage to see what the program is doing in the background. Click OK when done.
How to hack wifi_2 | Image by Thzone.net
Back on the Fern home screen click the Scan for Access points button.
How to hack wifi_3 | Image by Thzone.net
Two Terminal windows will open; one showing the WEP enabled networks (no screen shot), and another showing the WPA enabled networks. The top part of the WPA Scan Terminal window shows the networks being found, and the lower part shows any connected client devices. For a WPA attack to work it requires a connected client. The most important part of the attack will kick the client off the wireless network and capture the 4-way handshake when the client device re-authenticates to the network. If the network you want to pentest has no connected client your out of luck!
How to hack wifi_4 | Image by Thzone.net
On Ferns home screen the networks being detected will start populating next to the WiFi WEP or WiFi WPA buttons. (I have been seeing less and less WEP enabled networks, so that is a good thing!)
How to hack wifi_5 | Image by Thzone.net
Clicking on the WiFi WEP or WiFi WPA button will bring up the Attack screen and the top pane will list the networks found. Select the AP to crack, but before clicking the Attack button to the right let’s go over a couple of settings.
How to hack wifi_6 | Image by Thzone.net
I will use the Regular Attack option, but there is a WPS Attack option and I believe Fern uses the Reaver utility to launch the WPS attack. You can read more about Reaver by clicking here.
Common.txt is the wordlist that comes with the Fern program, but any wordlist you download or have created on your own can be used by hitting the Browse button and pointing Fern to the alternative wordlist file.

How to hack wifi_7 | Image by Thzone.net
With the Regular Attack and the wordlist selected hit the Attack button.
How to hack wifi_8 | Image by Thzone.net
Fern will start the attack and on the left side of the screen the attack steps will turn yellow as Fern works through the various steps. The most important step is capturing the 4-way handshake and Fern will open an aireplay-ng Terminal window showing the progress of deauthentication (if XTerms is checked in the preferences) of the connected client.
How to hack wifi_9 | Image by Thzone.net
It may take several attempts to deauth a client and capture the 4-way handshake.
How to hack wifi_10 | Image by Thzone.net
Once Fern has captured the handshake it will start the bruteforce attack. Viola! If the WPA key is in the wordlist being used it will display the found key in Red.
How to hack wifi_11 | Image by Thzone.net
As I mentioned I setup a passphrase I knew would be found quickly, and from start to finish this attack took under 4 minutes!
Back on the Fern main screen is a Key Database button and it now shows one entry.
How to hack wifi_12 | Image by Thzone.net
Clicking the Key Database button will display the found keys.
How to hack wifi_13 | Image by Thzone.net
Conclusion
Using a common dictionary word for a WPA or WPA2 passphrase makes it easier to make an how to hack wifi tutorial with utilities like Fern. The Fern utility is free to download and simple to use, and not everyone is going to use it for legit wireless pentesting purposes.
With possession of the WPA key a person can associate to network and have a gateway to the internet, or they could launch other attacks. For example, with possession of the WPA key the attack could be expanded to include decryption of the data traffic of the legitimate clients on the wireless network.
Read More