PRE-WIFI CRACKING PREPARATION
- A wireless card that supports Kali system listening
- Install the Kali system on the VMware virtual machine (this experiment uses Kali 2022 version)
Kali system download and installation
Official Website:
https://www.kali.org/get-kali/#kali-installer-images
Tsinghua University mirror site:
https://mirrors.tuna.tsinghua.edu.cn/kali-images/kali-2022.3
Here is recommended Tsinghua University mirror site download, the download speed is relatively fast, according to your own system to download the corresponding version, the specific installation tutorial can be Baidu by yourself:
1. Wireless network card installation
Wireless network card Taobao can be purchased: search for Kali wireless network card, the price ranges from 20-50 yuan. Consult customer service before purchase to support the Kali system. Plug the purchased network card into the USB interface of the PC, under normal circumstances, the virtual machine will recognize the wireless network card, check whether the wireless network card is recognized on the VMware virtual machine, if the network card is not displayed, you can try to reseat the wireless network card, or not, you need to contact the seller's customer service.
Enter the Kali system, open the command line terminal, and enhance the account permissions
sudo su Check whether the NIC is installed successfully
airmon-ng If the plugged-in wireless card is not displayed, please check that the wireless card connection is normal!
2. Start the NIC monitoring mode
airmon-ng start wlan0 Check whether the monitoring mode of the current wireless network card is enabled normally, and the network card name changes to the network card name + mon to indicate that the monitoring is normal
ifconfig 3. Scan WIFI
Here I choose my own WIFI router to crack, and the password is a mobile phone number
airodump-ng wlan0mon 4. Wait to grab the handshake bag
airodump-ng -w freedom -c 6 --bssid 28:D1:27:8C:C9:C5 wlan0mon -ignore-nefative-oneaa Parameter description:
# -c:指定信道
# -w:指定抓去握手包的存放位置或者名字,freedom是一会抓去的握手包的名字
# –bssid:指定路由器的MAC After executing this command, the devices that are currently connected to the router will be displayed, and you need to select one of the devices to capture the handshake packet
5. Start grabbing the handshake bag
Open another terminal, select one of the devices to capture the handshake packet, sometimes the capture may not be successful, you can execute the following command multiple times to ensure that the handshake packet can be captured
sudo su
aireplay-ng -0 2 -a 28:D1:27:8C:C9:C5 -c A4:55:90:90:DB:B1 wlan0mon Check the status of the first terminal, if WPA handshake shows that the handshake packet has been captured, you need to press Ctrl+C to terminate, after termination, the freedom-*.ivs file will be generated
6. Crack the code
Prepare a dictionary to crack
The dictionary is actually an ordinary text document txt file, there are a variety of passwords, each password is distinguished by a carriage return, the cracking program will be based on the data of the handshake package when cracking, and each password of the dictionary matches one by one, if it matches, the password can be cracked successfully.
Start cracking
aircrack-ng -w WIFI-Dict-955M.txt freedom-*.ivs Since the dictionary I use is relatively large, nearly 1GB in size, it takes a long time to crack, in order to facilitate testing, you can create a new test dictionary txt file by yourself, fill in a correct WIFI password (the premise is to crack your own WIFI), so that you can crack quickly and smoothly.
7. Password cracking results
WIFI-Dict-955M.txt this dictionary ran for hours and did not run out, this dictionary is not very good, I should find a dictionary of pure numbers or mobile phone numbers to run... I changed a dictionary that I tested and wrote, filled in the WIFI password, and it came out in less than 1 second
SUCCESSFULLY CRACKED, KEY FOUND! IS FOLLOWED BY THE PASSWORD OF WIFI
summary
- WIFI password is not 100% successful cracking!
- Whether the WIFI password can be successfully cracked depends on whether the password dictionary is strong enough, if the dictionary does not have a matching password, it cannot be successfully cracked
- The cracking efficiency of WIFI password depends on the size of the dictionary, machine performance, complexity of WIFI password, etc., the larger the dictionary, the longer the cracking process; The machine has strong performance and the WIFI password is simple, and the cracking process will be faster.
Note: This tutorial is for network security learning purposes only, and cannot be used to attack, crack, or commercially exploit other people's network devices.