How to Hack WiFi Password:

Guide to Crack Wi-Fi Network

Wireless networks are accessible to anyone within the

router’s transmission radius. This makes them
vulnerable to attacks. Hotspots are available in public
places such as airports, restaurants, parks, etc.
In this tutorial, we will introduce you to common
techniques used to exploit weaknesses in wireless
network security implementations. We will also look at
some of the countermeasures you can put in place to
protect against such attacks.

Topics covered in this How to Hack WiFi Tutorial

• What is a wireless network?
• How to access a wireless network?
• Wireless Network Authentication WEP & WPA
• How to Crack WiFI (Wireless) Networks
• How to Secure wireless networks
• How to Hack WiFi Password
What is a wireless network?
A wireless network is a network that uses radio waves to
link computers and other devices together. The
implementation is done at the Layer 1 (physical layer) of
the OSI model.

How to access a wireless network?

You will need a wireless network enabled device such as a

laptop, tablet, smartphones, etc. You will also need to be
within the transmission radius of a wireless network
access point. Most devices (if the wireless network option
is turned on) will provide you with a list of available
networks. If the network is not password protected, then
you just have to click on connect. If it is password
protected, then you will need the password to gain access.
Wireless Network Authentication
Since the network is easily accessible to everyone with a
wireless network enabled device, most networks are
password protected. Let’s look at some of the most
commonly used authentication techniques.
WEP
WEP is the acronym for Wired Equivalent Privacy. It was
developed for IEEE 802.11 WLAN standards. Its goal was
to provide the privacy equivalent to that provided by wired
networks. WEP works by encrypting the data been
transmitted over the network to keep it safe from
eavesdropping.
WEP Authentication
Open System Authentication (OSA) – this methods grants
access to station authentication requested based on the
configured access policy.
Shared Key Authentication (SKA) – This method sends to
an encrypted challenge to the station requesting access.
The station encrypts the challenge with its key then
responds. If the encrypted challenge matches the AP
value, then access is granted.
WEP Weakness
WEP has significant design flaws and vulnerabilities.
• The integrity of the packets is checked using
Cyclic Redundancy Check (CRC32). CRC32
integrity check can be compromised by capturing at
least two packets. The bits in the encrypted stream
and the checksum can be modified by the attacker so
that the packet is accepted by the authentication
system. This leads to unauthorized access to the
network.
• WEP uses the RC4 encryption algorithm to create
stream ciphers. The stream cipher input is made up
of an initial value (IV) and a secret key. The length of
the initial value (IV) is 24 bits long while the secret
key can either be 40 bits or 104 bits long. The total
length of both the initial value and secret can either be
64 bits or 128 bits long.The lower possible value of
the secret key makes it easy to crack it.
• Weak Initial values combinations do not encrypt
sufficiently. This makes them vulnerable to attacks.
• WEP is based on passwords; this makes it
vulnerable to dictionary attacks.
• Keys management is poorly implemented.
Changing keys especially on large networks is
challenging. WEP does not provide a centralized key
management system.
• The Initial values can be reused
Because of these security flaws, WEP has been
deprecated in favor of WPA

WPA
WPA is the acronym for Wi-Fi Protected Access. It is a
security protocol developed by the Wi-Fi Alliance in
response to the weaknesses found in WEP. It is used to
encrypt data on 802.11 WLANs. It uses higher Initial
Values 48 bits instead of the 24 bits that WEP uses. It
uses temporal keys to encrypt packets.
WPA Weaknesses
• The collision avoidance implementation can be
broken
• It is vulnerable to denial of service attacks
• Pre-shares keys use passphrases. Weak
passphrases are vulnerable to dictionary attacks.
How to Crack WiFI (Wireless)
Networks
WEP cracking
Cracking is the process of exploiting security weaknesses
in wireless networks and gaining unauthorized access.
WEP cracking refers to exploits on networks that use WEP
to implement security controls. There are basically two
types of cracks namely;
• Passive cracking– this type of cracking has no effect
on the network traffic until the WEP security has been
cracked. It is difficult to detect.
• Active cracking– this type of attack has an increased
load effect on the network traffic. It is easy to detect
compared to passive cracking. It is more effective
compared to passive cracking.
WiFi Password Hacker (WEP
Cracking) Tools
• Aircrack– network sniffer and WEP cracker. This
WiFi password hacker tool can be downloaded
from http://www.aircrack-ng.org/
• WEPCrack– this is an open source Wi-Fi hacker
program for breaking 802.11 WEP secret keys. This
WiFi hacker app for PC is an implementation of the
FMS attack. http://wepcrack.sourceforge.net/
• Kismet– this WiFi password hacker online detects
wireless networks both visible and hidden, sniffer
packets and detect intrusions. https://
www.kismetwireless.net/
• WebDecrypt– this WiFi password hack tool uses
active dictionary attacks to crack the WEP keys. It has
its own key generator and implements packet filters
for hacking WiFi password. http://
wepdecrypt.sourceforge.net/
WPA Cracking
WPA uses a 256 pre-shared key or passphrase for
authentications. Short passphrases are vulnerable to
dictionary attacks and other attacks that can be used to
crack passwords. The following WiFi hacker online tools
can be used to crack WPA keys.
• CowPatty– this WiFi password cracker tool is used to
crack pre-shared keys (PSK) using brute force
attack. http://wirelessdefence.org/Contents/
coWPAttyMain.htm
• Cain & Abel– this WiFi hacker for PC tool can be
used to decode capture files from other sniffing
programs such as Wireshark. The capture files may
contain WEP or WPA-PSK encoded frames. https://
www.softpedia.com/get/Security/Decrypting-
Decoding/Cain-and-Abel.shtml

General Attack types

• Sniffing– this involves intercepting packets as they
are transmitted over a network. The captured data
can then be decoded using tools such as Cain & Abel.
• Man in the Middle (MITM) Attack– this involves
eavesdropping on a network and capturing sensitive
information.
 • Denial of Service Attack– the main intent of this
attack is to deny legitimate users network resources.
FataJack can be used to perform this type of attack.
More on this in article

Cracking Wireless network WEP/WPA

keys
It is possible to crack the WEP/WPA keys used to gain
access to a wireless network. Doing so requires software
and hardware resources, and patience. The success of
such WiFi password hacking attacks can also depend on
how active and inactive the users of the target network
are.
We will provide you with basic information that can help
you get started. Backtrack is a Linux-based security
operating system. It is developed on top of Ubuntu.
Backtrack comes with a number of security tools.
Backtrack can be used to gather information, assess
vulnerabilities and perform exploits among other things.
Some of the popular tools that backtrack has includes;
• Metasploit
• Wireshark
• Aircrack-ng
• NMap
• Ophcrack
Cracking wireless network keys requires patience and
resources mentioned above. At a minimum, you will
need the following tools
A wireless network adapter with the capability to inject
packets (Hardware)
• Kali Operating System. You can download it from
here https://www.kali.org/downloads/
• Be within the target network’s radius. If the users
of the target network are actively using and
connecting to it, then your chances of cracking it will
be significantly improved.
• Sufficient knowledge of Linux based operating
systems and working knowledge of Aircrack and
its various scripts.
• Patience, cracking the keys may take a bit of
sometime depending on a number of factors some of
which may be beyond your control. Factors beyond
your control include users of the target network using
it actively as you sniff data packets.

How to Secure wireless networks

In minimizing wireless network attacks; an organization
can adopt the following policies
• Changing default passwords that come with the
hardware
• Enabling the authentication mechanism
 • Access to the network can be restricted by
allowing only registered MAC addresses.
• Use of strong WEP and WPA-PSK keys, a
combination of symbols, number and characters
reduce the chance of the keys been cracking using
dictionary and brute force attacks.
• Firewall Software can also help reduce unauthorized
access.

How to Hack WiFi Password

In this practical scenario, we are going to learn how to
crack WiFi password. We will use Cain and Abel to
decode the stored wireless network passwords in
Windows. We will also provide useful information that
can be used to crack the WEP and WPA keys of
wireless networks.
Decoding Wireless network passwords
stored in Windows
Step 1) Download the Cain and Abel tool
• Download Cain & Abel from the link provided above.
• https://www.malavida.com/en/soft/cain-and-abel/
• https://www.usitility.com/cain-abel/
 • Open Cain and Abel

Step 2) Select the Decoders tab and choose Wireless

passwords
• Ensure that the Decoders tab is selected then click on
Wireless Passwords from the navigation menu on the
left-hand side
• Click on the button with a plus sign
Step 3) The passwords will be shown
• Assuming you have connected to a secured wireless
network before, you will get results similar to the ones
shown below

Step 4) Get the passwords along with encryption type

and SSID
• The decoder will show you the encryption type, SSID
and the password that was used.

Summary
• Wireless network transmission waves can be seen by
outsiders, this possesses many security risks.
• WEP is the acronym for Wired Equivalent Privacy. It
has security flaws which make it easier to break
compared to other security implementations.
• WPA is the acronym for Wi-Fi Protected Access. It has
security compared to WEP
• Intrusion Detection Systems can help detect
unauthorized access
• A good security policy can help protect a network.