How to hack and crack a WIFI password step by step.
WIFI penetration testing in details using Fern and Kali Linux. Wireless pentest.
Use this method only on authorized networks and only for penetration testing.
How to run Kali Linux from USB with persistence: https://youtu.be/Jjx-sra85RE
In this video, I will show you how to do a WIFI penetration test using Kali Linux and Fern WIFI cracker
Before we begin: If you are not performing the test on your own WIFI network, you should get the authorization of the owner of the WIFI network you are testing the penetration against
The requirements are:
- You need a kali installation updated to the latest version. If you want to know how to install Kali or run it from a USB Key, please watch my videos in the description, they show you step by step on how to do this
- You need a WIFI dongle capable of Monitoring and packet injection. I am using here the Panda Pau07 N600 USB WIFI Dongle. It can also act as a standard WIFI card. You can find the link in the description if you want to check it out on Amazon
- You need a password dictionary file. I will be using the one included with Kali which is the rockyou.txt file
Step 1 – Preparation
Insert the WIFI Dongle in your Kali PC and login in to your Kali installation
Open a terminal window and perform the following to extract the rockyou.txt file
- Create a pentest folder: mkdir pentest
- Go to the pentest folder: cd pentest
- Copy rockyou.txt.gz to the pentest folder: cp /usr/share/wordlists/rockyou.txt.gz .
- Ls
- Extract the rockyou.txt.gz file: gunzip rockyou.txt.gz
- Ls
- Check the number of passwords in the file: wc -l rockyou.txt
- The number includes passwords that fall out of the range of accepted password length for WPA/WPA2. The accepted range is from 8 to 63 characters long. So we will remove all the passwords that are outside this range. This will shorten the penetration test time:
- cat rockyou.txt | sort | uniq | pw-inspector -m 8 -M 63 > wparockyou.txt
- Now check the number of passwords in the new wparockyou.txt file
- ls
- Wc -l wparockyou.txt
Step 2 – Penetration testing
- Open Fern by clicking on the Kali logo then Wireless attacks, Fern WIFI cracker
- If you are not logged in as root, you will be asked to put your current user password so put your password and hit Enter
- In Fern
- Click Select Interface and choose the testing interface, usually this is WLAN0
- Click Ok on the settings button. Notice that it says that a Fake MAC address is always used
- Click Scan for Access Points
- Give it about 30 seconds, a number should appear Next to WIFI WPA
- Click WIFI WPA
- Under Select Target Access Point
- Select the Access Point you are authorized to perform penetration test on
- In my case, dlink-7DFC is my WIFI test router
- Wait for the probing phase to finish. This will detect a MAC address for a connected device to the target network. When a Mac address is shown, click Browse to select the wparockyou.txt file
- Click Attack
- This will send a Deauthentication packet to the connected device whosw Mac address was discovered
- It will force the device to reconnect to the WIFI network
- When it tries to reconnect, Fern will capture the handshake and it starts testing it against the passwords in the wparockyou.txt password dictionary file
- You can always download other password dictionary files if you search for them, rockyou is the best known one
- If the target WIFI uses a password that is in the file, Fern will detect it and will display it.
- This might take a long time
- When the password is detected, Fern will save it in its database
- Summary, if your password is detected, it means you are using a weak password for your WIFI network so change it to something including Uppercase and lower case letters, numbers and special characters. Never use an easy to guess password.
That was it, If you think this video might help others, please share it, subscribe to my channel and give this video a thumbs up. Thank you for watching
Disclaimer: Use the instructions in this video at your own risk. We are not responsible for any data loss or other damages that may occur. This video is intended to help you secure your WIFI network and other networks that you are authorized to work on. Don’t use it for malicious purpose
0 Comments