Crack WPA/WPA2 Wi-Fi Routers with Aircrack-Ng and Hashcat

I&#x27;m not sure why this is amazing enough to make the first page but W&#x2F;E it&#x27;s HN :). Just so less informed are aware, this has been feasible for maybe 7 years (since GPU calculation became possible).<p>Just so nobody freaks out, this is cracking weak passwords, not broken WPA.<p>I have myself cracked countless WiFi passwords when security testing. It&#x27;s easy if the passwords are bad, which is maybe 90% of the time for home networks and 60% for businesses. The attack is completely passive if you don&#x27;t want to be noticed, and with a cheap dish you can pickup both ends of the handshakes from up to around a quarter mile away (line of sight).

I attempted to do this once and it turned out to be monumentally difficult. I got as far as setting up a bootable kali thumb drive before getting stopped in my tracks by hardware incompatibilities and unexpected behaviors and errors. These articles make it sounds a LOT easier than it is. I was very disappointed because I was really excited about it.

4,733,979 out of the 14,344,391 passwords (33%) in the rockyou.txt dictionary file used for cracking in this guide are too short to be WPA2 passwords, which have a minimum length of 8 characters. Are aircrack and&#x2F;or hashcat smart enough to not bother hashing those short passwords?

Is there anything novel in there? On a first sight it seems just like a guide done hundred times before...

I had the idea a long time ago to make a dd-wrt image which would automatically crack the vulnerable routers within distance, detect the model, and install a compatible version of itself in order to spread virally and create a mesh network. I&#x27;m not going to pursue it because it probably breaks a lot of laws, but I&#x27;m still curious if it would have been possible. Does anyone know if this is actually feasible? Maybe the radios can&#x27;t handle that sort of thing?

wifite2[1] is a wrapper tool that does all this automatically.<p>Not trying to say that easier is better, in this case. Just wanted to show this tool for those who don&#x27;t know it.<p>[1] - <a href="https:&#x2F;&#x2F;github.com&#x2F;derv82&#x2F;wifite2" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;derv82&#x2F;wifite2</a><p>edit: added wifite initially, replaced it with wifite2

To the script kiddies out there who read this: Do not try this on others wifi. It is a crime in the USA to crack network routers. Although the chance of you getting caught is low, better be safe than sorry.

The deauthentication packet looks interesting. Does that mean, that I could annoy the hell out of my neighbors by constantly forcing all of their devices to reconnect?

How long does the cracking process take? I remember WEP only taking 10 minutes using aircrack-ng in BackTrace... I imagine this takes substantially longer.

Just fyi if you are using Kali the rockyou list is already in &#x2F;usr&#x2F;share&#x2F;wordlists.<p>Also to reduce the size of the pcap file, you may want filter it for EAPOL packets only:<p>tshark -r input.pacp -R &quot;eapol || wlan.fc.type_subtype == 0x08&quot; -w small.pcap

The DSL provider in my area sets up customer&#x27;s wireless networks with their home or mobile phone number as the password. If you know that number or can look it up in public records then you&#x27;re in. If you can&#x27;t find it maybe use a dictionary pertaining to the area code of phone numbers and then you&#x27;re in. When the protocol changes to something more secure, the ISP&#x27;s customer will still be as insecure as they always were.

Can someone help me understand why, from a technical perspective, it is necessary to capture the handshake?

Does this only crack single word passwords? If my password was two common dictionary words or a common word plus a single number, would this try that possibility?

Honestly, why reinvent the wheel. Use Wifite2 with a proper password list and done.

Anyone tried Apple&#x27;s Airport drivers and Linux on VirtualBox?

most people don&#x27;t change password on their routers anymore