Shayan Tech.
studied Cryptography & Online Advertising at Computer Science at City College of San Francisco (2017)
25w ago
Do you need to get a Wi-Fi password but don't have the time to crack it? , I have shown how to crack WEP, WPA2, and WPS, but some people have complained that cracking WPA2 takes too long and that not all access points have WPS enabled (even though quite a few do). To help out in these situations, I present to you an almost surefire way to get a Wi-Fi password without cracking—Wifiphisher.
Steps in the Wifiphisher Strategy
The idea here is to create an evil twin AP, then de-authenticate or DoS the user from their real AP. When they re-authenticate to your fake AP with the same SSID, they will see a legitimate-looking webpage that requests their password because of a "firmware upgrade." When they provide their password, you capture it and then allow them to use the evil twin as their AP, so they don't suspect a thing. Brilliant!
To sum up, Wifiphisher takes the following steps:
De-authenticate the user from their legitimate AP.Allow the user to authenticate to your evil twin.Offer a webpage to the user on a proxy that notifies them that a "firmware upgrade" has taken place, and that they need to authenticate again.The Wi-Fi password is passed to the hacker and the user continues to the web oblivious to what just happened.
Similar scripts have been around for awhile, such as Airsnarf, but this new Wifiphisher script is more sophisticated. In addition, you could always do this all manually, but now we have a script that automates the entire process. Recently, another script named Fluxion has also gained popularity as an alternative to Wifiphisher. You can check out this great guide on Fluxion if Wifiphisher isn't working for you.
To do this hack, you will need Kali Linux and two network wireless adapters, one of which must be capable of packet injection. You can use the tried and trueAWUS036NHA, or check out our guide on picking the best wireless network adapterfor Kali Linux.
1 Download Wifiphisher
To begin, fire up Kali and open a terminal. Then download Wifiphisher from GitHuband unpack the code.
kali > tar -xvzf /root/wifiphisher-1.1.tar.gz
As you can see below, I have unpacked the Wifiphisher source code.
Alternatively, you can clone the code from GitHub by typing:
kali > git clone https://github/sophron/wifiphisher
2 Navigate to the Directory
Next, navigate to the directory that Wifiphisher created when it was unpacked. In my case, it is /wifiphisher-1.1.
kali > cd wifiphisher-.1.1
When listing the contents of that directory, you will see that the http://wifiphisher.py script is there.
kali > ls -l
3 Run the Script
You can run the Wifiphisher script by typing:
Note that I preceded the script with the name of the interpreter, python.
The first time you run the script, it will likely tell you that "hostapd" is not found and will prompt you to install it. Install by typing "y" for yes. It will then proceed to install hostapd.
When it has completed, once again, execute the Wifiphisher script.
This time, it will start the web server on port 8080 and 443, then go about and discover the available Wi-Fi networks.
When it has completed, it will list all the Wi-Fi networks it has discovered. Notice at the bottom of my example that it has discovered the network "wonderhowto." That is the network we will be attacking.
4 Send Your Attack & Get the Password
Go ahead and hit Ctrl + C on your keyboard and you will be prompted for the number of the AP that you would like to attack. In my case, it is 12.
When you hit Enter, Wifiphisher will display a screen like the one below that indicates the interface being used and the SSID of the AP being attacked and cloned.
The target user has been de-authenticated from their AP. When they re-authenticate, they will directed to the the cloned evil twin access point.
When they do, the proxy on the web server will catch their request and serve up an authentic-looking message that a firmware upgrade has taken place on their router and they must re-authenticate.v
Notice that I have put in my password, nullbyte, and hit Submit.
When the user enters their password, it will be passed to you through the Wifiphisher open terminal, as seen below. The user will be passed through to the web through your system and out to the Internet, never suspecting anything awry has happened.
Now, my tenderfoot hackers, no Wi-Fi password is safe! Keep coming back as explore more of the world's most valuable skill set—hacking!
Dev Avasthi
Director / IT Trainer at AITS TRAINING INSTITUTE (2007-present)
37w ago
Hack WiFi (WPA / WPA2) Password In 3 Minute Using Kali Linux. NO Brute Force.
Today’s most serious & common question almost in everyone’s mind is that How To hack or crack someone else Wi-Fi!
There are many methods to do it, but almost all are time-consuming & if the password is given by some professional guy then it’s almost impossible. Because most of the attacks need word list which contains most common passwords and this professional guy knows about it, so he never prefers these passwords!
So I will not let you waste more time on it! In this cracking method, you will not need wordlist /dictionary anymore!
This attack is known as phishing! Wifiphisher technique is really fast
Wifiphisher is fast attack and reveals password within plenty of time, doesn’t matter how much password is long or complex. No need of any dictionaries, no more brute force .wifiphisher technique is really fast
Wifiphisher creates an evil twin AP, then Disconnect all user from AP and when users re-authenticate, they redirected to fake AP with the same SSID. After connecting with fake AP, they will see a legitimate looking webpage that requests their password to “Upgrade firmware”. When the user enters the password in our wifi phishing page, we capture their password and user allowed further to access the internet & nobody can doubt about it!
Requirement
1) Kali Linux
2) WiFiphisher
Disclaimer
video’s and tutorials are for informational and educational purposes only. I believe that ethical hacking, information security, and cyber security should be familiar subjects to anyone using digital information and computers. I believe that it is impossible to defend yourself from hackers without knowing how hacking is done.
All tutorials and videos have been made using My own routers, servers, websites and other resources, they do not contain any illegal activity. I do not promote, encourage, support or excite any illegal activity or hacking without written permission in general.
No comments:
Post a Comment