1. Welcome to PHCorner Forums. Take a moment to Sign up and gain unlimited access and extra privileges that guests are not entitled to, such as:

    All that and more! Registration is quick, simple and absolutely free. Join our community today!

Tutorial (How to Hack) WPA/WPA2 Wifi - Kali Linux 2 and Airmon-ng

Discussion in 'Linux Distributions' started by Nicolandia15, Apr 30, 2016.

  1. [​IMG]

    First Tutorial here. Since halos lahat naman ngayon ng router or mobile wifi is gumagamit ng WPA/WPA2 security, gusto ko lang i share pano mag hack nito using Kali Linux 2 and Air©râck.

    Before tayo mag start:
    Q: Para ba sakin to?
    A: Kung interesado ka po gawing secure yung connection mo (pfft!) or kunin yung password ng kapitbahay mo (yeah!) para sa libreng internet. Then follow mo lang step by step!

    Q: ïllêgâl ba to?
    A: Nagtanong ka pa!

    Q: Why sharing this?
    A: Gusto lang makatulong and I know marami nakakaalam nito. Ayaw lang I share. :p

    Q: Complicated?
    A: Walang mahirap pag gusto mo matuto.

    REQUIREMENTS:
    *Laptop / PC or USB Drive
    *Compatible wireless card
    *Kali Linux 2

    Disclaimer: Lahat ng information sa tutorial na to is for educational purposes only *wink*. I am no way responsible for any misuse of the information.

    Let's assume na install mo na yung Kali Linux 2.
    *Pwede ka mag install ng Kali Linux as Live USB , Dual Boot or using VMs.

    Step 1:
    Login to Kali as root.

    Step 2:
    Plugin mo yung wireless card mo sa PC or Laptop

    Step 3:
    Open new terminal tapos type mo airmon-ng
    [​IMG]

    Lalabas dito yung external wireless card na ginamit mo. Sakin is yung RaLink Tech. Pag blank naman po yung nakuha mo then hindi po supported yung external wireless card mo. In my case yung card ko is supported and listed as wlan0

    Step 4:

    Type airmon-ng start then yung interface ng external wireless card mo. Again yung sakin is wlan0.
    Should be: airmon-ng start wlan0
    [​IMG]
    This means yung external card mo is naka monitor mode na. Then yung bagon pangalan nya is wlan0mon

    Step 5:

    Type airodump-ng and yung bagong name ng interface mo. Again yung sakin wlan0mon
    Should be: airodump-ng wlan0mon

    [​IMG]

    Step 6:

    Ang mangyayari next is your card will list lahat ng wireless network na makikita nya sa area nyo. Kasama dito mga mobile wifi and router. Then hanapin mo yung target mo na gusto mong i-©râck.
    "Do this at your own risk"

    [​IMG]

    Kung makikita nyo po sa screenshot, halos lahat sila WPA2 Encryption. Focus tayo sa taas na part. Btw yung sa baba na part na mga nakalsta is mga devices yun like phone and computers. Sa taas yun yung wireless network.

    LinkSys AC 1900 - For this test. Pinalitan ko lang name ng mobile wifi ko. It's Huawei Mobile Wifi E5330
    Try natin sa sarili kong device para kunyari wala ako nilalabag. Hehe.

    Next is take note mo yung BSSID and yung Channel. BSSID and CH respectively.
    Copy BSSID
    [​IMG]
    Then type this:

    airodump-ng -c [channel] --bssid [bssid] -w /root/Desktop/ (yung interface ng card mo) again yung sakin is wlan0mon

    Channel - replace mo na lang kung ano man channel ng target mo.
    bssid - yung BSSID na copy mo kanina

    -w /root/Desktop/ - command to para sa directory kung saan issave yung handshake na gagawin natin later. I know nakaka confuse.

    Should be:
    airodump-ng -c 3 --bssid 8C:34:FD:68:F3:2A -w /root/Desktop/ wlan0mon

    [​IMG]

    Press ENTER syempre.

    Step 7:
    Mangyayari next is mag ffocus yung airodump sa bssid na spinecify natin. So makikinig lang niya ngayon sa LinkSys AC 1900 na device. Makikita mo rin dito yung device na naka connect. Yung idea is mag aantay tayo na may mag connect na device. Then iccapture natin yung data "handshake" na may laman na password at ic©râck natin later. Or pwede din nating i force disconnect yung device naka connect na then mag aauto connect sila sa router or mobile wifi, same pa din. May "handshake" pa din na nangyari. May files din na malalagay sa desktop mo. Dito issave yung handshake kaya please wag I delete. Kailangan natin yan later.
    [​IMG]
    Keep this!

    Step 8:
    Eto pano mag disconnect ng device na naka connect sa router or mobile wifi.
    [​IMG]
    Yung naka highlight is yung phone ko naka connect.
    Open ka ng bagong terminal. Yaan mo lang nakabukas yung isa.
    Type this:
    aireplay-ng –0 2 –a [router bssid] –c [client bssid] wlan0mon
    Di ko na eexplain lahat ng code basta paki insert na lang yung router/mobile wifi bssid mo and sa -c yung bssid ng device na nakaconnect. wlan0mon - depende sa interface mo.

    Should be:
    aireplay-ng –0 2 –a 8C:34:FD:68:F3:2A –c 90:B9:31:0E:8C:D0 wlan0mon

    [​IMG]

    Press ENTER syempre.

    Step 9:
    After nyan mag ssend yung wireless card mo ng deauth signal/packets para ma disconnect yung device. Yun yung -0. Yung 2 next dun is kung ilang packets ang gusto mo I send. Pwede mo din I modify yan.

    At ang pinakahihintay natin. Di ko sure kung may nagbabasa pa sa step na to or na confuse na sa mga pinagsasbi ko.

    [​IMG]
    [​IMG]
    Once mag appear na yung "handshake" ibig sabihin nakuha na natin yung password. Which is naka save dun sa file na ginawa natin kanina sa Desktop. May mga pagkakataon na di agad makukuha ang handshake at di ko din minsan alam bakit pag tintry ko sa ibang router. Pero sabi nila pinaka reason daw is malayo ka sa router. Or try mo mag deauth ng ibang device na nakaconnect dun if more than 1 ang nakalista.

    Step 10:
    That's it! Gagawin naman natin next is to ©râck yung password na nacapture natin. So depende to kung gano ka complicated yung password na nilagay ng may-ari. Pag mejo techy si owner then expect na mejo mahirap din I ©râck yung password. Pero pag mga simpleng user lang, trust me. May naka ©râck ako using wordlist under a minute. Password niya "zamboanga".

    Moving on,
    air©râck-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap
    I assume mejo familiar kana sa mga bracket na yan. Default path ng wordlist is /usr/share/wordlist/rockyou.txt

    Note: By default, rockyou.txt is still compressed. Paki unzip na lang po.


    Eto sakin:
    [​IMG]

    Press ENTER ulit. Again depende ito kung gano ka complicated yung password ni owner. Pag complicated matagal ma ©râck at naka depende ito sa wordlist na gagamitin natin. If yung password ni owner is nasa wordlists then mahuhulaan natin. If wala, move on.


    [​IMG]

    Seems na hindi secure yung password ng Huawei ko. Lol.
    Kung nagbabasa ka pa dito? Kaw na. If there's any confusion feel free try to ask try ko sagutin lahat.
    Kahit sino pwede matuto nito basta may time ka lang. Peace!
     

    Attached Files:

    You must or Register to view Attachment.
    Last edited: Jun 18, 2016
  2. salamat po pabookmark po muna :D wla pang Kali Linux eh ..
     
    Nicolandia15 likes this.
  3. boom! lagot yung may mga wifi... sana effective to sa kanila... salamat boss...

    siya nga pala compatible ba toh sa usb stick na wireless device for PC users?
     
  4. Kaso di po lahat eh. Pero you can try this sa terminal

    aireplay-ng -9 wlan0

    pag nag respond ng

    "Injection is working!" compatible po yung card mo.
     
    aizen75 likes this.
  5. ahhh okay TS... kung downloadable yan TS sa internet, may secured download link kaba diyan para naman sa mga beginners na katulad koh?
     
    Galawanghudas likes this.
  6. Yes po. :D

    2.6gig for both 64 or 32 bit.
    Please or Register to view links

    Once installed po may mga 200+ tools ka po na built in jan for hâckïng and penetration testing. So complete package na siya.
     
    pagebook likes this.
  7. BeChay

    BeChay Eternal Poster Established

    Gagana ba ito sa mga router na walang wps?parang bruteforce method lang din ito gaya ng backtrack diba?di kasi makapaghandshake if walang wps capability ang router na ginagamit
     
    sklice likes this.
  8. Yes sir, bruteforce nga to. If may WPS yung router mas madali kasi pwede gamitin yung reaver or wifite.
    Tested this sa mga mobile wifi na walang wps obviously and gumagana siya.

    Still. Depende pa din kung gano ka complicated yung password na tintry mong i-hack.
     
    sklice likes this.
  9. BeChay

    BeChay Eternal Poster Established

    Yun lang din if wala sa wordlist mo yung pass like bisaya o tagalog word ang ginamit no effect din TS :)
     
  10. Tama. Pero lam mo naman minsan mga password natin dba. Kala mo secure na. Meron ako 36GB na wordlists. Sa apartment namin like 80% ng password nila kaya ng wordlists. Like pag hindi ka masyadong aware sa mga ganito, bat ka maglalagay ng special char sa password mo dba. Makakalimutan mo lang din yan. Get it. get it. hehe.
     
  11. BeChay

    BeChay Eternal Poster Established

    TS pwede ba ako magkaroon ng access dyan sa 36GB mo na wordlist? :)
     
  12. sure. eto po link.
    Please or Register to view links

    Mix language yan. Kahit sa rockyou.txt po may tagalog din ako nakita.
     
    Halr likes this.
  13. BeChay

    BeChay Eternal Poster Established

    Salamat :) been using reaver and backtrack nadale ko rin wifi ni kapitbahay kaso nagupgrade nagpalit ng hindi na wps kaya nahirapan ako maghack yung may wps nga inabot ako ng 5days haha try ko itong 36gb mo na wordlist TS (y)
     
    sklice and Nicolandia15 like this.
  14. Agree. Mahirap pag walang WPS. Pero yung mga latest na router ngayon may panlaban na din sa pixie attack. Tapos wala ka ng option kundi bruteforce. :D
     
  15. BeChay

    BeChay Eternal Poster Established

    Tagal anu lalo na maraming characters yung ginamit na pass haha :)
     
  16. Sobra. Lalo na pag nakikita mong milyon milyon na yung passphrase na tinry tapos wala pa din. Nakakaewan. haha.
     
  17. Tanong lang po ,,
    .. Kahit anu pu bang version ng kali linux ang idownload koh?

    xory po newbee lang :)
     
  18. For the sake po ng tutorial. Stick tayo sa Kali Linux 2.0 Sana :D
    Please or Register to view links

    Feel free to ask po pag may mga tanong or confusion sa tut.
     
  19. BeChay

    BeChay Eternal Poster Established

    Add mo rin pala ts if hindi thru dual boot o usb booting gagamitin pwede ding thru virtual machine na lang :)
     
    Nicolandia15 likes this.
  20. [QH="doggebuster, post: 1306537, member: 447718"]For the sake po ng tutorial. Stick tayo sa Kali Linux 2.0 Sana :D
    Please or Register to view links

    Feel free to ask po pag may mga tanong or confusion sa tut.[/QUOTE]


    Sige poh salamat
     
    Nicolandia15 likes this.
Tags / Keywords: