Crack Vodafone Station Wpa
Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat.
One point to note is that how hard a password is to crack tends to relate more to it's length, rather. Mar 22, 2011. Wep key (password) that can be found on a sticker on the modem. Or WPA 12 1A:BD:B9:E4:21:80 Administration No data - WEP or WPA 13. Gilschwant WPA (0 handshake) 7803 00:1D:7E:C6:0F:7B Crack No data.
This is a brief walk-through tutorial that illustrates how to crack Wi-Fi networks that are secured using weak passwords. It is not exhaustive, but it should be enough information for you to test your own network's security or break into one nearby. The attack outlined below is entirely passive (listening only, nothing is broadcast from your computer) and it is impossible to detect provided that you don't actually use the password that you crack. An optional active deauthentication attack can be used to speed up the reconnaissance process and is described at the end of this document.
If you are familiar with this process, you can skip the descriptions and jump to a list of the commands used at the bottom. For a variety of suggestions and alternative methods, see the appendix. neal1991 and tiiime have also graciously provided translations to this document and the appendix in Chinese if you prefer those versions.
DISCLAIMER: This software/tutorial is for educational purposes only. It should not be used for illegal activity. The author is not responsible for its use. Don't be a dick.
Getting Started
This tutorial assumes that you:
- Have a general comfortability using the command-line
- Are running a debian-based linux distro, preferably Kali linux (OSX users see the appendix)
- Have Aircrack-ng installed
sudo apt-get install aircrack-ng
- Have a wireless card that supports monitor mode (see here for a list of supported devices)
Cracking a Wi-Fi Network
Monitor Mode
Begin by listing wireless interfaces that support monitor mode with:
If you do not see an interface listed then your wireless card does not support monitor mode
We will assume your wireless interface name is wlan0
but be sure to use the correct name if it differs from this. Next, we will place the interface into monitor mode:
Run iwconfig
. You should now see a new monitor mode interface listed (likely mon0
or wlan0mon
).
Find Your Target
Start listening to 802.11 Beacon frames broadcast by nearby wireless routers using your monitor interface:
You should see output similar to what is below.
For the purposes of this demo, we will choose to crack the password of my network, 'hackme'. Remember the BSSID MAC address and channel (CH
) number as displayed by airodump-ng
, as we will need them both for the next step.
Capture a 4-way Handshake
WPA/WPA2 uses a 4-way handshake to authenticate devices to the network. You don't have to know anything about what that means, but you do have to capture one of these handshakes in order to crack the network password. These handshakes occur whenever a device connects to the network, for instance, when your neighbor returns home from work. We capture this handshake by directing airmon-ng
to monitor traffic on the target network using the channel and bssid values discovered from the previous command.
Now we wait.. Once you've captured a handshake, you should see something like [ WPA handshake: bc:d3:c9:ef:d2:67
at the top right of the screen, just right of the current time.
If you are feeling impatient, and are comfortable using an active attack, you can force devices connected to the target network to reconnect, be sending malicious deauthentication packets at them. This often results in the capture of a 4-way handshake. See the deauth attack section below for info on this.
Once you've captured a handshake, press ctrl-c
to quit airodump-ng
. You should see a .cap
file wherever you told airodump-ng
to save the capture (likely called -01.cap
). We will use this capture file to crack the network password. I like to rename this file to reflect the network name we are trying to crack:
Crack the Network Password
The final step is to crack the password using the captured handshake. If you have access to a GPU, I highly recommend using hashcat
for password cracking. I've created a simple tool that makes hashcat super easy to use called naive-hashcat
. If you don't have access to a GPU, there are various online GPU cracking services that you can use, like GPUHASH.me or OnlineHashCrack. You can also try your hand at CPU cracking with Aircrack-ng.
Note that both attack methods below assume a relatively weak user generated password. Most WPA/WPA2 routers come with strong 12 character random passwords that many users (rightly) leave unchanged. If you are attempting to crack one of these passwords, I recommend using the Probable-Wordlists WPA-length dictionary files.
Cracking With naive-hashcat
(recommended)
Before we can crack the password using naive-hashcat, we need to convert our .cap
file to the equivalent hashcat file format .hccapx
. You can do this easily by either uploading the .cap
file to https://hashcat.net/cap2hccapx/ or using the cap2hccapx
tool directly.
Suara Bell sekolah: Jam Kedua Link Downloadnya. Suara Bell sekolah: Jam Ketiga Link Downloadnya. Link Downloadnya. Bel sekolah otomatis. Suara Bell sekolah: Jam pertama Link Downloadnya.
Next, download and run naive-hashcat
:
Naive-hashcat uses various dictionary, rule, combination, and mask (smart brute-force) attacks and it can take days or even months to run against mid-strength passwords. The cracked password will be saved to hackme.pot, so check this file periodically. Once you've cracked the password, you should see something like this as the contents of your POT_FILE
:
Where the last two fields separated by :
are the network name and password respectively.
If you would like to use hashcat
without naive-hashcat
see this page for info.
Cracking With Aircrack-ng
Aircrack-ng can be used for very basic dictionary attacks running on your CPU. Before you run the attack you need a wordlist. I recommend using the infamous rockyou dictionary file:
Note, that if the network password is not in the wordfile you will not crack the password.
If the password is cracked you will see a KEY FOUND!
message in the terminal followed by the plain text version of the network password.
Deauth Attack
A deauth attack sends forged deauthentication packets from your machine to a client connected to the network you are trying to crack. These packets include fake 'sender' addresses that make them appear to the client as if they were sent from the access point themselves. Upon receipt of such packets, most clients disconnect from the network and immediately reconnect, providing you with a 4-way handshake if you are listening with airodump-ng
.
Use airodump-ng
to monitor a specific access point (using -c channel --bssid MAC
) until you see a client (STATION
) connected. A connected client look something like this, where is 64:BC:0C:48:97:F7
the client MAC.
Now, leave airodump-ng
running and open a new terminal. We will use the aireplay-ng
command to send fake deauth packets to our victim client, forcing it to reconnect to the network and hopefully grabbing a handshake in the process.
You can optionally broadcast deauth packets to all connected clients with:
Once you've sent the deauth packets, head back over to your airodump-ng
process, and with any luck you should now see something like this at the top right: [ WPA handshake: 9C:5C:8E:C9:AB:C0
. Now that you've captured a handshake you should be ready to crack the network password.
List of Commands
Below is a list of all of the commands needed to crack a WPA/WPA2 network, in order, with minimal explanation.
Appendix
The response to this tutorial was so great that I've added suggestions and additional material from community members as an appendix. Check it out to learn how to:
- Capture handshakes and crack WPA passwords on MacOS/OSX
- Capture handshakes from every network around you with
wlandump-ng
- Use
crunch
to generate 100+GB wordlists on-the-fly - Spoof your MAC address with
macchanger
A Chinese version of the appendix is also available.
Attribution
Much of the information presented here was gleaned from Lewis Encarnacion's awesome tutorial. Thanks also to the awesome authors and maintainers who work on Aircrack-ng and Hashcat.
Overwhelming thanks to neal1991 and tiiime for translating this tutorial into Chinese. Further shout outs to yizhiheng, hiteshnayak305, enilfodne, DrinkMoreCodeMore, hivie7510, cprogrammer1994, 0XE4, hartzell, zeeshanu, flennic, bhusang, tversteeg, gpetrousov, crowchirp and Shark0der who also provided suggestions and typo fixes on Reddit and GitHub. If you are interested in hearing some proposed alternatives to WPA2, check out some of the great discussion on this Hacker News post.
Assuming, of course, that you've changed the default administrator's password on your router, your home network's weakest part is a feature called WPS and it's a feature available in many routers for sale today.
WPS stands for Wi-Fi Protected Setup and it was introduced to make it easier to connect new devices to a network such as your Sky TV box or game consoles.
How Does WPS Work?
The idea behind WPS is that you press a button on the router and a button on the device and both items will pair automatically so you don't have to do any meaningful technical configuration.
If your device doesn't have a WPS button then the router can be set up so that you just need to type in a PIN into the setup screen for your device to create a connection instead of the long 16-character WPA password often provided by routers.
The PIN is the main problem because it's easily hacked. Why? It's only an eight-digit number. For a human, hacking an eight-digit number will take some time, but the process of hacking the WPS PIN of a router is as simple as installing a single piece of software that will do the hard work for you. There aren't even any difficult command-line options to enter.
Does It Matter If Somebody Uses Your Wi-Fi Connection?
With the right software, unauthorized users on your Wi-Fi connection can:
- View all traffic sent to and from your computer over HTTP
- Download illegal content using your network.
- Attempt to hack your actual computer
- Attempt to access network shared hard drives on your home network
- If you have the default user and password set on the router they can access your router's settings and change them
- Perform a man in the middle attack by altering data sent from and to your computer
How to Disable WPS
The procedure to disable WPS differs by router manufacturer.
Apple Airport
WPS is not available for Apple Airport devices so you should already be protected.
ASUS
- Open a web browser and type 192.168.1.1
- Enter the administrator username and password (defaults username admin and password admin).
- Click Advanced Settings > Wireless
- Choose WPS from the tab.
- Move the slider next to Enable WPS to the off position.
Belkin
- Open a web browser and type 192.168.2.1 (or http://router).
- Click Login in the top-right corner.
- Enter the router's password (default, leave blank) and click Submit.
- Click Wi-Fi Protected Setup under the Wireless menu on the left side of the screen.
- Change the Wi-fI Protected Setup drop-down list option to Disabled.
- Click Apply Changes.
Buffalo
Buffalo routers are not affected by the WPS problem.
Cisco Systems
Jaz Dhami and Aditi Singh Sharma add enough zing to the song. Your feet won’t stop dancing to this one, for sure! Honey singh new songs 2014 mp3 download.
- Open a browser and enter the IP address for your router. Cisco devices feature different options so visit this page to get both the IP address and default usernames and passwords for your specific hardware.
- Click Wireless > Wi-Fi Protected Setup from the menu.
- Click Off to disable WPS.
- Click Save to apply your settings.
D-Link
- Open a browser and type 192.168.1.1 into the address bar.
- Login to the setup (default username: admin leave the password empty).
- Click the Setup tab.
- Remove the check next to Enable in Wi-Fi Protected Setup.
- Click Save settings.
Netgear
- Open a browser and type www.routerlogin.net
- Enter the username and password (default username: admin and password: password).
- Click Advanced Setup and select Wireless Settings.
- Under WPS Settings place a check in the Disable Router's Pin box.
- Click Apply.
Trendnet
- Open a browser and type 192.168.10.1
- Login to the router settings page (default username: admin and password: admin).
- Click WPS under the Wireless menu.
- Change the WPS drop-down list option to Disable.
- Click Apply.
ZyXEL
Www.vodafone.station
- Open a browser and type 192.168.0.1
- Login to the router settings (default username: admin and password: 1234).
- Click Wireless Setup.
- Click WPS.
- Click the blue button to disable WPS.
Http Vodafone Station 2
Linksys
Vodafone Station
In theory, Linksys routers are no longer affected by this problem. You cannot turn off WPS but Linksys routers prevent brute-force attacks on the PIN so they resist the sort of attempts made by common hacking tools.