Wireless Hacking Tools

Dear Readers,

Welcome to another edition of Hakin9! In those last days of November we would like to send best wishes to everyone who celebrates Thanksgiving! We also hope that the craziness of Black Friday didn’t leave you  scared or traumatized!

Wireless hacking will forever remain one of the most popular topics, this time, however, we decided to take a bit different approach and focus just on the tools. Inside this issue you will find tutorials and guides, all about tools used to crack WPA/WPA2 and their passwords. You will see articles such as how to attack wifi with Bettercap & Pwnagotchi, the (almost) immortal AirCrack-NG, cracking wireless network with Fern, Reaver in practice, Fluxion step by step, stealing wifi passwords with an Evil Twin Attack, and much more. 

This edition is one big compendium about wireless tools and techniques, from which you will learn various tips and tricks to improve your hacking skills! 

Feel free to leave us a comment or send us a message!  As always, special thanks to all the contributors, reviewers, and proofreaders involved in the process of creating of this issue.

Enjoy the reading,

Hakin9 Editorial Team

---

TABLE OF CONTENTS

---

Attacking WPA-2 PSK Wireless Networks using Aircrack-ng

Matthew Miller

Wireless networks are a quick and easy method for connecting devices in workplaces or at home. Users can plug-in a wireless router to their ISP’s modem (or use the provided wireless modem) and connect all their devices to the Internet. This article will show how to attack WPA-2 PSK (Pre Shared Key) networks that are used by most consumers. 

---

Test for penetration in Wi-Fi network: attacks on WPA2-PSK and WPA2

Tamara Radivilova , Hassan Ali Hassan

In this work the wireless networks security algorithms were analyzed. The fundamentals of the WPA and WPA2 safety algorithms, their weaknesses and ways of attacking WPA and WPA2 Enterprise Wireless Networks are described. A successful attack on the WPA2-PSK and WPA2-Enterprise was carried out during the performance of work. The progress of this attack and its results were described.

---

WiFi Attacks with Bettercap & Pwnagotchi

Daniel D. Dieterle

In this article, we will look at Bettercap, one of the best network recon & attack tools available.  The tool author has spent a lot of time creating an extensive installation and usage Wiki, which I highly recommend. So, this will not be a thorough step-by-step tutorial. Rather, it will be a quick usage guide for WiFi key and handshake attacks with the tool.  We will also briefly cover Evilsocket’s latest WiFi attack tool based on Bettercap - the ridiculously cute and intelligent Raspberry Pi Zero W based “Pwnagotchi”.

---

Cracking Wireless with Fern Wifi Cracker

Jeff Minakata

In this article, we will be looking at the Python program Fern Wifi Cracker for cracking wireless passwords. Fern is a powerful and easy to use program that comes preloaded in Kali Linux. As with any pentest, be sure to only test on your own network.

---

Hacking WPA2 Wi-Fi password using Evil Twin Attack | DNSMASQ and Hostapd

Debojyoti Chakraborty

Wireless protocols have drastically evolved since 2003 after the invention of WPA in terms of secured Wi-Fi access. These days, wireless networks have become a part of our daily life. Almost every home, business, corporate sectors, stores, industries, and institutions have their personal Wireless AP (Access Point).  Moreover, to make the internet free to every individual, some organizations have established public open Wi-Fi APs in almost every public place, like airports, railway stations, libraries, bus terminals, etc. But when the question comes about security, even after implementing the best security practices available, a wireless network will always be less secure than a wired network, just like David Bernstein once said, “FOR EVERY LOCK, THERE IS SOMEONE OUT THERE TRYING TO PICK IT OR BREAK IT”.

---

NetAttack2 and Cracking Wireless Network

Ome Mishra

In this article I am going to introduce you to a tool that is OLD but GOLD. First of all, this is for educational purposes only, I am not responsible for any bad cause. NETATTACK 2 is a Python script that scans and attacks local network devices as well as wireless networks. There are different modules for different attacks.

---

Cracking WPA using Reaver

sparksp33dy

Cracking Wi-Fi has always been a keen interest for novices, being one of the first few things to try when getting into the world of hacking and penetration testing. A key reason for this can be associated with a relatively generative vulnerability landscape. The improved WPA/WPA2 protocol is much better than WEP in terms of security, but has still proven to be hackable.

---

Crack any WPA/WPA2 WiFi password using Fluxion – no password list required

Richard Azu

Truth be told, there is no wireless network that is 100% secured. The only way to secure a wireless network is just to disable it – not hiding the SSID. This article will introduce Fluxion and demonstrate how it is used in conjunction with Aircrack-ng to hack any WPA/WPA2 wireless password – no matter how complex it is.

---

Pentest: Wireless Network Attacks and tips on how to make attacks more efficient

Joas Antonio, Felipe Gomes, Thiago Vieira

Performing a infrastructure Pentest service is laborious, but have you ever wondered how a Pentest works on wireless networks? Many companies hire professionals to audit their wireless network infrastructure. This is achieved by increasing the number of devices connected to the IoT (Internet of Things), where many companies have IoT devices connected without any protection, thus being exposed to attacks and vulnerabilities that can compromise the integrity and device availability. Therefore, having knowledge Pentest in wireless networks is essential to ensure that the wireless infrastructure is not compromised and criminals take control of devices that use this technology, thus eliminating dangers of these devices become Botnets or having a data leak.

---

THC Hydra, The Next Generation

Andrea Cavallini

A password is a mystery word used for the user verification procedure in different applications and it is used in order to access records and assets. A secret key shields our data from all unapproved access. From the beginning of cybersecurity, but in general from the time that people needed to protect their information, passwords are used in order to increase the security of the communications. However, if a password exists there is also a method to try to break it. Over the years, the attacks have improved in effectiveness and performance, passing from the test of combinations of characters to prepared words with a considerable gain in time in the cracking process. The methodologies that we are going to explain are called brute force attack and dictionary attack.