Breaking Into Wireless Networks From The Internet

Wireless networks that are run in the home, office, cafes, and pretty much anywhere are also avenues for hacking. Back in the day, WiFi networks were kept open. That means if you had any device that could connect to the internet via a wireless connection, then all you needed to do was to search the area for some free open networks. Back then, when you bought a wireless router, the default configuration was open, which meant anyone could get on and piggyback on your internet.

Of course that caused a lot of problems. The more devices that are connected to your wireless connection the slower the service goes. Back in the day the only thing keeping hackers off your connection was the range of the signal coming from your WiFi router. The common tools of the trade back then included directional antennas and signal amplifiers. Some of the more expensive tools can fish out your WiFi signal from miles away.

Earlier, the only security available to WiFi router owners was WEP (Wireless Encryption Protocol). It worked for a time but it was poorly designed. Anyone can monitor your router’s communication and eventually crack the WEP code. Nowadays, users don’t set limits to their WiFi signals, which is a good thing since you won’t need to buy those crazy antennas. Most routers have a range of 1,500 feet nowadays (about 500 meters). The only different thing they’re doing today is that the newer routers use WPA (WiFi Protected Access) and WPA2 (WiFi Protected Access 2) as their type of security protocols.

Theoretically, these new security protocols are much better than WEP – and they are. The old monitoring and WiFi cracking software tools will now take several days or even months to crack those codes. However, with the improvement in today’s wireless security protocols, come improvements in the way wireless networks are hacked.

Nowadays, if you want to hack into your neighbour’s wireless connection, you should monitor the wireless activity and catch the data (i.e. packet capture) as their computer or any other authorized device is logging into the router or access point. Now, that may seem like a hard thing to come by given the fact that most people just keep their computers connected to their routers almost 24/7.

The good news is that there is a workaround this tough hurdle. All you need is to send out a deauth packet/frame.

What is that? Those are packets that you send to the access point (e.g. the wireless router) that de-authorizes other devices that are already connected to the network. Simply put, send those packets and all connected devices will be forced to login again. Since those devices will have to login again you have a chance to capture the login information.

Below is the list of few commands through which you can easily send deauth packets to any wireless network from your Kali Linux OS:

iwconfig
airmon-ng start wlan0
airodump-ng wlan0mon
airodump-ng -d <target’s BSSID> -c <target’s channel number> wlan0mon
aireplay-ng -0 0 -a <target BSSID> -c <MAC Address of client> wlan0mon

Wireless Hacking Tools

The tools for hacking into wireless connections are available today. You will have to pay for the really good ones but there are open source (i.e. free) ones out there that will also do a decent job.

You will have to look up and download what is known as penetration testing software (e.g. Aircrack-ng among many others). Some of these programs will cost you hundreds if not thousands of dollars. If that isn’t a price you’re comfortable with then you can just go with open source variants. They work too but they have their limits.

Wireless penetration testing programs can send deauth frames. After that they will capture pcap files for you (pcap = packet capture). Capturing the pcaps will take an hour or so. The next question is what do you do with the pcap files?

Some penetration testing software can examine the data for you. However, if the functionality of your hacking tool is limited (since it’s free) then you will have to get another tool to crack the pcap files – they’re called password crackers.

Again, some password crackers are free and others are paid. Some of them you have to install onto your computer while others are online applications. The basic operation of these password crackers is that they check the pcap files against a database consisting of millions of possible passwords. Sometimes it only takes seconds before these software programs can crack the passwords.

One secret is that many routers nowadays still have WiFi Protected Setup enabled. Cracking software will usually break down the PIN into a couple of equal halves. The pin actually has 8 characters. Note that the last character of that pin is nothing more than a checksum. This means that the only digits/characters that need to be cracked are the first seven. You may have encountered routers that do not broadcast its SSID (Service Set Identifier), the name assigned by the user to the wireless network.

You can figure it out using a war driving stumbler program. Some routers also have MAC filtering, which only allows listed devices to access the wireless network. That may also sound secure, however, MAC addresses on this list can also be captured in the same way that pcap files are captured. You can then copy or use the captured MAC addresses as your own, which is called spoofing. Yes, there are software tools that can spoof MAC addresses for you or you can do that by yourself by editing the registry.

Some Popular Wireless Hacking Tools