Haven’t you ever wanted to hack wifi password?
Stream 4K videos without data consumption?
It’s possible! Anyone can crack the standard encryption of wireless networks.
I’ll show you two ways to get free internet.
- 1 Basics: How does wifi work?
- 2 Practice Tutorial
- 3 Wlan Security – Protection from Criminals – Encrypt!
Basics: How does wifi work?
Wlan (Wireless Local Area Network) means wireless local network.
You are usually connected to the internet with a copper cable with a power pulse. Your router uses a wifi antenna to convert the electrical signals into electromagnetic waves. These waves propagate across the room at the speed of light, so a wifi antenna on your smartphone and laptop can pick up the signals.
Wlan and Wi-Fi are not the same thing! Every ignorant person uses these terms synonymously, although there is no connection:
- Wi-Fi is the name of the certification by the Wi-Fi Alliance for the IEEE standards
- Wlan is the radio network with electromagnetic radiation
Rather say “I need wifi! I want to stream!” – not “I need wlan?!”?Steffen Lippke
Who determines the wifi? The standards
Over the course of time, the standardization institution IEEE has reissued the wifi standards. With each update, higher speeds are available:
|1997||802.11-1997||1 or 2 Mbit/s gross|
|2003||802.11g||22 Mbit/s net|
|2009||802.11n||150 Mbit ideal case|
|2020||802.11ax / Wifi 6||9608 Mbits/s|
|2022||802.11be / Wifi 7||40000 Mbits/s|
The standards do not primarily describe the encryption, but the frequencies, capacities and bandwidth of the wifi transmission.
- IEEE 802.11bgn or Wlan bgn offers you a 2.4 gigahertz band (2.4 billion oscillations per second) on up to 14 channels. Each channel has a bandwidth of 22 to 50 MHz (50 million oscillations).
You can use it to transmit up to 4 times 4K stream at 600 net Mbps.
- IEEE 802.11ac or Wlan AC transmits on the 5.2 gigahertz band with from 36 to 40 channels. Each channel transmits with a bandwidth of 20 – 160 megahertz.
- IEEE 802.11ax or Wlan 6 (E) transmits on a 5.2 gigahertz band. A new electromagnetic signal modelling based on the OFDMA method can transmit 10 bits instead of 8. This gives you 25 % more bits per second. The router can transmit on 256 different channels.
Most routers you find today use 802.11 g or n and are WPA2 encrypted. If you have booked a 1 gigabit line, only a fraction of the data will arrive via your WLAN. Even if your router has WLAN AC or AX, the end device must also support the frequencies. Most users in the village and in the city have routers that can theoretically process 100 times that amount, while the connections in the internet development country of Germany only deliver a fraction.
We want to attack the encryption of the wifi! The operator of a Wlan signal can only protect the signal from eavesdropping to a limited extent by walls and fences.
The encryption of the radio signals used to be done with Wired Equivalent Privacy (WEP). Rons Code 4 (RC4) was supposed to guarantee a secure network by means of stream encryption. Today, this method is considered obsolete. If used incorrectly (without warm-up time), RC4 is easy to crack.
Criminals leverage the WEP standard with a known-plaintext attack.
The WEPplus standard makes it very difficult for criminals to find the key pairs – but cannot prevent a hack.
In 2023, WAP3 is considered the most secure standard for wireless signals. The router manufacturers implement the encryption standard with the Advanced Encryption Standard (AES). The standard is still susceptible to side channel attacks, but these are somewhat unrealistic.
If you want to break into wlans, you must only crack your own or by someone who has given you written permission. This work is usually done by pentesters.
Hardware and software requirements
Hardware: Not every WLAN antenna of every laptop can crack a WLAN. Use the following:
- Alfa Network AWUS036ACH 2.4 GHz and 5 GHz with Realtek RTL8812AU chipset
- TP-Link N150 TL-WN722N (V. 1.x) 2.4 GH with the chipset Atheros AR9271
- Alfa Network AWUS036NHA 2.4 GHz with chipset Atheros AR9271
Operating system: Hackers like to use the Linux distribution Kali Linux. Kali Linux is an operating system like Windows, which is optimized for hackers. All tools for hacking are already pre-installed and configured. You can use a virtual machine to run Kali Linux on your computer without having to do without Windows or Mac. Use here for the Kali Linux tutorial!
Software: In this tutorial I show you two ways how you can easily penetrate a foreign wifi. For this I use Airgeddon on Linux and Aircrack Ng with Windows.
1. Way: Cracking a wlan with Airgeddon (Linux)
You can find the software on Github https://github.com/v1s1t0r1sh3r3/airgeddon
You may only run the following tutorial on your own router or with permission on third party networks (more on Ethical Hacking). Once you have successfully installed Kali Linux, wget and 7z / zip, follow the steps below:
- Download the installation files
- Extract the files from the ZIP file with
- Go to the folder
- Call the programme with your root rights
sudo bash airgeddon.sh
The Airgeddon software is installed and ready to crack wlans.
- First select option 5 and then option 4 to get a list of all wlans
- Search the Data column for numbers above 0 (takes 20 – 30s)
- End the search process by pressing Ctrl C to return to the main menu
- Select option 5 Capture Handshake to fish the encrypted WPA password file out of the air.
- Select option 1 to perform a mini DOS attack on the router. This will force a connected device off the wifi (perform this step only on your own networks)
- Wait for the WPA handshake (depending on the router, this may take a little longer)
- Save the handshake locally on your computer.
- If you want, you don’t have to be near the wifi network any more and should sit down at a powerful computer (with a strong GPU).
- Go back to the main menu with Ctrl C
- Select option 6 for offline cracking
- Go to your browser and download a large password list (130 MB)
- Select option 1 for cracking the WPA handshake
- Specify the parameters that the programme asks for.
- Start the cracking process.
After a few seconds, the password should be cracked if it is a weak password. If the password is more complex, cracking may take hours. This method does not guarantee 100 per cent success in cracking. The hacker assumes that most wifi owners use simple passwords because the use of simple passwords is more comfortable in everyday life.Steffen Lippke
2. Way: This is how it works with Aircrack-ng (Windows)
To find out the wifi password, you need a computer or laptop with a compatible wifi module or an external antenna.
Possible wifi modules are made by Netgear, Ubiquiti, Linksys and D-Link.
To check your module for compatibility, you have to find out the chipset of your module from the component descriptions.Steffen Lippke
- Open the
System Information > Components > Network > Adapter
- Search for the chipset or the name of your wlan card
- Volunteers provide the names of the WLAN module components in special wikis for the individual laptop manufacturers
- Google “chipset <PRODUKTNAME>” to determine the chipset
- Run the injection test with the Aircrack-ng GUI
You will find a database of compatible cards under the Madwifi project.
The result of my search is the Intel Dual Band Wireless-AC 8260, 2×2 802.11a/b/g/n/ac and an Intel Tri-Band Wireless-AC 18260, 2×2, 802.11a/b/g/n/ac and WiGig (802.11ad) (optional, WiGig and LTE are mutually exclusive) – unfortunately not compatible.
External wifi antennas
Alternatively, use an external antenna with the following chipsets:
- Atheros AR9271 chipset
- Ralink RT3070
- Realtek RTL8187L
- Devices: TP-LINK TP-WN722N / TP-WN722NC
Remember: Aircrack-ng usually runs on Linux. With Windows, the hackers can only listen to packets, but not inject packets into the wifi. –> Install Kali Linux! Linux is more freely configurable and modifiable.Steffen Lippke
Aircrack-ng does not crack the encryption, but tries to fish the pre-shared wlan pair keys. The technology is called Pre shared Key (PSK). The wifi tool works with statistical methods to get the result faster.
With Aircrack-ng you can go two ways:
- Active: De-authenticate the messages of an existing transmitting wifi compatible device
- Passive: Wait for a wifi device to authenticate to the wifi router (advantage no injections needed and the task is possible with Windows)
This guide is based on the Aircrack-ng guide.
- Download the latest version of Aircrack-ng. The main website does not work, so download it from Filehippo.
- Unzip the file
- Go into the folder aircrack-ng-1.X.X-win > aircrack-ng-1.X.X-win > bin >
- Start the GUI with the .exe Aircrack-ng GUI.exe
You need the following steps for the passive strategy:
- Open PowerShell with admin rights
- Go with cd into
aircrack-ng-1.X.X-win > aircrack-ng-1.X.X-win > bin
- Start airmon-ng with
to collect the PSK.
Wlan Security – Protection from Criminals – Encrypt!
Vulnerabilities in Wlan Standards
With the Dragonblood vulnerabilities, two IT security experts point out problems with the WPA3 standard. This vulnerability is a side-channel attack and in most cases difficult to implement. WPA-3 is still the recommended standard in 2020, according to CompTIA experts.
5 Measures for secure wifi
- Use the WPA3 standard with AES encryption. If you have an IT affinity, WPA-3 for Enterprise is worthwhile. Use encrypted communication with HTTPs or a VPN to be on the safe side.
- Use a 63-digit password with a high entropy, so that the probability of cracking the password is close to zero (private use). Make up a password phrase: “I’m totally addicted to cat chips!” – written out in full. You can then share the password via QR code.
- Use a MAC filter and only allow the devices that you use in the household. The router blocks all other devices immediately when the MAC filter is activated. MAC spoofing is possible at any time.
- Update your router regularly and apply the security patches promptly. Use autoupdates!
- Use LAN instead of Wlan. LAN is much faster, you get a stable connection with very low latency / jitter (good for gaming and conferences) and no one can “simply” eavesdrop on you.
Quellenangabe Bilder: Icons und SVG-Grafiken im Titelbild von Microsoft PowerPoint 2019, frei verfügbar nach EULA
*) Mit dem Abonnement des Newsletters erklären Sie sich mit der Analyse des Newsletters durch individuelle Messung, Speicherung und Analyse von Öffnungsraten und der Klickraten in Profilen zu Zwecken der Gestaltung künftig besserer Newsletter einverstanden. Sie können die Einwilligung in den Empfang des Newsletters und die Messung mit Wirkung für die Zukunft widerrufen. Mehr in der Datenschutzerklärung.