How To Crack Wifi Using Commview And Aircrack
Josephine Heathershaw
How to Crack WiFi Using CommView and Aircrack
WiFi is a convenient way to connect to the internet, but it also has some security risks. If your WiFi network is not properly secured, hackers can easily break into it and access your data. In this article, we will show you how to crack WiFi passwords using two tools: CommView and Aircrack.
CommView is a network analyzer that can capture and analyze network packets. It can also save the packets in a file format that can be used by Aircrack. Aircrack is a software suite that can crack WiFi passwords using various methods, such as brute force, dictionary, and statistical attacks.
Before we start, we need to make sure that our network adapter supports packet injection. Packet injection is a technique that allows us to send fake packets to a WiFi network, such as deauthentication packets that force the clients to reconnect and reveal their passwords. To check if our adapter supports packet injection, we can use the following command in a terminal:
airmon-ng check kill This command will kill any processes that may interfere with packet injection, and then list the available network adapters. If our adapter has a "yes" in the "Injection" column, then it supports packet injection. If not, we need to find another adapter that does.
Once we have a suitable adapter, we need to put it in monitor mode. Monitor mode is a mode that allows us to capture all the packets in the air without connecting to any network. To do this, we can use the following command:
airmon-ng start wlan0 This command will start monitor mode on the wlan0 interface. The interface name may vary depending on your system. You can check the name of your interface using the "ifconfig" command. The output of the airmon-ng command will also show the new name of the monitor mode interface, which is usually wlan0mon or mon0.
Now that we have monitor mode enabled, we can use CommView to capture the packets from the WiFi network that we want to crack. To do this, we need to launch CommView and select our monitor mode interface from the list of available adapters. Then, we need to click on the "Settings" button and go to the "Capture" tab. Here, we need to select the "TCP dump format" option and specify a file name for saving the captured packets. We also need to check the "Capture packets in promiscuous mode" option, which will allow us to capture packets from other devices on the network.
After setting up CommView, we need to click on the "Start Capture" button and wait for some time until we capture enough packets. We can see the number of captured packets in the bottom right corner of CommView's window. We need at least one packet that contains the four-way handshake between the access point and a client. The four-way handshake is a process that establishes a secure connection between them and exchanges the encryption key. This key is what we need to crack in order to get the WiFi password.
To identify the packets that contain the four-way handshake, we can use CommView's filters. We need to click on the "Filters" button and go to the "Rules" tab. Here, we need to click on the "Add Rule" button and create a new rule with the following parameters:
- Name: Handshake
- Type: MAC
- Direction: Both
- Source: Any
- Destination: Any
- Data: EAPOL
- Action: Include
This rule will filter out all the packets that contain EAPOL data, which is part of the four-way handshake protocol. We can apply this rule by clicking on the "OK" button and then clicking on the "Apply Filters" button.
Now, we should see only the packets that contain EAPOL data in CommView's window. We can identify which ones are part of the four-way handshake by looking at their size and sequence number. The four-way handshake consists of four messages: message 1 (size 113 bytes), message 2 (size 155 bytes), message 3 (size 169 bytes), and message 4 (size 113 bytes). The sequence number of each message is also shown in the "Seq" column of CommView's window. We need to capture all four messages from the same access point and client in order to crack the key.
To speed up the process, we can use Aircrack to send deauthentication packets to the network, which will force the clients to reconnect and perform the four-way handshake again. To do this, we need to open another terminal and use the following command:
aireplay-ng -0 10 -a [BSSID] -c [STATION] wlan0mon This command will send 10 deauthentication packets to the access point with the BSSID (MAC address) specified by the -a option, and to the client with the STATION (MAC address) specified by the -c option. We can find these addresses by looking at CommView's window. The BSSID is shown in the "BSS" column, and the STATION is shown in the "STA" column. The wlan0mon is the name of our monitor mode interface.
After sending the deauthentication packets, we should see the four-way handshake packets appear in CommView's window. We need to stop CommView's capture by clicking on the "Stop Capture" button and save the captured packets in a file. We can also close CommView and disable monitor mode using the following command:
airmon-ng stop wlan0mon Now, we have everything we need to crack the WiFi password using Aircrack. To do this, we need to use the following command:
aircrack-ng -w [WORDLIST] [CAPTURE FILE] This command will use Aircrack to crack the key using a wordlist specified by the -w option, and a capture file specified by the last argument. The wordlist is a file that contains a list of possible passwords that Aircrack will try one by one until it finds a match. There are many wordlists available online, such as [RockYou], which contains over 14 million passwords. The capture file is the file that we saved using CommView.
Aircrack will start cracking the key and show us its progress and speed. Depending on the strength of the password and the size of the wordlist, this process can take from a few minutes to several hours or even days. If Aircrack finds a match, it will show us the key and the password in hexadecimal and ASCII formats. If not, it will tell us that it exhausted the wordlist and that we need to try another one or use another method.
Conclusion
In this article, we learned how to crack WiFi passwords using CommView and Aircrack. We saw how to capture network packets using CommView, how to filter out the four-way handshake packets, how to speed up the process using Aircrack's deauthentication attack, and how to crack the key using Aircrack's dictionary attack.
However, this method is not foolproof and has some limitations. For example, it only works for WPA/WPA2 networks that use pre-shared keys (PSK), not for networks that use enterprise authentication methods (EAP). It also depends on the availability and quality of the wordlist that we use. If the password is not in the wordlist, or if it is too long or complex, we will not be able to crack it using this method.
Therefore, we should always use strong passwords for our WiFi networks, and avoid using common or predictable ones. We should also use WPA2 or WPA3 encryption protocols, which are more secure than WEP or WPA. We should also update our firmware regularly and disable WPS (WiFi Protected Setup), which is a feature that allows us to connect devices to our network without entering a password, but also has some security flaws that can be exploited by hackers.
By learning how to crack WiFi passwords, we can also learn how to protect our own networks from hackers. We can also perform security audits of our networks or our clients' networks, and identify any vulnerabilities or weaknesses that need to be fixed. However, we should always do this with permission and for ethical purposes only.
6500f7198a