Welcome back,
Do you need to get a Wi-Fi password but don’t have the time to crack it?Cracking wifi is very time taking process. You have to wait hours to get the password only if u r lucky.Many times it just fails. To help out in these situations, I present to you an almost surefire way to get a Wi-Fi password without cracking—Wifiphisher.

Steps in the wifiphisher strategy

The idea here is to create an evil twin AP(Access Point), then de-authenticate or DoS the user from their real AP. When they re-authenticate to your fake AP with the same SSID, they will see a real looking web page that requests their password. When they provide their password, you capture it and then allow them to use the evil twin as their AP, so they don’t suspect a thing. Brilliant!

Wifiphisher does all the activity for u:

  1. De-authenticate the user from their real AP.
  2. Allow the user to authenticate to your evil twin.
  3. Offer a webpage to the user on a proxy that notifies them that a “firmware upgrade” has taken place and that they need to authenticate again.
  4. The Wi-Fi password is passed to the hacker and the user continues to the web oblivious to what just happened.

To do this hack, you need kali Linux and 2 wireless adapter. One of which must be capable of injecting packets. For this tutorial, I have used TP-Link TL-WN727N .You may use other, but make sure that is supported by Aircrack-ng(Packet Injection capable).

Now let’s take a look at wifiphisher.

STEP1 —>>>Download Wifiphisher

To begin, start Kali and open a terminal.Download wifiphisher from Github and unpack the code.

Kali > tar -xvzf wifiphisher-1.1.tar.gz

Now, we have unpacked the source code.

Alternatively, you can clone the source code by typing:

kali > git clone https://github.com/sophron/wifiphisher.git

STEP2 —>>>Navigate to the directory

Next, navigate to the directory that wifiphisher created when we unpacked the file.In my case, it is /wifiphisher1.1

Kali >cd /wifiphisher-1.1

While listing the contents of that directory, you will see that the wifiphisher.py script is there.

Kali >ls -l

STEP3 —>>>Run the script

You can run the script by typing

Kali >python wifiphisher.py

If it  tells you that “hostapd” is not found and will prompt you to install it. Install by typing “y” for yes. It will then proceed to install hostapd. When it is completed again start the python script.

Kali >python wifiphisher.py

This time, it will start the web server on port 8080 and 443, then go about and discover the available Wi-Fi networks.

When it has completed, it will list all the Wi-Fi networks it has discovered. Notice at the bottom of my example that it has discovered the network “CybrNow”. That is the network we will be attacking.

When you hit Enter, Wifiphisher will display a screen like the one below that indicates the interface being used and the SSID of the AP being attacked and cloned.

The target user has been de-authenticated from their AP. When they re-authenticate, they will directed to the the cloned evil twin access point.

When they do, the proxy on the web server will catch their request and serve up an authentic-looking message that a firmware upgrade has taken place on their router and they must re-authenticate.

When the user enters their password, it will be passed to you through the Wifiphisher open terminal, as seen below. The user will be passed through to the web through your system and out to the Internet, never suspecting anything awry has happened.

No Wi-Fi password is safe! Keep coming back as explore more of the world’s most valuable skill set—hacking.

Share this post with your friends also if they don’t know this method.

 

Inspired from nullbyte post.
Advertisements