Hack Wep Wifi Mac

Posted on  by



WEP+MAC Filter failures. Proffitt Forum moderator Apr 11, 2007 10:26PM PDT I just ran into a Wifi network failure and tracked it down to someone hijacking a wifi network connection. Randar the Lava Liza writes 'Finally there is a tool to put default Apple AirPort hardware into monitoring mode for wireless security analysis. KisMAC is a variant of Kismet that runs natively on Mac OS X.

Chances are you have a Wi-Fi network at home, or live close to one (or more) that tantalizingly pop up in a list whenever you boot up the laptop. The problem is, if there's a lock next to the name, that indicates security for the Wi-Fi network is turned on. Without the password or passphrase, you're not going to get access to that network, or that sweet, sweet Internet that goes with it.

Perhaps you forgot the password on your own network, or don't have neighbors willing to share the Wi-Fi goodness. You could just go to a café and buy a latte and use the 'free' Wi-Fi there. Download an app for your phone like WiFi-Map, and you'll have a list of over 2 million hotspots with free Wi-Fi for the taking (including some passwords for locked Wi-Fi connections, if they're shared by any of the app's 7 million users).

But there are other ways to get back on the wireless, though some of them require such extreme patience and waiting, that café idea is going to look pretty good.

Reset the Router

Before you do this, just try to log into the router first. From there, you can easily reset your wireless password if you've forgotten it.

The problem is when you don't know the password for the router, either. (They're not the same thing, unless you set it up that way). Resetting the router is about as brute force a method as you get, and it only works if you have physical access to the router.

Almost every router in existence has a recessed reset button it. Push it with a pen or unfolded paperclip, hold it for about 10 seconds, and the router will change to the factory settings.

If you've got a router that came from your Internet service provider, check the stickers before a reset—they might have printed the router and Wi-Fi passwords (sometimes called the key) right on the hardware.

Once it's reset, you need another password (plus a username) to access the router itself. Generally you can do this in a Web browser of any PC attached to the router via Ethernet—you'll need that since the reset probably killed any potential Wi-Fi connection you had going in.

The URL to type is either 192.168.1.1 or 192.168.0.1, or some variation. Once you're asked for a username/password, what do you do? Check your manual. Which you probably lost or threw away. So instead, go to RouterPasswords.com. The site exists for one reason: to tell people the default username/password on just about every router ever created.

You'll need the router's model number, but that's easy enough to find on the back or bottom. You'll quickly see a pattern among router makers of having the username of admin and a password of password. Since most people are lazy and don't change an assigned password, you could try it before hitting the reset button. (But c'mon, you're better than that—change the password once you're in the router's menus in your Web browser.)

Once you've accessed the router interface, go to the Wi-Fi settings, turn on the wireless networks, and assign them strong but easy-to-recall passwords. After all, you don't want to share with neighbors without your permission.

Crack the Code

Hack Wep Wifi Mac App

You didn't come here because the headline said 'reset the router,' though. You want to know how to crack the password on a Wi-Fi network.

Searching on 'wi-fi password hack,' or other variations, nets you a lot of links—mostly for software on sites where the adware and bots and scams are pouring like snake oil. Download them at your own risk, for Windows PCs especially. Better to have a PC that you can afford to get effed up a bit if you go that route. I had multiple attempts with tools I found just get outright deleted by my antivirus before I could even try to run the EXE installation file.

Or, create a system just for this kind of thing, maybe dual-boot into a separate operating system that can do what's called 'penetration testing'—a form of offensive approach security, where you examine a network for any and all possible paths of breach. Kali Linux is a Linux distribution built for just that purpose. You can run Kali Linux off a CD or USB key without even installing it to the hard drive. Another option is BackTrack Linux—they're actually both from the same developers, but Kali is the 'polished' version. Both are free and come with all the tools you'd need to crack a network.

If you don't want to install a whole OS, then you could try the two tried-and-true tools of Wi-Fi hackers.

Aircrack has been around for years, going back to when Wi-Fi security was only based on WEP (Wired Equivalent Privacy). WEP was weak even back in the day, and was supplanted in 2004 by WPA (Wi-Fi Protected Access). The latest Aircrack-ng 1.2—labeled as a 'set of tools for auditing wireless networks,' so it should be part of any network admin's toolkit—will take on cracking WEP and WPA-PSK keys.

Aircrack-ng comes with full documentation, but it's not going to be that simple. To crack a network you also need to have the right kind of Wi-Fi adapter in your computer, one that supports packet injection. You need to be comfortable with the command line (running things using CMD) and have a lot of patience. Your Wi-Fi adapter and Aircrack have to gather a lot of data to get anywhere close to decrypting the passkey on the network you're targeting. It could take a while.

If you prefer a graphical user interface (GUI), there is KisMAC-ng, or there was. The website was not working as of the writing of this article. While KisMAC can crack some keys with the right adapter installed, it's mainly known as a 'sniffer' for seeking out Wi-Fi networks. It's the kind of thing we don't need much of these days, since our phones and tablets do a pretty good job of showing us every since Wi-Fi signal in the air around us. Also on the Mac: Wi-Fi Crack. To use them or Aircrack-ng on the Mac, you need to install them using MacPorts, a tool for installing command-line products on the Mac.

Cracking stronger WPA/WPA2 passwords and passphrases is the real trick these days. Reaver is the one tool that looks to be up to the task (and it's part of the BackTrack Linux distro). You'll need that command-line comfort again to work with it, or you'll have to spend $65 for Reaver Pro, a hardware device that works with Windows and Mac. After two to 10 hours of trying brute force attacks, Reaver should be able to reveal a password... but it's only going to work if the router you're going after has both a strong signal and WPS (Wi-Fi Protected Setup) turned on. WPS is the feature where you can push a button on router, another button on a Wi-Fi device, and they find each other and link auto-magically, with a fully encrypted connection. It's also the 'hole' through which Reaver crawls. It can generally break the code in about 24 hours.

Even if you turn off WPS, sometimes it's not completely off, but that's your only recourse if you're worried about hacks on your own router. Or, get a router that doesn't support WPS.

Yesterday, my friend Victor wanted to crack a wifi network (his, of course) using his MacBook Pro.

I told him to use the excellent VirtualBox images of Kali Linux from Offensive Security and aircrack-ng.

I had just forgotten that:

  • Using advanced wireless features is impossible from a virtual machine
  • Even if he used Kali Linux with a dual boot, installing the wireless drivers to make it work with the airport card is tiresome.
  • Most (not airmon-ng) aircrack-ng tools can be installed on macOS with MacPorts, but airodump-ng and aireplay-ng crash.

So PLEASE, if you want to do other advanced networking things than network sniffing or what is described in this article, do yourself a favour and buy an USB adapter to use with the virtual machine.

There is a list on the website of aircrack-ng, and I think the Alfa AWUS051NH v2 is great.Some people say it is expensive, but last time I checked on Google Shopping, it cost less than half an Apple mouse.

There are 3 steps:

  • Identify the target acces point: name (= BSSID), MAC address (= SSID) and channel (~ radio frequency)
  • Sniff the channel in monitor mode to retrieve:
    • a beacon (easy)
    • a handshake (= four-way handshake), or some frames of it (hard)
  • Crack the password using the dump

What makes the retrieval of the handshake hard is that it appears only when somebody connects to the access point.

The good news is that you can deauthentificate people from the wifi network - it’s called wifi jamming and it’s useful to impress a girl and piss off people at Starbucks.When they reconnect, they re-send the handshake. That adds a Deauth step.

“Install”

Scan

It saves the .cap capture file and displays the path.

If you don’t have the beacon or the handshake, it will fail accordingly.

For wordlists, see below.

As I said, aireplay-ng doesn’t work on a MacBook Pro.The catch is that aireplay-ng can do a lot of other things besides deauth attacks.

You might read that airport cards do not support packet injection, but packet injections are for WEP attacks and nobody uses WEP anymore. We only want to send some deauthentification frames.

Use JamWiFi. A ready-to-use application is provided there.

Wifi

In fact, you can indentify the target with it too, and it has a really nice GUI.

Once you have selected the access point, you can deauth one or multiple users. Stop after about 50 “Deauths”, or else the persons might have trouble to reconnect during several minutes.

It might not work it you are too far from the target as your airport card is far less powerful than the router.

Using airport presents some issues. You cannot know if you got the beacon and the handshake until you stop the capture and try with aircrack-ng.

You capture a lot of unuseful packets too.

Using tcpdump is more efficient.

When you launch those lines, the first tcpdump easily captures a beacon and the second waits for the handshake.

Use JamWiFi to deauth some users, and when tcpdump shows you it got 4 frames or more, Ctrl-C. It appears you can use less that 4 frames, but it depends on the frames you got (for instance 1,2 or 2,3 are sufficient). Anyway you should normally get at least 4. If nothing shows, try to deauth another user.

Now you have everything in capture.cap. You can also run aircrack-ng on it.

Like aireplay-ng, aircrack-ng offers so many features that it cannot be the best in everything.

We can really speed up the process by using hashcat.

Install with brew

Convert with cap2hccapx

hashcat doesn’t take cap files, only hccapx files.

Just install hashcat-utils and use cap2hccapx

Alternatively, use this online tool.

Crack

This page provides some examples.

To use with a dictionnary:

You have a lot of other options, like brute force:

Refer to the documentation fot more patterns.

Speed

hashcat works on the GPU.

On my MacBook Pro, it yields a performance of 5kH/s: it tests 5000 passwords in a second.

On a Tesla K20m, the speed is 75kH/s. I managed to crack the 5 last lowercase letters of a wifi password in about 1 minute (26**5 // 75000 = 158 seconds to test them all).

Wifi Security Wep Or Wpa

We can see here that a GTX 1080 breaks 400kH/s.

I recommend:

For more efficiency, target the networks with silly names (good examples are “mozart”, “I love cats”, “Harry and Sally”), and avoid the ones called “National Security Agency”, “sysadmin” and “sup3r h4x0r”.

Hack Wep Wifi Mac Apk

To find a password, you have to be lucky and have a good idea of its shape.

A lot of default wifi passwords are composed of 8 or 10 hexadecimal digits.

In average (worst case divided by 2) and according to the above benchmark, with a GTX 1080:

What Is Wpa Wep

  • 8 hexadecimal characters take 90 minutes.
  • 10 hexadecimal characters take 16 days.
  • 12 hexadecimal characters take 11 years.

Hack Wep Wifi Mac Pro

If you only want free wifi, just do MAC spoofing on a hotspot that uses web login.