Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher

Welcome back, my tenderfoot hackers!
Do you need to get a Wi-Fi password but don't have the time to crack it? In previous tutorials, I have shown how to crack WEP, WPA2, and WPS, but some people have complained that cracking WPA2 takes too long and that not all access points have WPS enabled (even though quite a few do). To help out in these situations, I present to you an almost surefire way to get a Wi-Fi password without cracking—Wifiphisher.

Steps in the Wifiphisher Strategy

The idea here is to create an evil twin AP, then de-authenticate or DoS the user from their real AP. When they re-authenticate to your fake AP with the same SSID, they will see a legitimate-looking webpage that requests their password because of a "firmware upgrade." When they provide their password, you capture it and then allow them to use the evil twin as their AP, so they don't suspect a thing. Brilliant!
To sum up, Wifiphisher takes the following steps:
  1. De-authenticate the user from their legitimate AP.
  2. Allow the user to authenticate to your evil twin.
  3. Offer a webpage to the user on a proxy that notifies them that a "firmware upgrade" has taken place, and that they need to authenticate again.
  4. The Wi-Fi password is passed to the hacker and the user continues to the web oblivious to what just happened.
Similar scripts have been around for awhile, such as Airsnarf, but this new Wifiphisher script is more sophisticated. In addition, you could always do this all manually, but now we have a script that automates the entire process.
To do this hack, you will need Kali Linux and two wireless adapters, one of which must be capable of packet injection. Here, I used the tried and true, Alfa AWUS036H. You may use others, but before you do, make certain that it is compatible with Aircrack-ng (packet injection capable). Please do NOT post questions on why it doesn't work until you check if your wireless adapter can do packet injection. Most cannot.
Now let's take a look at Wifiphisher.

Step 1Download Wifiphisher

To begin, fire up Kali and open a terminal. Then download Wifiphisher from GitHub and unpack the code.
kali > tar -xvzf /root/wifiphisher-1.1.tar.gz
As you can see below, I have unpacked the Wifiphisher source code.
Alternatively, you can clone the code from GitHub by typing:
kali > git clone https://github/sophron/wifiphisher

Step 2Navigate to the Directory

Next, navigate to the directory that Wifiphisher created when it was unpacked. In my case, it is /wifiphisher-1.1.
kali > cd wifiphisher-.1.1
When listing the contents of that directory, you will see that the wifiphisher.py script is there.
kali > ls -l

Step 3Run the Script

You can run the Wifiphisher script by typing:
kali > python wifiphisher.py
Note that I preceded the script with the name of the interpreter, python.
The first time you run the script, it will likely tell you that "hostapd" is not found and will prompt you to install it. Install by typing "y" for yes. It will then proceed to install hostapd.
When it has completed, once again, execute the Wifiphisher script.
kali > python wifiphisher.py
This time, it will start the web server on port 8080 and 443, then go about and discover the available Wi-Fi networks.
When it has completed, it will list all the Wi-Fi networks it has discovered. Notice at the bottom of my example that it has discovered the network "wonderhowto." That is the network we will be attacking.

Step 4Send Your Attack & Get the Password

Go ahead and hit Ctrl + C on your keyboard and you will be prompted for the number of the AP that you would like to attack. In my case, it is 12.
When you hit Enter, Wifiphisher will display a screen like the one below that indicates the interface being used and the SSID of the AP being attacked and cloned.
The target user has been de-authenticated from their AP. When they re-authenticate, they will directed to the the cloned evil twin access point.
When they do, the proxy on the web server will catch their request and serve up an authentic-looking message that a firmware upgrade has taken place on their router and they must re-authenticate.
Notice that I have put in my password, nullbyte, and hit Submit.
When the user enters their password, it will be passed to you through the Wifiphisher open terminal, as seen below. The user will be passed through to the web through your system and out to the Internet, never suspecting anything awry has happened.
Now, my tenderfoot hackers, no Wi-Fi password is safe! Keep coming back as explore more of the world's most valuable skill set—hacking!

Comments

Post a Comment

COMMENT HERE

Popular posts from this blog

Hacking Tools for Bank Transfer and online Money Transfer in USA

I am oxford graduated with Banking background. Later on i have learned hacking techniques and now i am very good hacking with 5 to 6 years hacking experience. I have hacked Bank accounts from different countries like, India, Sweden, USA, Canada, Philippines, Egypt, Ghana, Germany, UK, Kenya, Italy, and lot of other countries. I have user name, Password and every security questions and answers. These Accounts are full of money. All these accounts have very high balance in them. I am expert to send money int your personal bank Account, Saving bank account, Checking Bank account, Business Account or Company Account in any country of the world. I Can send money into your Bank account by wire transfer from the Hacked bank account to your account. I have a lot of local bank login, like USA Chase, Wells Fargo, Capital One, SunTrust Banks, HSBC Bank USA, Bank of America, Citigroup, American Express, State Street Bank, Royal Bank of Scotland UK, Barclays UK, Standard Chartered UK, Unity Tru
Read more

Oritsefemi Rents Static Private Jet For N500k For Music Video [PICS]

Image
howing off your rich lifestyle, sure comes at a cost, especially for musicians who tend to want to please their adoring fans with excess glitz and glamour. Such is the case of musical Taliban, Oritsefemi who has coughed up N500k just to rent a private jet for a music video and he didn't even get to take a shot inside of it. For the visuals of his song, 'Happy Day' which is directed by Avalon Okpe, Oritsefemi is shot in one of the scenes singing while ladies danced in front of the jet, another shot sees him stand with vixens dressed as air hostess. The jet didn't leave its position and no scene was shot inside of it. The video for Happy Day, which should be dropping any time soon was shot at, Lekki and Ikeja, Lagos. http://www.tunezmediablog.com/2017/02/singer-oritsefemi-spends-500k-to-rent.html
Read more

Bet9ja Predictions 10 sure games you can PREDICT FREE

Arsenal vs Bournemouth This week Arsenal is playing at home against Bournemouth.  we expect Arsenal to win the match. we also the game to produce goals  . This best predictions for this game is 1. Arsenal to win. Alternatively, if you are greedy like me. play it 1 and GG. it will give you better odd. The Bet9ja code for the game is 1267. You can also bet on goals say over 1.5, 2.5 and over 3.5. Bet9ja Predictions 10 sure games you can predict 2.  Metz vs PSG PSG will continue the season this week at home against Metz. PSG is expected to win this match 2. You can bet this game on goals.  Over 1.5. 2.5 etc. The bet9ja code of the game is 9353. 3.  Valencia vs Atl. Madrid This match is going to be tough. Atl. Madrid may find it difficult to win the match. Atl. Madrid playing away will surely goals. Valencia also will score. but for winning any of the two teams will score. The best prediction for the match is GG.  You can also bet on goals, over 1.5, over 2.5. The code is
Read more