1 00:00:00,300 --> 00:00:08,000 Hello guys welcome to my video on hacking a wireless system and in this case it is a router 2 00:00:08,100 --> 00:00:23,400 so one of the first things we are going to do is to show all the devices that are availabe, the cards that are available that can enter into monitor mode 3 00:00:23,410 --> 00:00:36,500 so we use "airmon-ng", so there is just one interface and that is the wlan0mon 4 00:00:36,510 --> 00:00:46,600 okay, so now that we have seen the number of wireless cards available and which can enter into the monitor mode, lets just start the interface 5 00:00:46,610 --> 00:01:02,400 and that is done by typing "airmon-ng start wlan0mon" and that is gotten from here 6 00:01:02,410 --> 00:01:19,200 so we run that. Okay, that's done. Now that that's done, to confirm or to check that the monitor interface has started, we can type "ifconfig" 7 00:01:19,300 --> 00:01:34,900 Okay, so initially, this wouldn't have been there, sorry, this wouldn't have been there, so seeing this shows, it's running. Okay so now, we can move on 8 00:01:35,000 --> 00:01:46,800 what we need to do now is to find all the wifi networks in this location or in my location. All the wifi networks around 9 00:01:46,900 --> 00:02:10,000 and that's done by using the command "airodump-ng wlan0mon" and that's the name of the interface so 10 00:02:10,100 --> 00:02:28,900 okay, so after running the command, two wireless systems have been found. These are the wireless or the routers that have been found 11 00:02:28,910 --> 00:02:51,500 so we can move on and then try to get a handshake and basically the handshake will show that the key has successfully been intercepted 12 00:02:51,510 --> 00:03:15,600 and to do that we use "airodump" so "airodump-ng" and reading from this, we will be needing '-w' 13 00:03:15,610 --> 00:03:36,400 which will write whatever is captured into a file. We will be needing this. That will be specifying whatever bssid we would want to hack so in this case it will be this and then '-c' 14 00:03:36,500 --> 00:03:47,800 '-c' will basically talk about the frequency or the channel that we will be listening on, okay, so lets go on 15 00:03:47,810 --> 00:04:14,900 so airodump-ng -c and in this case, c is 1 because it's on channel 1. so c 1 --bssid which is the mac address for the particular gadget 16 00:04:14,910 --> 00:04:43,500 in this case, this, so lets just copy and then paste. And then we will be writing it to the Desktop. 17 00:04:43,510 --> 00:05:08,960 hmmm. Ow yeah, we would have to specify the interface and in this case it is 'wlan0mon'. Okay 18 00:05:15,900 --> 00:05:25,400 [BACKGROUND NOISE] so we would have to wait for somebody to connect in order for the handshake to be established 19 00:05:25,510 --> 00:05:44,500 but since it is taking much time, i guess we would have to use "aireplay". so, lets just leave this to run and then use a new terminal for "aireplay" 20 00:05:44,510 --> 00:06:10,300 so, "aireplay-ng". So in aireplay we will be using '-0'. it represents the deauthentication counts. So, it can be 1, it can be 100, it can be 20 21 00:06:10,310 --> 00:06:29,900 and we will be using '-a' which, where is it, will be the bssid and then you type the monitor interface or wlan0mon, in my case 22 00:06:29,910 --> 00:06:59,500 so "aireplay-ng -0" i will be using two, naah, let me use a hundred. yeah, -a, copy and paste the bssid of the router you are trying to hack 23 00:06:59,510 --> 00:07:38,200 or crack and followed by "wlan0mon". Lets see what happens. Okay, so here it begins. 24 00:07:38,210 --> 00:08:06,800 huh, so immediately we see this, it means the handshake has been complete and therefore we will be able to hack the WiFi system or crack the wifi system. 25 00:08:06,810 --> 00:08:14,300 and in order to do that we will be using "aircrack". so now, i think we can stop this now 26 00:08:14,310 --> 00:08:31,900 in order to do that, we will be using "aircrack" and the "dictionary". So in this case, lets go to where the dictionary is usually located. 27 00:08:31,910 --> 00:08:51,600 First, lets see what "aircrack" has to offer. In using "aircrack" we will be using, we will be specifying the force attack mode which in this case, it's two 28 00:08:51,610 --> 00:09:09,010 errrmm, we will be using '-b' for the bssid of the router. We will also be using '-w'. That's the wordlist 29 00:09:09,010 --> 00:09:25,990 okay, so, there are several wordlists online but Kali comes with one particular wordlists. That's "rockyou.txt" 30 00:09:25,990 --> 00:09:39,010 so, lets go here and list. This is it but because it is compressed, we would need to decompress it 31 00:09:39,010 --> 00:10:02,990 and to do that we use "gzip -d" and then specify 'rockyou.txt.gz'. Okay, let me take of the backslash 32 00:10:02,990 --> 00:10:31,010 okay, so, now it has been unzipped. We can take a look at it using 'nano', 'leafpad' or 'vi'. yeah, any of those apps. but i personally prefare 'nano' 33 00:10:31,010 --> 00:10:53,900 It will take a little bit of time but it is worth it. So, these are some of the passwords we will be running with 34 00:10:53,910 --> 00:11:28,500 so, you can add some common passwords or the persons name. You can add his previous passwords and what you think might be the password 35 00:11:28,510 --> 00:11:32,000 but in this case let me provide the password [UNKNOWN WORD] 36 00:11:32,010 --> 00:11:42,700 and then save, Ctrl+Z. Press yes, press y and then save 37 00:11:42,710 --> 00:12:21,100 okay, so we can now move on now that we are done extracting. So we can use "aircrack-ng -a 2 -b" just located right here. eerrmmm, and then specify where the wordlist is found 38 00:12:21,110 --> 00:12:35,900 and in this case it is /usr/share/wordlists/rockyou.txt 39 00:12:35,910 --> 00:12:52,500 and then you will specify where the ".cap" file can be found and in this case we saved it to the Desktop 40 00:12:52,510 --> 00:13:25,900 and this is the name. You can just copy and then specify where it is found. It is found in '/root/desktop/' the name '.cap 41 00:13:25,910 --> 00:13:42,500 and then press "Enter". So after some few searches, it has found the password. 42 00:13:42,510 --> 00:14:00,100 yours might take a little bit of time than this but depending on where the password is found is found in the 'rockyou.txt', it might take much more time than this or much less time than this 43 00:14:00,110 --> 00:14:07,000 Okay, Thank you guys for watching See ya.