Infiltrating Wi-Fi Networks: Software and Techniques Without a Router

Usage in Collecting and Analyzing Data Packets

Wireshark can be used to collect and analyze data packets in a variety of contexts, including Wi-Fi hacking. Some common uses include:

• Network Monitoring: Captures all packets passing through the network for analysis and monitoring.
• Analyze Traffic: View the type and amount of traffic that passes through the network to identify suspicious or unusual patterns.
• Collect Handshakes: Capture 4-way handshakes on WPA/WPA2 networks for use in brute-force attacks.
• Identify Encrypted Packets: Locate encrypted packets for further analysis.

Steps to Use Wireshark for Wi-Fi Hacking

Here are the basic steps to use Wireshark in the context of Wi-Fi hacking:

1. To install Wireshark on Linux (for example, Debian-based distributions such as Ubuntu), open a terminal and run the following command:

sudo apt-get update
sudo apt-get install wireshark

2. Enable monitor mode on your Wi-Fi adapter (e.g., wlan0):

sudo airmon-ng start wlan0

3. This will activate monitor mode and change the interface name to wlan0mon.
4. Open Wireshark and select the wlan0mon interface to start capturing data packets.
5. Click the Start button to start capturing packets.
6. Use the Wireshark filter to focus on the relevant packets. For example, to capture EAPOL (4-way handshake) packets on a WPA/WPA2 network, use the filter:

eapol

7. Let Wireshark capture packets until you get a 4-way handshake from the target network. You can recognize this handshake by searching for EAPOL packages on Wireshark.
8. Once you’ve captured the handshake, save the collected data to a file:
   • Click File > Save As and select the pcap or pcapng file format.
9. Use Wireshark to analyze captured packets. You can view the details of each plan, including the source, destination, protocol used, and other information.
10. A pcap or pcapng file containing a handshake can be used with other tools such as Aircrack-ng to perform brute-force attacks:

sudo aircrack-ng -w [wordlist] -b [BSSID] capture.pcap

11. Replace [wordlist] with the path to the list of passwords you want to use, and [BSSID] with the BSSID of the target network.

Usage Examples

Suppose you want to monitor the security of the Wi-Fi network in your office. Using Wireshark, you can capture and analyze traffic that passes through the network. If you detect an EAPOL packet, you can save it and analyze whether there is an attempt to carry out a brute-force attack on your network.

Wireshark can also be used to detect and analyze suspicious activity, such as DDoS attacks, sniffing, or unauthorized devices trying to connect to the network. With these tools, network administrators can ensure that their networks are safe and protected from potential threats.

Reaver

Reaver is a tool specifically designed to attack routers that have WPS (Wi-Fi Protected Setup) features. WPS is a method that makes it easy for users to connect devices to a Wi-Fi network by pressing a button on the router or entering an eight-digit PIN. While WPS is designed for ease of use, this feature has security loopholes that can be exploited, making routers with WPS a specific target for Reaver.

Reaver uses the brute-force method to guess the WPS PIN of the target router. By brute-forcing the WPS PIN, Reaver can gain access to the Wi-Fi network even if using WPA/WPA2. This process involves trying different combinations of WPS PINs until they find the correct one, which then allows Reaver to get the Wi-Fi password.

Reaver Usage Guide and Examples of Success Cases

Here is a step-by-step guide to using Reaver:

1. To install Reaver on Linux (for example, Debian-based distributions such as Ubuntu), open a terminal and run the following command:

sudo apt-get update
sudo apt-get install reaver

2. Enable monitor mode on your Wi-Fi adapter (e.g., wlan0):

sudo airmon-ng start wlan0

3. This will change the interface name to wlan0mon.
4. Use wash to scan the network and find routers with WPS on:

sudo wash -i wlan0mon

5. Note the BSSID and channel of the target router that has WPS active.
6. Run Reaver with the BSSID target and the channel already recorded:

sudo reaver -i wlan0mon -b [BSSID] -c [Channel] -vv

7. Replace [BSSID] with the BSSID of the target router and [Channel] with the channel used by that router. The -vv option provides a more detailed output.
8. Reaver will start trying different combinations of WPS PINs to get the correct PIN. This process can take quite a while depending on the security level of your router and the speed of your computer.
9. Once the WPS PIN is found, Reaver will display the Wi-Fi password on the screen.

Examples of Success Cases

Suppose you want to test the security of an office Wi-Fi network that uses a router with WPS enabled. By using Reaver, you can initiate a brute-force attack on the router. Here is a step-by-step scenario that illustrates this process:

1. Run a wash to find a router with WPS active. For example, let’s say you find a router with BSSID 00:11:22:33:44:55 and channel 6.
2. Run the following command to initiate the attack:

sudo reaver -i wlan0mon -b 00:1:22:33:4:5 -c 6 -vv

3. You’ll see Reaver try different combinations of WPS PINs and report each attempt. This process can take a few hours to a few days depending on your computer’s luck and speed.
4. Once the WPS PIN is found, Reaver will display the associated Wi-Fi password. For example, you get the password SuperSecurePassword123.