How to Hack Wi-Fi Passwords

Your reason for cracking a Wi-Fi password are no doubt noble (we trust you); here's how.

By Eric Griffith
Updated March 10, 2020
Chances are you have a Wi-Fi network at home, or live close to one (or more) that tantalizingly pops up in a list whenever you boot up the laptop or look at the phone.
The problem is, if there's a lock next to the network name (AKA the SSID, or service set identifier), that indicates security is activated. Without a password or passphrase, you're not going to get access to that network, or the sweet, sweet internet that goes with it.
Perhaps you forgot the password on your own network, or don't have neighbors willing to share the Wi-Fi goodness. You could just go to a café, buy a latte, and use the "free" Wi-Fi there. Download an app for your phone like WiFi-Map (available for iOS and Android), and you'll have a list of millions of hotspots with free Wi-Fi for the taking (including some passwords for locked Wi-Fi connections, if they're shared by any of the app's users).
However, there are other ways to get back on the wireless. Some require such extreme patience and waiting that the café idea is going to look pretty good. Read on if you can't wait.

Windows Commands to Get the Key

This trick works to recover a Wi-Fi network password (AKA network security key) only if you've previously attached to the Wi-Fi in question using that very password. In other words, it only works if you've forgotten a previously used password.
It works because Windows 8 and 10 create a profile of every Wi-Fi network to which you connect. If you tell Windows to forget the network, then it also forgets the password, so this won't work. But most people never explicitly do that.
It requires that you go into a Windows Command Prompt  with administrative privileges. Use Cortana to search for "cmd" and the menu will show Command Prompt; right-click that entry and select "Run as administrator." That'll open the black box full of text with the prompt inside—it's the line with a > at the end, probably something like C:\WINDOWS\system32\>. A blinking cursor will indicate where you type. Start with this:
netsh wlan show profile

ADMIN CONTROL
The results will bring up a section called User Profiles—those are all the Wi-Fi networks (aka WLANs, or wireless local area networks) you've accessed and saved. Pick the one you want to get the password for, highlight it, and copy it. At the prompt below, type the following, but replace the Xs with the network name you copied; you only need the quotation marks if the network name has spaces in it, like "Cup o Jo Cafe."
netsh wlan show profile name="XXXXXXXX" key=clear
In the new data that comes up, look under Security Settings for the line "Key Content." The word displayed is the Wi-Fi password/key you are missing.
On macOS, open up the Spotlight search (Cmd+Space) and type terminal to get the Mac equivalent of a command prompt. Type the following, replacing the Xs with the network name.
security find-generic-password -wa XXXXX

Reset the Router

This isn't for getting on someone else's Wi-Fi. You need physical access to the router for this to work. But, before you do a full router reset simply to get on your own Wi-Fi, try to log into the router first. From there, you can easily reset your Wi-Fi password/key if you've forgotten it.
That's not possible if you don't know the password for the router. (The Wi-Fi password and router password are not the same thing—unless you assigned the same password to both). Resetting the router only works if you have access via Wi-Fi (which we've just established you don't have) or by physically utilizing an Ethernet cable.
If you've got a router that came from your internet service provider (ISP), check the stickers on the unit before a reset—the ISP might have printed the SSID and network security key right on the hardware.
Or use the nuclear option: Almost every router in existence has a recessed reset button. Push it with a pen or unfolded paperclip, hold it for about 10 seconds, and the router will reset to the factory settings.

Router Reset button
Once a router is reset, you'll need that other username/password combo to access the router itself. Again, do this via a PC attached to the router via Ethernet—you'll need to, since the reset probably killed any potential Wi-Fi connection for the moment. The actual access is typically done with a web browser.
(Some routers may also have a sticker with that default Wi-Fi network name (SSID) and network security key (password) so you can indeed go back on the Wi-Fi after a reset; that's the case with my own Netgear Nighthawk, for example.)
The URL to type into the browser to access a router's settings is typically 192.168.1.1 or 192.168.0.1, or some variation. Try them randomly; that generally works. To determine which one, on a PC connected to the router via Ethernet, open a command prompt and type "ipconfig" without the quotes. Look among the gobbledygook for an "IPv4 Address," which will start with 192.168. The other two spaces, called octets, are going to be different numbers between 0 and 255. Note the third octet (probably a 1 or 0). The fourth is specific to the PC you're using to log into the router.
In the browser, type 192.168.x.1, replacing the X with the number you found in the ipconfig search. The 1 in the last octet should point at the router—it's the number one device on the network. (For full details, read How to Access Your Wi-Fi Router's Settings.)
At this point, the router should then ask for that username and password (which, again, is probably not the same as the Wi-Fi SSID and network security key). Check your manual, assuming you didn't throw it away, or go to RouterPasswords.com, which exists for one reason: to tell people the default username/password on every router ever created. You'll need the router's model number. 

RouterPasswords.com
You will quickly discern a pattern among router makers of utilizing the username of "admin" and a password of "password," so feel free to try those first. Since most people are lazy and don't change an assigned password, you could try those options even before hitting the reset button. (But c'mon, you're better than that.) Once you're in the Wi-Fi settings, turn on the wireless network(s) and assign strong but easy-to-recall passwords. After all, you don't want to share with neighbors without your permission.
Make that Wi-Fi password easy to type on a mobile device, too. Nothing is more frustrating than trying to get a smartphone connected to Wi-Fi with some cryptic, impossible to key-in-via-thumbs nonsense, even if it is the most secure password you've ever created.

Crack the Code

You didn't come here because the headline said "reset the router," though. You want to know how to crack the password on a Wi-Fi network.

RELATED

Searching on "wi-fi password hack," or other variations, nets you a lot of links—mostly for software on sites where the adware and bots and scams are pouring like snake oil. Same goes for the many, many YouTube videos promising you ways to crack a password by visiting a certain website on your phone.  Download those programs or visit those sites at your own risk, knowing many are phishing scams at best. It's best to have a PC you can afford to mess up a bit if you go that route. I had multiple tools I found get outright deleted by my antivirus before I could even try to run the EXE installation file. Thankfully.
You could create a system just for this kind of thing, maybe dual-boot into a separate operating system that can do what's called "penetration testing"—a form of offensive approach security, where you examine a network for any and all possible paths of a breach. Kali Linux is a Linux distribution built for just that purpose. You probably saw it used a lot on Mr. Robot.  Check out this tutorial, or the one below.
You can run Kali Linux off a CD or USB key without even installing it to your PC's hard drive. It's free and comes with all the tools you'd need to crack a network. It even comes as an app for Windows 10 in the Windows App Store.
If you don't want to install a whole OS, then try the tried-and-true tools of Wi-Fi hackers.

Aircrack

Aircrack has been around for years, going back to when Wi-Fi security was only based on WEP (Wired Equivalent Privacy). WEP was weak even back in the day; it was supplanted in 2004 by WPA (Wi-Fi Protected Access).
Aircrack-ng—labeled as a "set of tools for auditing wireless networks," so it should be part of any network admin's toolkit—will take on cracking WEP and WPA-PSK keys. It comes with full documentation, but it's not simple. To crack a network you need to have the right kind of Wi-Fi adapter in your computer, one that supports packet injection. You need to be comfortable with the command line and have a lot of patience. Your Wi-Fi adapter and Aircrack have to gather a lot of data to get anywhere close to decrypting the passkey on the network you're targeting. It could take a while. Here's a how-to on doing it using Aircrack installed on Kali Linux. Another option on the PC using the command line is Airgeddon.

KisMAC

If you prefer a graphical user interface (GUI), there is KisMAC for macOS. It's mainly known as a "sniffer" for seeking out Wi-Fi networks. It's the kind of thing we don't need much of these days since our phones and tablets do the job of showing every Wi-Fi signal in the air. However, it can crack some keys with the right adapter installed. 
Also on the Mac: Wi-Fi Crack. To use those, or Aircrack-ng on the Mac, you need to install them using MacPorts, a tool for installing command-line products on the Mac.

Reaver-wps

Cracking the much stronger WPA/WPA2 passwords and passphrases is the real trick. Reaver-wps is the one tool that appears to be up to the task. You'll need that command-line comfort again to work with it. After two to 10 hours of brute force attacks, Reaver should be able to reveal a password... but it's only going to work if the router you're going after has both a strong signal and WPS (Wi-Fi Protected Setup) turned on. WPS is the feature where you can push a button on the router, another button on a Wi-Fi device, and they find each other and link auto-magically, with a fully encrypted connection. It's also the "hole" through which Reaver crawls.
Even if you turn off WPS, sometimes it's not completely off, but turning it off is your only recourse if you're worried about hacks on your own router via Reaver. Or, get a router that doesn't support WPS.
Hacking Wi-Fi over WPS is also possible with some tools on Android, which only work if the Android device has been rooted. Check out Wifi WPS WPA TesterReaver for Android, or Kali Linux Nethunter as options.

Comments

Post a Comment

Popular posts from this blog

VITZ “INSERT MAP CD” SOLUTION

Image
By   Moonis ( zaitron )   on   December 3, 2010 For those of you who have a JDM navigation system installed in their Toyota (vitz, belta, axio, etc) and get the following message on their navigation system “INSERT MAP CD”, i have the solution for you. All that the system needs is a boot CD that will bypass this message. After that you will be able to use most of the features of the system like controlling the treble/base, maintenance log, etc. Everything, apart from the actual GPS navigation will be activated (for that, you require a map file of Pakistan, which unfortunately isn’t available for any system apart from Garmin). Usually you can go to the market (audio stores) and pay Rs.500-2000 for them to unlock your system. Instructions: First thing you need to do is to know the model number of the system you have installed in your car, for eg, NDCN W55 etc. (Model number is usually written at the bottom right of the unit). After that, download the file from mega
Read more

Make ready your horses !

Image
Assalam o alaikum, I just wanted to share a thought that has come to my mind regarding war in which nuclear weapons could be used. I might be wrong in my perception but I just thought to share it and get valued opinions of the members. Quran says: "Tayyar rakho apni taqat aur apni quwwat aur zara-e-jang ke sath, takey HAIBAT tari ho jaey unke dilon per jo dushman hen Allah ke aur tumharey dushman" I have highlighted the word 'Haibat'. It means to strike terror into the hearts. Being a muslim it's our firm belief that every single word of Quran is full wisdom. Quran talks not about 'destruction' of the enemies. It does not say that we should be equiped with modern weaponary so that our enemy is 'Destroyed' by it. It says that we should be equiped so that we can strike terror into the hearts of our enemies. If we observe, this is exactly what has stopped India from attacking Pakistan on a number of occassions. E.g. After attac
Read more