Hello, in this article you are going to learn how to hack wifi wpa/wap2 wps enabled or locked or unlocked or whatever network. This is one of the best methods to hack wifi without using either wordlist or reaver or any other method. This method is called EVIL TWIN ATTACK. Evil twin creates a new fake access point and lures the victim into entering their password. Unlike other methods, this method chances of hacking wifi password are 95%, only a few routers are secured from evil twin attack.
No reaver No Wordlist No normal tricks – Best way to hack wifi in Linux
Evil twin attack creates a fake access point as same as the network that we want to hack and deauthenticate them from their network and stops their connectivity. Then the victim tries to connects to their network and finds the new network with the same name as their network and connects to it, so times windows disconnects from its original network and connects to the fake free network and in which appears a new web page which asks the victim to enter their wifi password and unless they enter it, they can’t access wifi. That’s how it works, easy, simple and the best way to hack wifi without using wordlist easily.
What is Evil Twin Attack?
An evil twin is a fake Wi-Fi access point that appears to be legitimate, set up to capture credentials on wireless communications. The evil twin method is same as phishing anything. Evil twin method creates a new phishing page which sends credentials over a LAN network.
This type of attack may be used to steal the passwords of unsuspecting users, either by monitoring their connections or by phishing, which involves setting up a fraudulent website and luring people there. Often, users are unaware they have been hacked until well after the incident has occurred.
How Evil Twin Attack Works?
Fake access points are set up by configuring a wireless card to act as an access point (known as HOSTAP). They are hard to trace since they can be shut off instantly. The counterfeit access point may be given the same SSID and BSSID as a nearby Wi-Fi network. The evil twin can be configured to pass Internet traffic through to the legitimate access point while monitoring the victim's connection, or it can simply say the system is temporarily unavailable after obtaining a username and password.
Process of Evil Twin Attack
1) Scan the networks.
2) Select network.
3) Capture handshake (can be used without handshake)
4) We choose one of several web interfaces tailored for me (thanks to the collaboration of the users)
5) Mounts one FakeAP imitating the original
6) A DHCP server is created on FakeAP
7) It creates a DNS server to redirect all requests to the Host
8) The web server with the selected interface is launched
9) The mechanism is launched to check the validity of the passwords that will be introduced
10) It deauthentificate all users of the network, hoping to connect to FakeAP and enter the password.
11) The attack will stop after the correct password checking
Requirements To hack Wifi Password Without using Wordlist
2) WifiSlax (Operating System)
3) Linset (Mostly Inbuilt)
4) Pendrive or Flash Drive (2gb or higher)
5) Universal USB Installer
Software Requirements for Linset
As it’s a BASH script, there’s quite a list of external apps required to perform evil twin attack successfully, so we use Linset.
What is WifiSlax and Why WifiSlax
Wifislax is one of the best Spanish Linux Operating system. It is one of the most famous operating system for wifi hacking, to be precise this linux based operating system is for hacking wifi networks. WifiSlax has all inbuilt tools required to hack wifi, of course, linset as well. So for this tutorial, I am using WifiSlax.
How To hack Wifi Using Evil Twin Attack Using Linset
Step 1: Install WifiSlax in Flash Drive or Pendrive using universal usb installer
Step 2: Start WifiSlax
1) Click on “Change To English Menu”
2) Click on “Run with SMP Kernel”
|Run with SMP Kernel|
3) Click on “WifiSlax with KDE Desktop”
|WifiSlax with KDE Desktop|
4) That’s it WifiSlax will start now
|Wifislax is starting|
Step 3: Go to WifiSlax à WPA à Linset (Evil Twin Attack)
Step 4: Linset will Start required Tolls
Step 5: Select Wlan0
Step 6: type “1” to select Wlan0
Step 7: Enter “1” to select “todos los canales” which means select all channels. We need to search all channels to get all the networks available near you. If you want to hack a particular network whose channel number you know already, select 2 and proceed.
Step 8: All the Available networks will be shown now, wait for 2-3 mins to complete the search and click “CTRL +C” To stop the search
Step 9: Select the network that you want to hack from the list shown as in the below picture
Step 10: Enter the number of the network that you want to hack, in my case I am hacking my own network which is “Virus” and is located at number 5
Step 11: Now we need to select hostpad, so type “1”
Step 12: we need to enter the path of the handshake, there is no need to enter any address, by default it takes some root/micaprura.cap, so just Hit “Enter” without typing anything
Step 13: we are going to capture handshake using aircrack-ng, so enter “1”
Step 14: we need to deactivate the process after the handshake is created, so we need to select “realizar desaut. masiva al ap objetivo” that is “1”
Step 15: Now Handshake capturing process will start, and 2 windows will open. we need to wait until handshake is created. You need to capture handshake compulsorily to proceed.
Step 16: After the Handshake is captured, close the de authentication box
Step 17: Select “Si” which means “Yes”. So, Enter “1”
Step 18: Select “Interface Web Nutra”. So, Enter “1”
Step 19: Select your Language, I am Selecting “English” as the content in my country is displayed in English. You can choose accordingly and enter the number
Step 20: Now the main process will start DHCP, fake dns, AP, deauth all, and wifi info dialog boxes will open. You need to wait until the client is connected to our network.
Step 21: Check out for active clients. The victim cannot access their internet connection until we stop the process. Dhcp and deauth all will stop them from receiving any packets which make them shift to another network i.e. our fake access point or fake network signal
In this process, A DOS attack is launched and the victim loses their internet connection and the victim see's it as "Limited Connection"
When you are at this step, you can even eavesdrop on the victim. you can see all the websites they surf, each and every detail is displayed in FAKE DNS
Now I will show you what happens when the process is started
Original network gets disconnected and our newly created fake network with same name connects to victim’s network and a page pop’s up
This is the page that appears, page changes from language to language, as I selected English – content is displayed in English
Unless the victim enters the password, they can neither access the internet nor move away from the page.
After Victim enters the password, they can get access to their old network.
Step 21: After the victim enters the password it will be immediately shown in our window.
|Password Captured using Evil Twin Attack|
So That's how we crack any kind of wifi password very easily using Evil twin attack or fake access point method. As this works without wordlist and without reaver - this is one of the best methods available for hacking wifi wpa/wap2 - wps enabled and even locked networks
How To Secure Yourself From Evil Twin Attack
1) Do not connect to any public networks, anyone can sniff your data while you are on a public network.Evil Twin attack will be performed as a public network, so wherever possible restrict connecting to any open or public networks mainly if it wifi name is same as your wifi name
2) When your internet connection suddenly stops working, you might be under DOS attack using evil twin attack, just restart the router and the hacker need to restart the attack and as it takes some time. Maybe they leave it or continue some other time
3) Running a VPN to ensure that any browsing and transmitted data is done through an encrypted tunnel that cannot be easily snooped.
4) Do not always rely on the name of the network, make sure it is a legitimate and trusted network or not.