{"id":752,"date":"2020-03-09T14:10:22","date_gmt":"2020-03-09T14:10:22","guid":{"rendered":"http:\/\/zerothcode.com\/blog\/?p=752"},"modified":"2020-04-18T07:13:52","modified_gmt":"2020-04-18T06:13:52","slug":"hack-upc-wireless-networks","status":"publish","type":"post","link":"https:\/\/zerothcode.com\/blog\/hack-upc-wireless-networks\/","title":{"rendered":"How to hack UPC wireless networks and other WLAN pt 1"},"content":{"rendered":"<p>hack: In these tutorials we will show you how to hack UPC wireless networks with the default password which is a common thing for many UPC customers. The first step is to create a password list that contains all possible combinations of 8 capital letters.<\/p>\n<p>We will be using Maskprocessor in Kali Linux to create the password list.<\/p>\n<p>Then we will be capturing a 4-way handshake with Airodump-ng by deauthentication of a connected client with Airplay-ng. The last step is to brute force the password using Aicrack-ng.<\/p>\n<h2>How to hack UPC wireless networks in 3 steps<\/h2>\n<p>Steps:<\/p>\n<p>1: Creating the password list with Maskprocessor<br \/>\n2: Capturing the 4-way handshake with Airodump-ng<br \/>\n3: Brute forcing the password with Aircrack-ng<\/p>\n<h2>Creating the password list with Maskprocessor<\/h2>\n<p>We will use maskprocessor to generate the password lists piping each letter to a file so we could use multiple computers to speed up brute forcing the password. hack<\/p>\n<p><strong>maskprocessor A?u?u?u?u?u?u?u -o \/usr\/A.txt<\/strong><br \/>\n<strong>maskprocessor B?u?u?u?u?u?u?u -o \/usr\/B.txt<\/strong><br \/>\n<strong>maskprocessor C?u?u?u?u?u?u?u -o \/usr\/C.txt<\/strong><br \/>\netc\u2026. Repeat for every letter in the alphabet.<\/p>\n<p>The filesize for each document will be approximately 60 GB. You can use the following command to see how many different combinations each file will contain: hack<\/p>\n<p><strong>maskprocessor A?u?u?u?u?u?u?u \u2013combinations<\/strong><\/p>\n<p>8.031.810.176 combinations\u2026<br \/>\n* 26 letters<br \/>\n<strong>208.827.064.576 possible combinations<\/strong><\/p>\n<h2>Step 2: Capturing the handshake with Airodump-ng (hack)<\/h2>\n<p>The next thing we have to do is\u00a0capture the handshake with Airodump-ng. We will be\u00a0using Airodump-ng first to select our target and retrieve it\u2019s BSSID and channel the\u00a0WiFi access point is broadcasting on.<\/p>\n<p>Then we will use\u00a0Aireplay-ng to\u00a0de-authenticate a connected client to force a reconnect, which will give us\u00a0the fourway handshake we need.\u00a0Now let\u2019s start Airodump-ng to find our target by using the following command:<br \/>\n<strong>airodump-ng mon0<\/strong><\/p>\n<p>Now pick your target\u2019s BSSID and channel and restart Airodump-ng with the following command and look for a connected client:<\/p>\n<p><strong>airodump-ng \u2013bssid [BSSID] -c [channel]-w [filepath to store .cap]wlan0mon<\/strong><\/p>\n<p>Open a new terminal and issue a deauthentication command for the connected client using Aireplay-ng.<\/p>\n<p><strong>aireplay-ng -0 2 -a [BSSID] -c [Client MAC] mon0<\/strong><\/p>\n<p>Deauthentication successful and the 4 way handshake is captured! hack<br \/>\n<a href=\"https:\/\/www.hackingtutorials.org\/wp-content\/uploads\/2015\/05\/Wordpress-screen-5.jpg\" rel=\"prettyPhoto\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-112 no-display appear\" src=\"https:\/\/www.hackingtutorials.org\/wp-content\/uploads\/2015\/05\/Wordpress-screen-5.jpg\" sizes=\"auto, (max-width: 859px) 100vw, 859px\" srcset=\"https:\/\/www.hackingtutorials.org\/wp-content\/uploads\/2015\/05\/Wordpress-screen-5.jpg 859w, https:\/\/www.hackingtutorials.org\/wp-content\/uploads\/2015\/05\/Wordpress-screen-5-300x58.jpg 300w\" alt=\"Aircrack-ng aireplay-ng\" width=\"859\" height=\"167\" \/><\/a><\/p>\n<h2>Step 3: Brute forcing the password with Aircrack-ng<\/h2>\n<p>Let\u2019s do some maths first:<br \/>\n1x AMD hd7970 1000mhz core clock with oclHashcat v1.35 can do 142.000 combinations per second.<\/p>\n<p>26^8 = 208,827,064,576 combinations<br \/>\n26^8 \/ 142,000 keys per second =\u00a0<strong>1470613 seconds<\/strong><br \/>\n2,610,338 \/ 60 seconds =\u00a0<strong>24510 minutes<\/strong><br \/>\n43,505 \/ 60 minutes =\u00a0<strong>408,5 hours<\/strong><br \/>\n725 hours \/ 24 hours =\u00a0<strong>17 Days<\/strong><\/p>\n<p><strong>50% chance of cracking the password in 8.5 days.<\/strong><\/p>\n<p>It takes 17 days to brute force a standard UPC password and hacks UPC wireless networks with a single average video card using oclHashcat.<\/p>\n<p>In this video, we will be brute-forcing the file with Aircrack-ng and a processor which takes 100 times longer than brute-forcing the password with a GPU and oclHashcat.<\/p>\n<p>Use the following command to brute-force the password with Aircrack-ng:<\/p>\n<p><strong>aircrack-ng -a 2 -b [Router BSSID] -w [Filepath to password list] [Filepath to .cap file]<\/strong><\/p>\n<p>Eventually, it will crack the password:<\/p>\n<p>`<\/p>\n<h2>Lesson learned hack<\/h2>\n<p>Nowadays\u00a0fast GPU\u2019s are available for decent prices\u00a0and\u00a0are often\u00a0the standard in\u00a0consumer laptops and desktops, especially\u00a0when\u00a0they are build for multimedia and gaming.<\/p>\n<p>With these powerful CPU\u2019s and GPU\u2019s the average home user has the power to crack passwords which are considered strong and safe by many end users.<\/p>\n<p>Even though 17 days is too long for most to crack a Wifi password it is accessible if you really want to. If you add 3 more letters,<\/p>\n<p>or even better, numbers or special characters like a ! or a $-sign it will be close to impossible to crack for an average home user.<\/p>\n<p>&nbsp;<\/p>\n<p>You May Also Like to View<\/p>\n<p><a href=\"http:\/\/zerothcode.com\/blog\/zoom-caught-cybersecurity-need-know\/\">http:\/\/zerothcode.com\/blog\/zoom-caught-cybersecurity-need-know\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>hack: In these tutorials we will show you how to hack UPC wireless networks with the default password which is<\/p>\n","protected":false},"author":1,"featured_media":797,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[51],"tags":[],"yst_prominent_words":[902,888,895,1034,889,903,896,898,893,891,887,894,349,883,897,899,1035,905,892,1033],"class_list":["post-752","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorials"],"_links":{"self":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts\/752","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/comments?post=752"}],"version-history":[{"count":0,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts\/752\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/media\/797"}],"wp:attachment":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/media?parent=752"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/categories?post=752"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/tags?post=752"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/yst_prominent_words?post=752"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}