Hacking Wifi to get your own key (part 1)

Hacking wifi

It may be the case that lose your Wifi key and you want to recover it in any way, well, in this article we are going to see the ways you can do it, hack your own Wifi. Explained step by step and in a simple way in the same way as we did with the creation of a homemade Wifi antenna with a Pringles jar. I leave you also the second part of the tutorial in case you find better methods to hack your wifi there.

I must warn you that my intention in writing this article is that you learn how to recover your own Wifi password, not that of your neighbours, and with this, I am not responsible for the use that you can make of the information that you will find below, in addition, even if you do not want to recover your password, these processes will help you to understand much better how the security systems of our wifis work and learn with it. With this detail clear, let's start to see what ways we have of recovering the key of Wifi.

Restart your router

It seems obvious, but not everyone knows that by leaving our router as it was in the factoryIf we do so, we will have the possibility of recovering the key of the WifiYou will get back the password you had when it was installed. Presumably, if you have not changed the password on your router, this point will be quite useless. The first thing to do is to look on the back (normally) for a button that is embedded in the casing, precisely so that it is difficult to access.

Reset button of a router

With a clip, pinor with the very tip of a fine birosPress it for a few seconds. at least 10 secondsEach model may have a different period of time for it to take effect, so keep an eye on the router's lights so that when they do strange things, you know it's time to release the button and enjoy the router as it was from the factory. It may go without saying, but for this to do any good, the router has to be in the same state as it was in the factory. connected to the power supplynetwork cables are not necessary for this process.

After this we will have the router as we had it at the beginning, and now all we need to do is look for the network access key on the bottom of the device, or in the papers provided by the company that did the installation. This is a very simple way to recover our Wifi passwordHowever, it has its drawbacks, because if we had a specific configuration for our network, we will lose it.

Use a prepared Live USB

If you don't want to losing the configuration If you have a problem with your router by restarting it, or you simply cannot find the default password, you can use one of the most widespread ways that exist for recover the password of your Wifi connectionvia a prepared Live USB. A Live USB is nothing more than an operating system, usually Linux, which does not need to be installed in order to use it, there are many types and for many different specialities, but in this case we are going to need one that has the specific tools to recover a Wifi key.

Wifislax 4.3 desktop

We have chosen the distribution called Wifislax because of the ease of use with respect to the other distributions, therefore light what it is and why it accepts multitude of Wifi cards It is very easy to install it on any kind of device. As an explanatory note, these distributions have been designed exclusively to check the reliability of Wifi connections and to test them, at no time should this information be used to try to steal your neighbour's Wifi or to engage in illegal practices.. In this case we will use it to regaining our own key Wifi.

First of all we will go into the distribution website and we will download the most recent version, if for whatever reason your wifi adapter is not compatible, try WifiWay, BackTrack or the new one Kaliwhich is like BackTrack, but with the important new feature of being compatible with ARM processors, notebooks and other devices, anyway we have in our shop a high gain Wifi antenna already tested with Wifislax and working perfectly. All these distributions are virtually the samebut with different card drivers network and antennas, it is a matter of trying which one suits us best. It is a direct download that will provide us with an ISO image that we are going to insert in a pendrive.

In this step we have two options, either we decompress it with WinRARor we mount it with DAEMON Tools. At this point we put all the files of the ISO on our pendrive (in one of 2Gb it can work, but I recommend one of 4Gb, in our shop you can buy a pendrive with the last distribution of Wifislax installed, more comfort impossible), we open the folder boot and run the file bootinst.batWhen it is correctly mounted, we follow the steps indicated and when it is correctly mounted, it will notify us with a message in English that it can be used for a booting (Disk X: should be bootable now. Installation finished.).

Wifislax boot enabled

The next step is to make our computer boot from the pendrive with the distribution, for this we have to configure the necessary parameters from the boot menu. When the computer is booting, we will have to press a specific key to enter this menu (on each computer it is a different one, it can be Esc, F2, F10, F12 o Supr), once inside the menu, enter the boot tab and set as primary, the external USB devices.

We restart the computer with the pendrive plugged in and select Wifislax 4.x to enter, in addition we select Wifislax Auto Graphic Mode if it shows it to us and then we will see how it starts to load the system, just wait for the desktop to appear.

At this point we have a number of variants depending on the encryption of the Wifi key of our routerThere are the WEP and the WPA o WPA2.

Remember: If your Wifi antenna is not compatible with Wifislax, we have in our shop a high gain Wifi antenna already tested with Wifislax, as well as the distribution itself already installed in our official pendrives.

Hacking Wifi WEP keys


These keys are fairly easy to crack, as a security hole was discovered some time ago in the packets sent over the air, in which a number of keys were found. Wifi key bits. For crack a WEP key we will have to go to the start menu->Wifislax->Suite aircrack-ng->airoscript wifislaxwill open a window and show the network devices (eth0 is the wired network, wlan0 is the wireless network, if we have an antenna connected by USB, it will detect it as wlan1), this is where many people can get stuck because not all Wifi cards are compatible with the drivers of the distribution, select the number corresponding to the wireless network card you want to use and press Enter.

A menu will appear where we have to choose the drivers corresponding to your network card, I recommend that you go to testing one by oneWe will know that everything has gone well if it does not give us any errors. Once inside the main menu of the tool we will see 4 options which will be the ones we will use (1) Scanning, 2) Selecting, 3) Attacks y 4) Cracking), to see the networks detected by our antenna, go to the menu 1) ScanIf you want, set the filters you want (both the type of encryption and the channel to be scanned) and it will show you the detected networks in a new window. When you think they are all there, close the window.

Now we go to the next step, we enter 2) Select and we get the same list we had before, but ordered from lowest to highest signal, we select our Wifi network and click that we do not want to select a client (a client is someone who is currently using a Wifi network). We move on to the 3) Attackand we will have to look very carefully at the column #Data since it will depend on it that we recover our key. For this column to move, that is to say, to recover packets, it is necessary that someone is using the Wifi connection at that moment, so if we have a device to connect to our network, the process will be faster, if this is not the case (obviously if we want to recover our Wifi key, it is because we do not have it), the system will automatically make the router generate packets, but it will be much, much slower.

When we see that in the column #Data starts to move, we open (without closing the Attack windowvery important), the 4) Crackingwhich will start examining the packages obtained. to generate the key. From this point on, all we have to do is wait for him to give us the key, and we will see that each time he gives us the key, he will give us the key. 5000 datas (IVs in the 4) Cracking), the system tries to generate the key again. This under good conditions (with a lot of traffic to a client), should not take more than 15 minutes. In the following image we will see how the key will appear when we decrypt it. If it appears in groups of two characters separated by a colon, means that the key is in the format hexadecimalso we will have to reconvert it to ASCII in order to be able to use it, here you have a converter in case you are faced with such an eventuality.

WEP keys without #Datas (no clients)


It may be the case that you do not have another device with the key in it and therefore cannot use a client to upload the data. #DatasIn that case, we will continue to almost the same steps as above to the menu 3) Attacksin which we will select the option 4) Chopchop since we know that no one is connected, therefore no customers. We wait for it to read a few packets and ask us if we want to use the one it shows us on the screen and when it finishes 100% we go back to the previous screen and check the option 3) Chopchop injectionwhich will attempt to inject packets so that the #Datas of the connection go up.

At this point we will see (or should we see) as well as the #Datas are going up very quickly, this is our chance to go to the main menu and finally choose the option 4) Cracking for the programme to start decrypting this data. As in the previous mode, it is now a matter of wait a few minutes The system decrypts the wifi key and displays it in red on the screen, which can be in either hexadecimal or ASCII format, remember.

Hacking WPA or WPA2 Wifi keys


These types of keys are very difficult to obtainSo if you remember at least part of it, so much the better. There are several ways to hacking a WPA or WPA2 key (the only difference is that WPA2 can be longer), and here I am going to explain how to do it from Wifislax, the first thing we have to do are the same steps we did with the WEP key, but up to the point 3) Attacksand wait until you see at the top of the screen that the handshake has been obtained, it will look something like this:

WPA handshake: "The MAC of your router".

When we have this, the programme will have created a capture file that it will use in the next step automatically. We close the window and go to the point 4) CrackingHere it will ask us to include the path to a dictionary we have, in which the key has to be inside. If you remember part of the key, you can create a .TXT and try out various combinations, but if you are not sure, the ideal is to look for a dictionary with a lot of keys in Spanish, here you go the download of the best I have found, I recommend you to use the download program jDownloader as it has many parts.

Having this, we will simply have to drag it to the window where it asks for the route and it will automatically insert it, we press Enter and it will start a process that can take several days, it depends a lot on the power of your PC, also, as I said before, your key may not be in that dictionary, so you may never find it even after such a long wait. Nobody said it was easy.

WPA or WPA2 keys via WPS


Another way to obtain a WPA or WPA2 key is by using an existing vulnerability in the protocol WPSTo take advantage of this, we are going to use the Reaver programme through a very simple to use interface, Inflator. We open the programme and select the antenna we want to use, then it is very important to check the following options Use scan mode(-s) e Ignore frame checksum errors(-C) before hitting the scan button.

It will show a list of all the networks it has detected. with WPS protocol enabledOn the next screen we have the box to enter a WPS pin that we believe to be that of our router (Use the specified 4 or 8 digit WPS pin(-p)). It makes sense that don't have a clue of the WPS pin of your router, for which there is an online database, WPSdbin which they have about 1000 pins different routers, so look up your MAC in their system and keep your fingers crossed that they will give you at least one.

You will see that it gives you 8 or 4 digit WPS pinsIdeally, you should first try the 8-digit pins, as if it is the correct one and there are no problems, it will give you the key instantly. If after trying all the 8-digit digits, you haven't found the one that works for you, try the 4-digit digits. will put the process to the 90%It will take a long time, but not as long as if we do it from the beginning. If you are unlucky enough to find that none of the routers are working for you, you will have to do the whole process, but make sure that it is not a problem with the router itself (that it has some kind of extra protection, that it is switched off or too far away, etc.), so that you do not have to wait several days.

In any case, to check that everything is going well, make sure that you do not get many messages from WARNING and every 15 or 20 seconds, it shows you the percentage of the process increasing. If for any reason the Inflator does not work correctly or you think it is failing in something, you can always use another option a bit more complicated that is also in Wifislax, the WPSCrackGUIwhich does the same thing but with a slightly more complicated interface.

Other ways to hack wifis

In this first part we have seen the forms of hacking WEP and WPA/WPA2 wifis In the following article we will see how we can do it from other platforms, whether they are desktop systems such as Windowsmobile operating systems such as Android, iPhone, Blackberry and Windows Phone or even online tools that will give you the default password of a specific router by simply entering the MAC of the wifi device to hack.

I hope you find this article and the next one useful, and that you leave us any questions you may have in our forum so that we can answer them as quickly as possible. I would like to take this opportunity to ask you a question and reflect on this subject, even if it is with the intention of auditing our own networks, Do you think it is ethical to teach how to use these tools, or should this be completely censored?.

Buy - High gain USB Wifi antenna compatible with WifiSlax, Pendrive with latest version of WifiSlax already installed

More information - How to make a homemade WiFi antenna, Hacking Wifi to get your own key (part 2 and end)

Downloads WifislaxWifiWay, WifiWay, BackTrack, KaliWinRARDAEMON Tools, WPA/WPA2 DictionaryjDownloader

5 thoughts on “Hackear Wifi para sacar tu propia clave (parte 1)”

  1. yo lo que quiero saber como saque una contraseña uifi de uifi slax me salio en mi windows me conectaba directamente desde windows lo formatee y ahora la saco pero solo me puedo conectar con uifi slax muchas gracias

  2. hello very interesting your post but if I am connected from the pc by cable what procedure should I do to recover my password and I have not been able to enter my router because my Internet company does not know what passwords and users they put I have been looking for weeks.

    1. Alberto Navarro

      If you did not change your default access password to the router (not to be confused with the wifi password), you just need to know the IP of the gateway (usually and then look in your router manual to find the default access keys.


      1. as I moved to this house I don't have that manual but I tried with the one that comes with the router in the back sticker with the manual with the ones that come out in a page of default router keys online as there are several tenants all through cable nobody has the wifi key and the only way was through the router can you make a process to get the wifi key or the router key to get the wifi key ? any program or tool of wifislax I have the latest version

        1. Alberto Navarro

          If the password is not the default one, you can reset the router to the factory default. Look for the button that says reset and with a needle or something thin and long, leave it pressed for about 20 or 30 seconds, you will see that the lights start flashing faster and that means that you have the router as it was at the beginning.


Leave a Comment

Your email address will not be published.

Scroll to Top