Still think strong passwords are overrated? Think twice!

A few months ago, I wrote about various ways attackers could make attempts on your passwords for nefarious purposes. In case you did not read it, do so here right away. 

Since then, have you really cared to reinforce your passwords to conform to best practices? Some of the discussed password strengthening strategies I highlighted included using unique passphrases that are a mix of 8 characters or more, not recycling passwords for use in more than one site, and using password managers in case you feel overwhelmed by the number of passwords you need to cram and/or use. 

In case you are not convinced that you need to have really good passwords, let me make an attempt to crack a deliberately weak WIFI password from one of my routers. To do this, I will set a generic password i.e. password123 as my WIFI password, and then attempt to crack it. 

While practical, this article is for demonstration purposes. Never attempt to crack passwords at your workplace or target devices and infrastructure belonging to other people more so, without express permission. Doing so will attract legal action as stipulated in local laws such as the Computer Misuse and Cybercrimes Act (2018) and the Data Protection Act (2019). Read the two laws here in case you are not familiar with their existence. 

Let's get started!

Step 1: Setting up vulnerable Access Point

To begin with, I set up my WIFI name to MyHomeNet and assigned password123
as the password. These settings are meant to mimick weak passwords you may have set for devices such as your home router or computers which ultimately become vulnerable to attackers. (Don't worry about the country, I am not in Tanzania as you would be led to believe). Notice that the WIFI security protocol is Wi­Fi Protected Access using a preshared key (WPA2-PSK). This is one of the strongest wireless security protocols in the market. However, this cannot protect you from weak passwords. 

Step 2: Firing up the attack tool 

In this step, I fired up aircrack-ng, a WIFI reconnaissance tool popular for cracking WIFI access points. Starting airmon-ng will disconnect your machine from wifi so as to release the network card into monitor mode. Monitor mode allows the card to indiscriminately capture traffic the same way promiscuous mode would on wired network cards. In simpler terms, the card is listening to everything and anything concerning wireless networks around it. 

Step 3: Capturing data from broadcasting APs in the vicinity of my wireless network card

In this step, while in monitor mode, network traffic from available access points (WIFI networks) was captured and displayed. This capture contained vital information such as AP MAC addresses, channels in use, and signal strength. Here, we are interested in my AP device MAC address (BSSID), the access point ESSID (MyHomeNet), and the client (station) MAC address connecting to it. In this case, the station was my smartphone already connected to the wireless network. Below we can see all the mentioned details. The upper part indicates the access point details while the lower part indicates stations connected to the access points.  

I confirmed that indeed, my phone was the station connected to the AP. Note that the above station MAC address and that of my phone below are identical. 

Step 4: Forcing station de-authentication to capture password hashes upon reauthentication

In this step, I used the aireplay-ng command to force my smartphone to de-authenticate from the AP. I noted that my phone briefly disconnected from WIFI before connecting again. In doing so, it had to reauthenticate with a saved password. In the background, a hash of the password was captured as the smartphone and the AP performed a four-way handshake to reestablish the connection. 

Step 5: Cracking the weak password

The final step involved deciphering the password from the already captured hash. Note that this is the point where having a strong passphrase/password would make the cracking process difficult or impossible. 

Below, I ran a password list (in this case, the famous rockyou.txt ) against the captured password hash to find a match. Since password123 is such as common and uncomplicated password, it was immediately cracked and displayed back to me. 

While this last step was a typical dictionary attack, attackers could use brute force attacks and rule-based attacks to crack passwords as long as they have obtained the password hashes during the de-authentication and reauthentication process. Read about these password attacks here. Beware that an attacker could also conduct social engineering and OSINT techniques to derive possible password sets. 

Final thoughts

I have demonstrated how easy it could be for an attacker to crack your access point passwords. While you can certainly not prevent attackers from sniffing networks and obtaining password hashes, you can prevent the successful execution of password breaches. This is done by observing password hygiene practices mentioned previously. Whether you are using a router, a smartphone hotspot, or any other form of wireless network, you are always vulnerable to password attacks. Such attacks may be a precursor to graver challenges such as data theft and network infiltration more so, in an enterprise environment. Always configure your credentials to the highest possible security! 

What are your thoughts? Share and comment below!


  1. Great insights thanks for the information

  2. Remember, making the proper decision from the word go present you with|provides you with} the most effective chances of profitable even a jackpot. You'd danger 소울카지노 your winnings, and could get} your account banned. Instead, use proven video poker technique and suggestions and land some winnings the proper means. Many gamers mistakenly assume that keeping a kicker provides them a better probability to win with a better payout.

  3. After the change is made, the machine must be locked to new gamers for 4 minutes and show an on-screen message informing potential gamers that a change is being made. Historically, many casinos, both online and offline, have been unwilling to publish individual recreation RTP figures, making it inconceivable for the player to know whether they are taking 토토사이트 part in} a "free" or a "tight" recreation. Historically, all slot machines used revolving mechanical reels to show and determine outcomes.

  4. In contrast, you can to|you probably can} play the 코인카지노 free bonus round of Rainbow Riches Reels of Gold without spending cash within the demo mode. Playing demo slots also can give you a glimpse into method to|tips on how to} play slots on-line. When they first start half in}, punters must set the number of paylines they need to bet on and modify their bet measurement accordingly.


Post a Comment

Impressed? Leave a comment!

Was that insightful? Read more articles below

Enough with Numbers and Versions!

Password Attacks: How Much do you Know?

Mobile Viruses - The Stronger Foes