Hack Like ProHow ToWifi

Getting Started with Terms & Technologies


Welcome back, my hacker trainees!

A score of my readers have been begging for tutorials on how to hack Wi-Fi, so with this article, I’m initiating a new series dedicated to Wi-Fi hacks. This will probably be around 6-9 articles, starting with the basics of the technologies.

Image via Shutterstock

I can hear you all groan, but you need to know the basics before you get into more advanced hacking. Then hopefully, developing your own hacks.

Afterward, the following guides will cover wardriving, DOS attacks, password hacking (WEP, WPA, WPA2, WPS, and WPA-enterprise), rogue APs, evil twins, Wi-Fi MitM, and Wi-Fi snooping. Lastly, we’ll examine how to hack Bluetooth (yes, I know, technically it’s not Wi-Fi, but I think you’ll find it interesting).

So, come along for this frequent and amplified ride of Wi-Fi hacking!

Step 1 – Terminology

To really understand how to hack Wi-Fi, we need to dispense with basic terms and technology. First, let’s address some terminology.

To begin, the access point that sends out the radio frequency (RF) signal is known as the AP. These APs are capable of sending out signals (between 2.4 and 5 Ghz) that comply with a number of different standards. These standards are known as 802.11a, 802.11b, 802.11g, and 802.11n. In the very near future, we’ll see a new standard that’s tentatively named 802.11ac.

The table below summarizes the key features of these Wi-Fi standards.

These standards are generally backwardly compatible so that a wireless n adapter will also be able to pick up g and b signals. We will focus upon the most widely used of these standards— b, g, and n.

Step 2Security Technology

From the perspective of the hacker, wireless security technologies are among the most pertinent features. Multiple security technologies have been deployed in Wi-Fi to make an inherently insecure technology secure. Our attack approach will depend upon which of these security technologies is being deployed.

So, let’s take a quick look at them here.


WEP, or wired equivalent privacy, was the first wireless security scheme employed. As it name implies, it was designed to provide security to the end-user that was essentially equivalent to the privacy that was enjoyed in a wired environment. Unfortunately, it failed miserably.

For a number of reasons, WEP is extraordinarily easy to crack because of a flawed implementation of the RC4 encryption algorithm. It’s not unusual to be able to crack WEP in less than 5 minutes. This is because WEP used a very small (24-bit) initialization vector (IV) that could be captured in the datastream, and this IV could then be used to discover the password using statistical techniques.

Despite this, I still find it being used in household and small business implementations, but seldom in an enterprise environment.


WPA was the response by the industry to the revealed weaknesses of WEP. It’s often referred to as WPA1 to distinguish it from WPA2.

WPA used Temporal Key Integrity Protocol (TKIP) to improve the security of WEP without requiring new hardware. It still uses WEP for encryption, but it makes the statistical attacks used to crack WEP much more difficult and time-consuming.


WPA2-PSK is the implementation of WPA2 for the home or small business user. As the name implies, it’s the WPA2 implementation that uses a pre-shared key (PSK). It’s this security standard that is used by most households today, and although it’s far more secure, it’s still vulnerable to various attacks.

A feature that was added in 2007 called Wi-Fi Protected Setup, or WPS, allows us to bypass the security in WP2-PSK . We’ll look at a few attacks on WPA2-PSK in coming weeks.


WPA2-AES is the enterprise implementation of WPA2. It uses the Advanced Encryption Standard or AES to encrypt data and is the most secure. It’s often coupled with a RADIUS server that is dedicated for authentication.

Although cracking it is possible, it significantly more difficult.

Step 3Channels

Like our radio, wireless has multiple channels so that various communication streams don’t interfere with each other. The 802.11 standard allows for channels ranging from 1 thru 14.

In the U.S., the FCC regulates wireless communication and devices for use in the states are only enabled to use channels 1 thru 11. Europe uses channels 1 thru 13 and Japan 1 thru 14. Other nations may also use the full range.

For the hacker, this can be useful information as a rogue AP using channel 12 thru 14 would be invisible to U.S.-made wireless devices and security professionals scanning for rogue access points.

Each channel has a width of 22 Mhz around its central frequency. To avoid interference, an AP can use any of these channels, but to avoid any overlap, channels 1, 6, and 11 are most often utilized in the U.S. The other channels can be used, but because you need five channels between the working channels to not overlap signals, with three or more channels, only 1, 6, and 11 will work.

Step 4 – Datagrams and Frames

An understanding of the structure of wireless datagrams is critical for successful wireless hacking, but is beyond the scope of this introduction. I will introduce some of this information when necessary in future tutorials, but you may want to take some time to study wireless frames and datagrams from other sources.

Step 5 – Signal Strength

In the U.S., the FCC regulates among other things, the strength of the wireless access point’s signal. The FCC says that the access point’s signal cannot exceed 27 dBm (500 milliwatts). Most access points have this limit built-in, but we can change and override this limitation, if the access point is capable of a stronger signal. This may be useful for the hacker in setting up evil twins and rogue access points where strength of signal is critical, among other techniques.

Step 6 – Aircrack-Ng

For nearly all of our Wi-Fi hacking, we will be using aircrack-ng which is included in BackTrack. Even in those hacks where we use other tools such cowpatty or reaver, we will use the aircrack-ng suite of tools for some part of the hack, so we need to become familiar with it.

I’ll probably do a dedicated tutorial on aircrack-ng suite in the very near future.

Step 7 – WiFi Adapters

One of the crucial needs to becoming an effective Wi-Fi hacker is the Wi-Fi adapter. Generally, the Wi-Fi adapter on your laptop or desktop is insufficient for our purposes. The key capability we need is the ability to inject packets into the access point and most run-of-the-mill wireless adapters are incapable of packet injection. Aircrack-ng has a list of Wi-Fi adapters that can work with their suite of tools.

That having been said, I highly recommend Alfa AWUS036NH USB wireless adapter. This is what I use. It’s available from several locations for between $30 to $50.

It does everything I need, is fast, has an external antenna, is recognized by BackTrack, and automatically loads its drivers. In addition, it come in 1000mw and 2000mw versions. That can be critical in rogue access point hacks, despite the fact that the FCC limits signal strength the 500mw.

Step 8 – Attennas

Antennas come in two basic types, omni-directional and directional. Most APs and wireless adapters come with omni-directional antennas, meaning that they send and receive in all directions.

The Alfa card that I recommend comes with an external antenna that is omni-directional, but has a gain of 5dBi (gain is a measure when applied to antennas, of how much the antenna can increase the signal). This means that it can increase the signal by focusing the signal similar to that of a reflector on a flashlight. In addition, it can change position to better receive particular signals as well as a cable and suction cup adapter for mounting on a wall or window.

Directional antennas can also be useful for hacking when attempting to focus your exploits to a remote access point. The literature contains references to Wi-Fi signals that have been sent and received over 100 miles or about 160km using directional antennas. For most commercial directional antennas, you can expect to be able to pick up wireless communication up to 4km or 2.4 miles.

These can be obtained from a variety of sources usually for under $100 with a gain of between 15dBi and 20dBi. A Yagi antenna is an example of a directional antenna that is often used in hacking wireless over significant distances.

That’s It… For Now

So, this begins our exciting journey into Wi-Fi hacking. Very soon, you will be able to hack nearly anyone’s wireless internet, so keep coming back to expand your knowledge and skills in Wi-Fi hacking.

Lovepreet Singh

The Girl in the Spider’s Web Explained Logically

Previous article

Scripting for the Ambitious Hacker, Part 3 (Windows PowerShell)

Next article

You may also like


  1. Buy Dapoxetine Online Buy Viagra Pzifer Brand Informacion Sobre Priligy [url=http://cial40mg.com]cialis[/url] The Least Expensive Cialis Buy Synthroid India Veterinary Keflex

  2. Attractive section of content. I just stumbled upon your website
    and in accession capital to assert that I get actually enjoyed account your blog posts.
    Any way I’ll be subscribing to your augment and even I achievement you access consistently

  3. Can I simply say what a comfort to find somebody that genuinely knows what they are discussing on the net.

    You certainly understand how to bring a problem to light and make it important.
    More and more people really need to look at this and understand this side
    of the story. I was surprised that you’re not more popular since you
    most certainly possess the gift.

  4. Thanks for any other great post. Where else could anyone get that kind
    of info in such an ideal approach of writing? I have a presentation subsequent week, and
    I am on the search for such info.

  5. Cpt Code Cephalexin [url=http://buycialonline.com]canadian pharmacy cialis 20mg[/url] Peut On Avoir Du Viagra Sans Ordonnance

  6. Have you ever thought about publishing an e-book or guest authoring on other websites?
    I have a blog based upon on the same information you discuss and would love to have you share some stories/information. I
    know my readers would enjoy your work. If you’re even remotely
    interested, feel free to send me an e-mail.

  7. Thanks , I have recently been looking for information about this topic for a long time and
    yours is the best I have discovered so far. However, what
    concerning the bottom line? Are you positive concerning the supply?

  8. 2006 Amoxicillin March Mt [url=http://ac-hut.com]cheapest cialis 20mg[/url] Canada Cephalexin Generic Cialis Professional Paypal Comprimes Amoxil

  9. I’m not sure exactly why but this blog is loading incredibly slow for me.
    Is anyone else having this problem or is
    it a problem on my end? I’ll check back later on and see if the problem still exists.

  10. Hi friends, nice piece of writing and fastidious urging commented at this place, I
    am really enjoying by these.

  11. Hello, I do believe your web site could be having web browser compatibility problems.
    When I take a look at your site in Safari, it looks fine however, if opening in IE, it’s got some overlapping issues.
    I merely wanted to give you a quick heads up!
    Besides that, excellent site!

  12. Way cool! Some extremely valid points! I appreciate you
    penning this article and the rest of the site is also really good.

  13. I for all time emailed this web site post page to all
    my associates, as if like to read it then my links
    will too.

  14. It’s an amazing article in favor of all the online visitors; they
    will obtain benefit from it I am sure.

  15. What’s Taking place i’m new to this, I stumbled upon this
    I have discovered It absolutely helpful and it has helped me out loads.
    I hope to contribute & help different customers like its aided me.

    Great job.

  16. Thanks for sharing your thoughts on gamefly free trial.

  17. Hello this is kinda of off topic but I was wanting to know if blogs use
    WYSIWYG editors or if you have to manually code with
    HTML. I’m starting a blog soon but have no coding expertise so
    I wanted to get advice from someone with experience.
    Any help would be greatly appreciated!

  18. What’s up everybody, here every one is sharing these familiarity, so
    it’s pleasant to read this weblog, and I used to
    visit this weblog all the time.

  19. excellent post, very informative. I wonder why the other experts of this sector
    don’t notice this. You must continue your writing.

    I’m confident, you’ve a great readers’ base already!

  20. It’s hard to find experienced people for this subject, however, you sound like you know
    what you’re talking about! Thanks

  21. Having read this I believed it was very enlightening. I appreciate you spending some time
    and energy to put this content together. I once again find myself spending a lot of time both reading and leaving comments.
    But so what, it was still worth it!

  22. Thanks to my father who stated to me regarding this webpage, this weblog is genuinely remarkable.

  23. Ahaa, its nice conversation regarding this paragraph here
    at this web site, I have read all that,
    so now me also commenting here.

  24. Hi, I desire to subscribe for this webpage to
    take most up-to-date updates, so where can i do it please assist.

  25. Hi there, I do think your blog could possibly be having browser compatibility problems.
    Whenever I look at your website in Safari, it looks fine but when opening in I.E.,
    it has some overlapping issues. I merely wanted to give you a quick heads up!
    Other than that, excellent site!

  26. I got this web site from my friend who shared with
    me on the topic of this website and now this time I
    am browsing this web page and reading very informative content at this place.

  27. Excellent blog here! Also your site so much up fast! What host
    are you the use of? Can I am getting your affiliate link on your
    host? I desire my site loaded up as quickly
    as yours lol

Leave a reply

Your email address will not be published. Required fields are marked *