Forum Thread: [HELP] [NEWBIE] Is There Any Other Way to Hack a Wifi (WPA2) Not Using Reaver and Dictionary Attack?

[HELP] [NEWBIE] Is There Any Other Way to Hack a Wifi (WPA2) Not Using Reaver and Dictionary Attack?

Hey all u guys, it's me again with another question. First i just wanna say thanks to your support on my previous asking thread i very appreciated!

So today i have a problem to ask, as the title, i just wonder (of course this is WonderHowTo, i wonder a lot, lol) if there is anyway to hack a WPA2 Wifi AP beside using Reaver and Dictionary Attack.

I did research on Null-byte either Google but what i only got was Reaver and Dict attack (aircrack-ng by master OTW <~ awesome tut, Wifite, cowpatty, etc.)

Just because i don't live in US or any Europe countries (sorry i can't tell u guys my real country) so the dict attack seem not working well, also i did search for a Wordlist suit my country language but there was nothing on the internet TT. TT I already got the .cap file (tnx to master OTW's thread) but i can't crack it TT. TT

And also i can't use Reaver because... i really don't know why but when i do Reaver attack it seem to show some errors, then the terminal screen get stuck there and no response... I guess maybe 'cuz i don't have an external wifi adapter.

But to wrap up, i hope someone can tell me any other ways to hack a WPA2 wifi AP without using 2 menthods mentioned above. That will help me very much! Thank guys!

29 Responses

you can try the default password for the AP.

as for the dictionary and language problem, have a look at my tutorial on using CUPP to generate your own wordlists, or my tutorial on how to download bigger, language specific wordlists.


tnx there Phoenix :)) but u told me "try the default passwd"... so that means to guess default or simple password like '12345678', right? or i misunderstood you?

you misunderstood. the default password depends on the router/AP model. for instance, my router's default wifi password is "Admin". you will need to google a bit to find your default password. people don't change it often, which is the reason this can be so successful.


oh i get it :) and your thread about CUPP is very great! It reminds me Elliot generated password using a man name and his dog last name in ep 2 or 3 of Mr. Robot :))) great tut

that scene is in fact based on CUPP :)


If nothing works... you can go with bruteforce... but that takes tooooo long..

Hey tnx 4 your reply! Can u give me a link to check it out, please! Thanks :)

Just google bruteforce wpa2.. im sure therell be loads of results

chek messages

You could use an Evil Twin.

tnx 4 ur advice Joe! i read a thread about Evil Twin before, but I'm just afraid my laptop stock wifi adapter will not work well, 'cuz u know, it always sucks, and i don't have external wifi adapter TT. TT but i definitely will try it out to see how far it can go! Thanks 4 your suggestion!

You can also go with "Evil Twin Attack"

What you can do is.. create a evil Access point with the same name as the victim's.. and redirect it to your localhost which asks for the security key for the AP.. you can see the password dumped in the mysql db.. now all you have to do is send deauthentication packets to the router and it's clients.. so the user will connect to your wifi and u will know the password.. Be Ethical !!

Yea... social engeneering is the best..

I think you should try Pixie Dust WPS attack. I know you said that Reaver didn't work for you, but maybe it will if you use this method. It doesn't work with every router, but when it does it's probably much faster than dictionary attack. Here is a tutorial:

If you are using the newest version of Kali, you can start from number 4, but if you are not maybe try installing the newest version and it might fix your Reaver issues.

Someone once told me that it is possible to sniff the packages from the WPA2 and then use a programm to encrypt the hash codes. Can anyone tell me something about that methode?

No, because Occupy is using there a password list. I search for a way to use the packages we captured as a password list.

Another way would be to get the password out of the packages.

They are what we are trying to decrypt.
Else, I would know what my neighborhood is doing just by firing up my alfa wireless adapter.

That kind of breaks the idea of actually using a password and a MAC to address both client and router.

Isn't there a way to decrypt them without a password list? A hash decrypter or something like that that can give me the password out of the packages?#

Thank you by the way for your help

If the router is using WPA2, there is no known decryption algorithm that break it in reasonable time. You can either use WPS which is relatively fast or a wordlist.

But WPA2 todays are protected by APs like you said in your thread, right?

Protected, but breakable. The password hash is passed in a four-way handshake at authentication with the client. We capture that hash and then hash a password list to see if there is amatch. If there is, we have broken the password.

Thank you for your help Occupy and Ciuffy.

There is one another way. Basically, a phishing attack. use WifiPhisher .

Yea thats like the evil twin... the user on the wifi has to enter his/her password for us to be able to view it..

Ever heard of botnet? I use that for dirty work

router PIN(reaver)
evil twin
social(go there and ask for password,or use a pc in the network you can easily read the password)
or infect some of the users
no other way i know

Share Your Thoughts

  • Hot
  • Active