Forum Thread: Wifi Hacking for Passwords

I have today finally successfully cracked a wifi password, and have now access to clients wifi, which as a newbie I'm very excited about!

Goal: get Facebook or hotmail password

The next attempt is to get passwords. Which method would YOU use as the easiest or simplest way? I myself was thinking SSLstrip or dnsspoof, ettercap - it seems like the choices are many!

I do have a Pineapple markV at my disposal.
Let me know which approach you would take :-)

Be advised that this is only for learning and the client is aware of the hacking attempts.

8 Responses

+1 for the professional way of asking the question.

EDIT: Just had a look at other questions you posted. I think you deserve a follower for explaining your problems this well.

There are, like you said, many ways to hack a facebook password once you have access to the network, but they all belong to Man in the middle attacks, or MiTM attacks. We have an entire section about MiTM attacks. I personally would use Ciuffy's strategy and combine it with some kind of packet sniffer (like Wireshark).


Thank you for the well informed response! Yes, thought after posting this subject, that of course my first approach should be a MitM, great that you are letting me know! I will definitely have a look at the strategy you posted, thank you!

I completely agree with Pheonix here. MiTM is the way to go. Also there are all sorts of fun things you can do with your pineapple. It's a device made for wifi hacking!

Just curious. What did you use to crack the wifi password? Was it the pineapple?

Sorry for my late response! And thank you for your answer, it's very appreciated!

For you question, yes i used my pineapple!

De-authenticated the client from their AP, and allowed them to connect to my honeypot. On my pineapple i used dogsplash to create an evil portal, which looked like "access wifi". I had the advantage, that i knew my clients internet company and made it look legit.

What i did is kinda what OTW had written about the Wifiphisher;

So no, i didn't CRACK it, i hacked or more like cheated it out of the client. Which is kinda what you do with the pineapple. It's a fun tool.

If I wanted to get passwords I would probably use wireshark to monitor their traffic first. I just realized that Phoenix already mentioned it though.

There are some pretty swell tutorials that actually use Wireshark to pull the password.

Thank you, all answers are appreciated, and another person mentioning wireshark just confirms it as a great way to go!

I know imma get a lot of critics for this but pishing annyone??

I'm not entirely sure whether you're asking a question or it's a suggestion, would you care to elaborate?

Share Your Thoughts

  • Hot
  • Active