Home / Technology / Cracking a WPA2/WPA network password, if it is a phone number.

Cracking a WPA2/WPA network password, if it is a phone number.

Quick Disclaimer:
I don’t care what you do with this information, nor am I or the owner of this site responsible for your actions, also if someone was looking for a counter-measures section, read the article and use your common sense.
Welcome to 2016.

Where almost 95% of the networks operate wireless through an Access Point, while the rest %5 are top confidential networks mostly military networks that prefer to isolate from “wi-fi”

We have so many tutorials and how-to’s on “How to hack wifi password 2015,2016” it’s sort of a cliche and also one of the most popular terms that are searched daily, whether it’s a curious kid who just discovered what wi-fi was and had been watching too many Hollywood movies recently (probably how I learned to do it a year ago when I was 12), a top underground serial killer who doesn’t even know how to operate google properly  wants to learn how to do it so that he can sniff all network traffic on the victims network, “information gathering” as we call it (mind my really bad sense of humor).

I’m going to show you how to crack a wifi access point encrypted with either WPA or WPA2 and whatever sub-extensions there might be to those.

I think I’ve done enough with my blabbering around, you probably skipped through all that, lets just quickly overview how we will be carrying out this attack in layman’s terms: Scan for networks, capture and save data on the laptop, return home, and crack the password using a file containing all possible phone number’s there could be. Also known as a dictionary attack.

Most dictionary attack’s are unsuccessful because only %30 use passwords from a dictionary, still quite a lot, but the rest 60% use phone numbers as their passwords (Yes, I know you did) and the rest of the 10% are crazy lunatics like me who value their “doraemon” browsing history a lot and thus keep crazy 25 character passwords containing a combination of lower/upper case characters, numbers and special characters, just so that no one can spy on the network.

Let’s just have a quick overview of how we are going to carry out this attack (technically, this time):

Fire up Kali Linux or Backtrack cuz’ we are lazy enough NOT to go out there and download all the tools ourselves.

Scan for access points, find ours and capture a handshake and store it in a .cap file

Crack the .cap file using aircrack.

Now, I’m assuming you already know how to crack a WPA password, if not just take a brief look at the steps here: http://www.rootsh3ll.com/2015/09/rwsps-wpa2-cracking-aircrack-ng-dictionary-attack-ch3pt4/

Or a video tutorial for all you lazy freaks(I’m more lazy, go google dictionary attack on wpa2 yourself)

^There’s some eye-candy stuff since I wrote alot, soothe your eyes out.

Basically we are just going to create our own dictionary for the attack and this will increase your chances of cracking the password successfully,

Mostly in remote areas and also in coffee shops the owner of the wifi network tend to use phone numbers as their wifi password, according to my research about 70% of all wifi users in Asia, even Dubai, India, Pakistan usually keep their passwords their phone number, so I decided to just tell you guys this is possible if dictionaries don’t work, what we will be doing is also a dictionary attack but we will be generating our own dictionary with almost all phone number possibilities, these lists don’t take alot of time to generate and their file size is usually around 100mb. We will be doing this with a tool called crunch.
Only problem is that you will need to generate a wordlist for each area code, and also mobile carrier codes for best results.
for example In Dubai
So I will be needing around 500mb disk space for these ^
Note: You will be needing Kali Linux or BackTrack for this, or just download crunch for your specific distro.
Let’s get right to the tutorial, here is a video for easy understanding(I did not make this, however if you want an in-depth tutorial on the whole process, just let me know and I might make one)

Or a text tutorial for all you bandwidth saver’s out there:

Use the following command

./crunch 10 10 -t 123%%%%%%% -o /root/123.txt

Explanation of command. 10 refers to the number of characters. The -t command allows you to specify a pattern where only the @’%^ characters will change, in this case the %. The 123 is where the area code will go followed by 7 % characters. The -o is for output and can be saved anywhere. Make sure to save it as a .txt file. This will only take a few seconds and will say 100% when finished. Now you can load these in Gerix, aircrack and bruteforce WPA.

Note: Most cities have multiple area codes. To combine multiple files into one just do a ‘cat 123.txt 456.txt 789.txt >> all.txt’

So basically just replace the starting numbers with your area code or carrier code and bam hit enter and your done, just need to run aircrack on the handshake file now.

There is an easier way of doing this with hashcat but that’s something I don’t really want to write about.

If you are going to go ahead and try to prove my percentages wrong, don’t even think of wasting your time by turning into that lonely keyboard warrior you are who doesn’t have a social life, because they probably are wrong and I don’t care.

About Ons

Hey there, I am just another user on the internet, you can call me a geek. I take huge interest in technology and information security, I also write articles to my pleasure.

Check Also

Pakistan to have the world’s highest ATM, this week.

Pakistan is a pretty known name in the tourism world, also having the second most ...


  1. Nice on. You sure gave me some idea’s ^-^


Leave a Reply

Your email address will not be published. Required fields are marked *