Anyone knows that when trying to connect to secure wireless networks, the message "Enter the network security key" is often displayed. What this key is, what it is for, how it is used, where to find it and how to determine it by various methods, will be discussed further. Actually, each user already knows what it is, but, perhaps, simply does not know about the true state of affairs. In fact, after reading the material presented below, any user will no longer have any questions related to understanding the term itself, and with the methods used to determine such a key.
What is a general network security key?
So, what is the understanding of this term? If anyone does not know, the security of wireless networks is ensured by protection against unauthorized access to the network and encryption of transmitted and received data.
At the same time, the concept of a key is in no way related to the type of encryption used, but refers precisely to ensuring secure entry. As many have probably already guessed, the question of what is a network security key has the only correct answer: this is the most common access password that is entered when requested from the router. It can consist of any set of Latin letters, numbers and symbols.
How it works?
In the question of what a network security key is, one cannot ignore some aspects related to how it works. The fact is that the request does not come from the wireless network itself, but from the used router (router or ADSL modem).
When you try to connect to a network defined by your computer, laptop or mobile device, a request is made from the device, which is fixed on the router. In turn, it ensures the security of wireless networks and gives you a kind of invitation to connect, but with the obligatory confirmation of the access password, which in most cases, except for the use of programs that allow you to calculate the key, provides protection against unauthorized connections. We will dwell on the programs a little later, but for now let's see how you can find out such a password in different systems and on different devices.
How to find the network security key in Windows?
And to begin with, let's consider the Windows desktop operating systems in relation to users who, for whatever reason, have forgotten or lost their passwords to access Wi-Fi. What to do if a computer or laptop connects to the network without problems, but you need to access from another device (for example, from a mobile device). Where can I get the network security key? This problem can be solved quite simply.
First you need to go to the properties of the established connection, using the "Network and Sharing Center". You can call it either through the RMB menu on the connection icon, or go to the corresponding section through the "Control Panel". The properties window uses the security tab, which contains the network name and password. But it is only displayed as dots. How do I find my network security key? Yes, just check the box next to the display of entered characters, and the password will appear before your eyes.
Why it happens? Yes, only because any operating system, even with a one-time connection, saves the entered names of networks and the password to them, not to mention the connection, which is used by default.
Obtaining a key on a router
In principle, if this option does not suit the user with something, you can go a longer way, using the web interface of the router to obtain it. To do this, you need to enter the settings through any web browser by entering combinations starting with 192.168, after which either 0.1 or 1.1 is added (for non-standard router models, the addresses can differ quite a lot).
After that, go to the section of wireless connection (Wireless), and then in the subsection security (Security) find the field labeled as PSK. What is written in it is the desired key. If for some reason you cannot enter the router settings, enter the ipconfig combination in the command line and look in the field of the default gateway. This is the address of the router itself.
Finding a security key in Android
We figured out what a network security key is, and how to find it in Windows. Now let's see how to perform similar procedures on Android mobile systems. Everything is somewhat more complicated here.
If the password is not displayed in its normal form in the connection settings, you will have to look for it in the system files, but to access them on the device you need to have Root rights and any file manager. In the manager, sequentially go through the Data / Music / WiFi directories, and in the latter, open a text document with the name wpa_supplicant.conf, and then find the name of the desired network in the text. The corresponding key will be entered next to the name.
Use of specialized programs
On mobile systems, you can use the free WiFi Password Hacker utility, which, after launching, scans all connections ever made, and after selecting the desired network, displays the access password used for it on the screen.
If you need to find out the password to someone else's network, you will have to use a somewhat illegal technique called brute force. For Windows systems, Aircrack-ng is the most suitable utility, and for Android systems, WIBR. Using them is quite simple, so there is no point in focusing on this. But keep in mind that their use, if not illegal, is at least beyond the bounds of decency.
Instead of a total
That's all there is to addressing issues related to the concept of a security key. Regarding the concept itself, only one conclusion can be drawn - this is the most common access password. As for how to recognize it, I think that there should not be any special questions, since this is done quite simply in any operating system. There may be problems with mobile devices in the absence of access rights to system catalogs, however, to obtain the appropriate rights, you can use, for example, the Kingo Root computer utility, which is first installed on a PC, and then installs its own driver on a mobile device, after which you will have the rights superuser.
Not so long ago, it seemed that a wireless network protected by WPA2 technology was quite secure. It is really possible to find a simple key for connection. But if you install a really long key, then neither rainbow tables, nor even GPU acceleration will help you to harden it. But, as it turned out, it is possible to connect to a wireless network without it - by taking advantage of a recently found vulnerability in the WPS protocol.
WARNING
All information is presented for educational purposes only. Intruding into someone else's wireless network can easily be considered a criminal offense. Think with your head.
The cost of simplifications
There are fewer and fewer open access points to which you do not need to enter a key to connect at all. It seems that soon they can be included in the Red Book. If earlier a person might not even know that a wireless network can be closed with a key, protecting himself from extraneous connections, now he is increasingly being prompted about such a possibility. Take, for example, the custom firmware that leading providers release for popular router models to simplify setup. You need to specify two things - username / password and ... a key to protect the wireless network. More importantly, the OEMs themselves try to keep the setup process straightforward. So, most modern routers support the WPS (Wi-Fi Protected Setup) mechanism. With its help, the user can set up a secure wireless network in a matter of seconds, without bothering himself at all with the fact that "somewhere else you need to enable encryption and register a WPA key." Enter in the system an eight-digit symbolic PIN, which is written on the router - and you're done! And here, hold on tight. In December, two researchers at once talked about serious fundamental gaps in the WPS protocol. It's like a back door for any router. It turned out that if WPS is activated in the access point (which, for a minute, is enabled in most routers by default), then you can choose a PIN for connection and extract a key for connection in a matter of hours!
How does WPS work?
The idea of \u200b\u200bthe creators of WPS is good. The mechanism automatically sets the network name and encryption. Thus, the user does not need to go into the web interface and deal with complex settings. And you can easily add any device (for example, a laptop) to an already configured network: if you enter the PIN correctly, it will receive all the necessary settings. This is very convenient, so all the major players in the market (Cisco / Linksys, Netgear, D-Link, Belkin, Buffalo, ZyXEL) now offer wireless routers with WPS support. Let's figure it out a little more.
There are three options for using WPS:
- Push-Button-Connect (PBC). The user presses a special button on the router (hard) and on the computer (software), thereby activating the setup process. We are not interested in this.
- Entering the PIN in the web interface. The user enters the administrative interface of the router through a browser and enters an eight-digit PIN code written on the device case (Figure 1), after which the configuration process takes place. This method is more suitable for the initial configuration of the router, so we will not consider it either.
- Entering PIN-code on the user's computer (Figure 2). When connecting to a router, you can open a special WPS session, within which you can configure the router or get the existing settings if you enter the PIN correctly. This is already attractive. No authentication is required to open such a session. Anyone can do it! It turns out that the PIN is already potentially susceptible to a bruteforce attack. But these are just flowers.
Vulnerability
As I mentioned earlier, the PIN is eight digits long - hence there are 10 ^ 8 (100,000,000) options to pick. However, the number of options can be significantly reduced. The fact is that the last digit of the PIN-code is a kind of checksum, which is calculated based on the first seven digits. As a result, we already get 10 ^ 7 (10,000,000) options. But that's not all! Next, take a close look at the device of the WPS authentication protocol (Figure 3). It feels like it was specially designed to leave room for brute force. It turns out that checking the PIN is done in two steps. It is divided into two equal parts, and each part is checked separately! Let's look at the diagram:
- If, after sending the M4 message, the attacker received an EAP-NACK in response, then he can be sure that the first part of the PIN is incorrect.
- If he received an EAP-NACK after sending the M6, then, accordingly, the second part of the PIN is incorrect. We get 10 ^ 4 (10,000) options for the first half and 10 ^ 3 (1,000) for the second. As a result, we have only 11,000 options for a complete search. To better understand how this will work, take a look at the diagram.
- An important point is the possible speed of the search. It is limited by the speed of processing WPS requests by the router: some access points will return a result every second, others - every ten seconds. Most of the time is spent on calculating the public key using the Diffie-Hellman algorithm; it must be generated before step M3. The time spent on this can be reduced by choosing a simple secret key on the client side, which will further simplify the calculation of other keys. Practice shows that for a successful result, it is usually enough to sort out only half of all the options, and on average, brute-force takes only four to ten hours.
First implementation
The first brute-force implementation that appeared was the wpscrack utility (goo.gl/9wABj), written by researcher Stefan Fiebeck in Python. The utility used the Scapy library to inject arbitrary network packets. The script can be run only under a Linux system, having previously transferred the wireless interface to the monitoring mode. As parameters, you must specify the name of the network interface in the system, the MAC address of the wireless adapter, as well as the MAC address of the access point and its name (SSID).
$ ./wpscrack.py --iface mon0 --client 94: 0c: 6d: 88: 00: 00 --bssid f4: ec: 38: cf: 00: 00 --ssid testap -v sniffer started trying 00000000 attempt took 0.95 seconds trying 00010009<...> trying 18660005 attempt took 1.08 seconds trying 18670004 # found 1st half of PIN attempt took 1.09 seconds trying 18670011 attempt took 1.08 seconds<...> trying 18674095 # found 2st half of PIN<...> Network Key: 0000 72 65 61 6C 6C 79 5F 72 65 61 6C 6C 79 5F 6C 6F really_really_lo 0010 6E 67 5F 77 70 61 5F 70 61 73 73 70 68 72 61 73 ng_wpa_passphras 0020 65 5F 67 6F 6F 64 6F 6C 75 63 6B 5F 63 72 61 63 e_good_luck_crac 0030 6B 69 6E 67 5F 74 68 69 73 5F 6F 6E 65king_this_one<...>
As you can see, first, the first half of the PIN-code was selected, then the second, and in the end the program issued a key ready to use for connecting to the wireless network. It is difficult to imagine how long it would have taken to find a key of this length (61 characters) with pre-existing tools. However, wpscrack is not the only utility to exploit the vulnerability, and this is a rather funny moment: at the same time, another researcher, Craig Heffner of Tactical Network Solutions, was working on the same problem. Seeing that a working PoC appeared on the Web to implement the attack, he published his Reaver utility. It not only automates the WPS-PIN selection process and extracts the PSK key, but also offers more settings so that an attack can be carried out against a wide variety of routers. In addition, it supports many more wireless adapters. We decided to take it as a basis and describe in detail how an attacker can use a vulnerability in the WPS protocol to connect to a secure wireless network.
HOW-TO
As with any other wireless attack, we need Linux. Here I must say that Reaver is present in the repository of the well-known BackTrack distribution kit, which, in addition, already includes the necessary drivers for wireless devices. Therefore, we will use it.
Step 0. Preparing the system
BackTrack 5 R1 is available for download on the official website as a virtual machine for VMware and a bootable ISO image. I recommend the last option. You can simply write the image to a disc, or you can use the program to make a bootable USB flash drive: one way or another, having booted from such a media, we will immediately have a system ready to work without unnecessary problems.
Wi-Fi Hacking Express Course
- WEP (Wired Equivalent Privacy) The earliest technology for securing a wireless network proved to be extremely weak. It can be cracked in literally a few minutes, using the weaknesses of the RC4 cipher used in it. The main tools here are the airodump-ng sniffer for collecting packets and the aircrack-ng utility, which is used directly to crack the key. There is also a special tool wesside-ng, which generally breaks all nearby points with WEP in automatic mode.
- WPA / WPA2 (Wireless Protected Access)
Brute force is the only way to find a key for a closed WPA / WPA2 network (and even then only if there is a dump of the so-called WPA Handshake, which is broadcast when the client connects to the access point).
Brute force can take days, months and years. To increase the enumeration efficiency, specialized dictionaries were first used, then rainbow tables were generated, and later utilities appeared that used NVIDIA CUDA and ATI Stream technologies for hardware acceleration of the process using the GPU. The tools used are aircrack-ng (dictionary brute force), cowpatty (using rainbow tables), pyrit (using a video card).
Step 1. Login
The default login and password is root: toor. Once in the console, you can safely start "X" (there are separate assemblies of BackTrack - both with GNOME and with KDE):
# startx
Step 2. Installing Reaver
To download Reaver we need internet. Therefore, we connect the patch cord or configure the wireless adapter (menu "Applications\u003e Internet\u003e Wicd Network Manager"). Next, we launch the terminal emulator, where we download the latest version of the utility through the repository:
# apt-get update # apt-get install reaver
Here I must say that version 1.3 is in the repository, which personally did not work for me correctly. Looking for information about the problem, I found a post by the author who recommends updating to the highest possible version by compiling the sources taken from SVN. This is, in general, the most versatile installation method (for any distribution).
$ svn checkout http://reaver-wps.googlecode.com/svn/trunk/ reaver-wps $ cd ./reaver-wps/src/ $ ./configure $ make # make install
There will be no problems with the assembly under BackTrack - checked personally. In the Arch Linux distribution I use, installation is even easier, thanks to the presence of the appropriate PKGBUILD:
$ yaourt -S reaver-wps-svn
Step 3. Preparing for brute force
To use Reaver, you need to do the following:
- put the wireless adapter into monitoring mode;
- find out the name of the wireless interface;
- find out the MAC address of the access point (BSSID);
- make sure that WPS is activated at the point.
First, let's check that the wireless interface is generally present in the system:
# iwconfig
If the output of this command contains an interface with a description (usually wlan0), then the system recognized the adapter (if it was connected to a wireless network to load Reaver, then it is better to terminate the connection). Let's put the adapter into monitoring mode:
# airmon-ng start wlan0
This command creates a virtual interface in monitoring mode, its name will be indicated in the command output (usually mon0). Now we need to find the access point for the attack and find out its BSSID. Let's use the airodump-ng utility for wiretapping wireless broadcasts:
# airodump-ng mon0
A list of access points within range will appear on the screen. We are interested in points with WPA / WPA2 encryption and PSK key authentication.
It is better to choose one of the first in the list, since a good connection with the point is desirable for carrying out an attack. If there are a lot of points and the list does not fit on the screen, then you can use another well-known utility - kismet, where the interface is more adapted in this regard. Optionally, you can check on the spot whether the WPS mechanism is enabled at our outlet. To do this, the wash utility is included with Reaver (but only if you take it from SVN):
# ./wash -i mon0
The parameter is the name of the interface switched to the monitoring mode. You can also use the ‘-f’ option and feed the utility a cap-file created, for example, by the same airodump-ng. For some unknown reason, the wash utility was not included in the Reaver package in BackTrack. Hopefully, by the time this article is published, this error has been fixed.
Step 4. Launch brute force
Now you can proceed directly to brute force PIN. In the simplest case, you need a little to start Reaver. You just need to specify the name of the interface (which we previously transferred to the monitoring mode) and the BSSID of the access point:
# reaver -i mon0 -b 00: 21: 29: 74: 67: 50 -vv
The "-vv" switch enables extended output from the program so we can make sure everything works as expected.
Reaver v1.4 WiFi Protected Setup Attack Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
If the program consistently sends PINs to the access point, then everything started up well, and it remains stupid to wait. The process can be delayed. The shortest time in which I managed to harvest my PIN was about five hours. As soon as it is selected, the program will happily inform you about it:
[+] Trying pin 64637129 [+] Key cracked in 13654 seconds [+] WPS PIN: "64637129" [+] WPA PSK: "MyH0rseThink $ YouStol3HisCarrot!" [+] AP SSID: "linksys"
The most valuable thing here is, of course, the WPA-PSK, which can be used immediately to connect. Everything is so simple that it doesn't even fit in my head.
Can you protect yourself?
You can still protect yourself from an attack in one way - turn off WPS nafig in the router settings. True, as it turned out, this is not always possible. Since the vulnerability does not exist at the implementation level, but at the protocol level, it is not worth waiting for an early patch from the manufacturers that would solve all the problems. The most they can do now is to counter brute force as much as possible. For example, if you block WPS for one hour after five unsuccessful attempts to enter the PIN, the brute-force process will take about 90 days. But another question is, how quickly can such a patch be rolled out to millions of devices that work around the world?
Pumping Reaver
In the HOWTO, we showed the simplest and most versatile way to use the Reaver utility. However, the implementation of WPS differs from manufacturer to manufacturer, so in some cases additional configuration is required. Below I will provide additional options that can increase the speed and efficiency of the key iteration.
- You can set the channel number and SSID of the access point: # reaver -i mon0 -b 00: 01: 02: 03: 04: 05 -c 11 -e linksys
- The '-dh-small' option has a beneficial effect on the brute force speed, which specifies a small value for the secret key, thereby facilitating calculations on the access point side: # reaver -i mon0 -b 00: 01: 02: 03: 04: 05 -vv - -dh-small
- The default response timeout is five seconds. It can be changed if necessary: \u200b\u200b# reaver -i mon0 -b 00: 01: 02: 03: 04: 05 -t 2
- The default delay between attempts is one second. It can also be configured: # reaver -i mon0 -b 00: 01: 02: 03: 04: 05 -d 0
- Some access points may block WPS for a certain time, suspecting that they are trying to get fucked. Reaver notices this situation and pauses the search for 315 seconds by default, the duration of this pause can be changed: # reaver -i mon0 -b 00: 01: 02: 03: 04: 05 --lock-delay \u003d 250
- Some implementations of the WPS protocol will terminate the connection if the PIN is incorrect, although by specification they must return a special message. Reaver automatically recognizes such a situation, for this there is an option '-nack': # reaver -i mon0 -b 00: 01: 02: 03: 04: 05 --nack
- The ‘—eap-terminate’ option is designed to work with those APs that require termination of the WPS session using the EAP FAIL message: # reaver -i mon0 -b 00: 01: 02: 03: 04: 05 --eap-terminate
- Errors in the WPS session may mean that the AP limits the number of attempts to enter the PIN-code, or is simply overloaded with requests. Information about this will be displayed on the screen. In this case, Reaver pauses its activity, and the pause time can be set with the '—fail-wait' option: # reaver -i mon0 -b 00: 01: 02: 03: 04: 05 --fail-wait \u003d 360
FAQ
Q: What kind of wireless adapter do I need to jailbreak?
Answer: Before experimenting, you need to make sure that the wireless adapter can work in monitoring mode. The best way is to check the list of supported hardware on the Aircrack-ng project site. If the question arises about which wireless module to buy, then you can start with any adapter based on the RTL8187L chipset. USB dongles are easy to find online for $ 20.
Q: Why am I getting "timeout" and "out of order" errors?
Answer: This usually happens due to low signal strength and poor connection with the access point. In addition, the access point may temporarily block the use of WPS.
Question: Why is my MAC address spoofing not working?
Answer: Perhaps you spoof the MAC of the mon0 virtual interface, and this will not work. You must specify the name of the real interface, for example, wlan0.
Question: Why does Reaver work poorly with a bad signal, although the same WEP cracking is fine?
Answer: Typically, WEP cracking occurs by re-forwarding the intercepted packets in order to obtain more initialization vectors (IVs) required for a successful cracking. In this case, it does not matter if any packet was lost or was somehow damaged along the way. But for an attack on WPS, strict adherence to the packet transfer protocol between the access point and Reaver is required to verify each PIN. And if at the same time some packet is lost, or comes in an indecent form, then you will have to re-establish the WPS session. This makes attacks on WPS much more signal strength dependent. It is also important to remember that if your wireless adapter sees the access point, this does not mean that the access point also sees you. So if you are the proud owner of a high-power adapter from ALFA Network and an antenna for a couple of dozen dBi, then do not hope that you will be able to break all caught access points.
Question: Reaver sends the same PIN to the access point all the time, what's the matter?
Answer: Check if WPS is activated on the router. You can do this with the wash utility: run it and make sure your target is on the list.
Question: Why can't I associate with an access point?
Answer: This may be due to poor signal strength or because your adapter is not suitable for such surveys.
Question: Why do I keep getting rate limiting detected errors? Answer: This is because the access point has blocked WPS. Usually this is a temporary block (about five minutes), but in some cases a permanent ban can also be thrown in (unblocking only through the administrative panel). There is one unpleasant bug in Reaver version 1.3, due to which the removal of such locks is not detected. As a work-round, it is suggested to use the ‘-ignore-locks’ option or download the latest version from SVN.
Q: Can I run two or more Reaver instances at the same time to speed up the attack?
Answer: Theoretically, it is possible, but if they hammer on the same access point, then the brute-force speed will hardly increase, since in this case it is limited by the weak hardware of the access point, which is already loaded to the full with one attacker.
Personal data and files on a wireless network can sometimes be accessed by unauthorized people intercepting the network signal. This can lead to identity theft and other malicious activity. A network security key or passphrase can help protect your wireless network from such unauthorized access.
Follow the instructions in the Network Setup Wizard to configure the security key.
Note.
- We do not recommend using WEP to secure your wireless network. More secure is Wi-Fi Protected Access (WPA or WPA2). If they do not work when trying to use WPA and WPA2, it is recommended that you replace your network adapter with an adapter that supports WPA or WPA2. All network devices, computers, routers and access points must also support WPA or WPA2.
Encryption methods for wireless networks
There are three types of wireless encryption available today: Wi-Fi Protected Access (WPA and WPA2), Wired Equivalent Privacy (WEP), and 802.1x. The first two methods are detailed in the following sections. 802.1x is commonly used in corporate networks and is not covered here.
Wi-Fi Protected Access (WPA and WPA2)
WPA and WPA2 require the user to provide a security key to connect. After the key is verified, all data transmitted between the computer or device and the access point is encrypted.
There are two types of WPA authentication: WPA and WPA2. Use WPA2 whenever possible as it provides the most security. Almost all new wireless adapters support WPA and WPA2, but some older models do not. WPA-Personal and WPA2-Personal assigns the same passphrase to all users. This mode is recommended for home networks. WPA-Enterprise and WPA2-Enterprise are designed for use with an 802.1x authentication server that provides different keys to all users. This mode is used primarily on work networks.
WEP (Wired Equivalent Privacy)
WEP is an older method of securing a network. It's still available to support legacy devices, but it's not recommended. When WEP is enabled, the network security key is configured. This key encrypts information that a computer transmits over the network to other computers. However, WEP security is relatively easy to crack.
There are two types of WEP security methods: open system authentication and shared key authentication. None of these provide a high level of security, but the public key authentication method is less secure. For most computers and wireless access points, the shared key authentication is the same as the static WEP encryption key that is used to secure the network. An attacker who intercepts messages for successful public key authentication can use analysis tools to determine the public key authentication key and then the static WEP encryption key. Once the static WEP encryption key is determined, an attacker can gain full access to the network. For this reason, this version of Windows does not automatically support network configuration using shared WEP key authentication.
If, despite these warnings, authentication using shared WEP keys is required, follow these steps.
Apparently, it makes no sense to say that most users are faced with a situation when, when trying to connect to a wireless network, the system prompts them to enter the so-called network security key.
What it is, what it is used for and how to find it out, then the conversation will go. Let's consider several options for basic actions that will help even those who have forgotten the set combination for connecting via Wi-Fi.
Wi-Fi security key: what is it and what is it used for?
Let's start with the definition itself. network security, absolutely all users of computers and mobile devices know. Looking at the abstruse name, not everyone can figure out what it is about.
In fact, this is a password that is set in the wireless settings so that someone else does not use it and does not gain access to confidential data, for example, when organizing home wireless networks with sharing files and folders.
Where to get the network security key: options
Many users, entrusting the settings of the wireless connection to the provider's specialists or outsiders, often forget to write down the created password. And only then, for example, when restoring the system after critical failures or when completely reinstalling it, they bite their elbows, remembering the desired combination for accessing the connection and painfully figuring out how to find out the key.To do this, you can try the following actions:
- network tools for Windows systems for desktop computers and laptops;
- configuring router parameters;
- third-party programs;
- brute force (use of brute force) to calculate the password of someone else's connection.
If the first three options are standard and are used in all Windows systems, and the key is determined through a mobile device, then the use of brute force, from the point of view of legality or moral and ethical considerations, can be classified as illegal. Consider all options, including gross interference, but solely for general information purposes.
Using connection settings
So, how do you find out the network security key that is installed for the connection configured on the user's computer or laptop?
In the simplest case, when working with operating systems Windows 7 and below, after calling the properties of the current connection, the necessary section with the security tab will immediately open, where below the password entry field, which by default is shown as asterisks or dots, you must check the box to display the entered characters ... After completing these steps, the network security key can be written down, copied or saved, for example, in a text file.
Similarly, you can access the necessary parameters in the "Network and Sharing Center", which is located in the standard "Control Panel" (in Windows 10, it is easiest to call the control command in the "Run" console). Here, you simply select your connection, go to the wireless properties and use the same security tab.
Security key information in router settings
Equally simple, the Wi-Fi network security key can be found in the router settings. To do this, first, through any available browser, enter the router's web interface, enter a combination like 192.168.0.1 or 1.1 at the end in the address bar, enter the login and password (usually admin for both fields), and then go to the wireless security menu (Wireless Security).
Here a special field will be shown, designated as PSK Password or something else in this spirit, where the desired access combination will be highlighted.
How can I find out the access password on mobile devices?
As for mobile devices, you can also use the activation of the password display field. However, it is not always possible to determine the network security key in this way. In Android operating systems, the password is hidden deep enough, it can be quite problematic to find it without root rights. Nevertheless, if you install them, for example, by installing the Kingo Root driver and secure yourself the superuser rights, there will be no problems.
In this case, you will additionally need to install some file manager like Root Explorer, go to the data \\ music \\ wifi path on the internal storage, find the wpa_supplicant.conf configuration file there, open it with any program for working with text documents (browser or built-in manager tool) and find the desired network name (SSID). Next to the name will be indicated the desired network security key used for access.
You can also use special applets like WiFi Password, after calling which absolutely all connections that have ever been made from this device will be shown. Further, it remains only to activate the field of displaying the network security key and view the necessary data.
Note: on mobile devices, similar to Windows systems, you can enter the settings of the router used through the browser and see the password in its parameters. But this is quite inconvenient.
Calculating a password for someone else's connection
As for brute-force, in most cases specialized programs are used to crack passwords.
For Windows, the most popular utility is Aircrack-ng, and for mobile devices running Android systems, the WBR program. For obvious reasons, questions related to their use and detailed instructions are not covered.
