The question of how to access someone else's Wi-Fi network arises for many Linux users—whether out of curiosity, to test their own security, or to bypass restrictions. However, it's important to understand: Any actions to hack into other people's networks without permission are illegal. In most countries, including Russia. This article is for educational purposes only and is intended for cybersecurity professionals testing their own networks.
Linux offers numerous tools for analyzing Wi-Fi networks, but using them against unauthorized access points can lead to serious consequences, ranging from fines to criminal liability. We'll explore the technical aspects of using such tools. Aircrack-ng, Wifite And Reaver, but we emphasize: all examples apply only to your own networks for security audit purposes.
If you are looking for ways to improve your signal or configure your router, go to the section "Wi-Fi Signal Booster"If you're interested in legal security testing, read on to learn how these tools work and what security measures you can apply to your network.
Legal aspects: what does the law say?
In Russia, Wi-Fi hacking is regulated by several articles of legislation:
- 📜 Article 272 of the Criminal Code of the Russian Federation — "Unauthorized access to computer information." Punishment: a fine of up to 200,000 rubles or imprisonment for up to two years.
- 📜 Article 273 of the Criminal Code of the Russian Federation — "Creation, use, and distribution of malware." Applies when specialized hacking tools are used.
- 📜 Article 138 of the Criminal Code of the Russian Federation — "Violation of correspondence privacy." This applies if user data is intercepted through a hacked network.
Similar laws are in force in Europe and the US: in the US it is Computer Fraud and Abuse Act (CFAA), weight - General Data Protection Regulation (GDPR)Even if the network is not password protected, connecting to it without the owner's permission may be considered a violation.
⚠️ Please note: Case law shows that even a password guessing attempt recorded in the router logs can serve as evidence of guilt. Using a VPN or anonymizer does not guarantee protection from identification.
The exception is testing your own network with the owner's written permission (in the case of corporate networks) or on their personal equipment. For this purpose, they often use written consent for penetration testing (pentest), where the conditions and boundaries of testing are specified.
Preparing the system: what tools will you need?
To work with Wi-Fi in Linux you will need:
- Wi-Fi adapter with monitor mode supportNot all adapters are suitable—models with chips are needed. Atheros (For example, TP-Link TL-WN722N), Ralink or Broadcom, supporting
monitor mode. - A Linux distribution with pre-installed toolsOptimal options:
- 🐧 Kali Linux — a specialized distribution for security testing.
- 🐧 Parrot OS — a privacy-focused alternative to Kali.
- 🐧 BlackArch — an extension for Arch Linux with a huge set of tools.
Before you begin, update your system and install the necessary packages:
sudo apt update && sudo apt upgrade -y
sudo apt install aircrack-ng reaver wash mdk4
⚠️ Warning: Some tools (eg. Reaver) may conflict with modern router firmware that uses brute-force protection. Before testing, check your hardware's compatibility on the official Kali Linux forums.
It is also recommended to disable all unnecessary services and start the system in in isolation mode (for example, via Live USB) to avoid accidental data corruption on the main drive.
Monitor Mode: How to Enable It and Why is It Important?
Monitor mode (monitor mode) allows the Wi-Fi adapter to capture all packets in the air, not just those addressed specifically to your device. This is the basis for traffic analysis and hacking attempts.
To enable monitor mode:
- Check your network interface name:
iwconfigUsually it is
wlan0,wlp2s0or something similar. - Disable the interface:
sudo airmon-ng check killThis command terminates processes that may interfere with your work (for example,
NetworkManager). - Enable monitor mode:
sudo airmon-ng start wlan0After execution, the interface will receive a new name, for example
wlan0mon. - 📡 BSSID — MAC address of the access point.
- 🔒 PWR — signal level (the higher the better).
- 📶 CH — the channel on which the network operates.
- 🔑 ENC — encryption type (WPA, WPA2, WEP).
- 👥 STATION — connected devices (if any).
Check that the mode is enabled:
iwconfig
The output should contain a line Mode:Monitor.
☑️ Checking the monitor mode
If the adapter does not support monitor mode, you will see an error SIOCSIFFLAGS: Operation not permittedIn this case, you will have to use a different adapter or update the drivers.
Network Insights: Airodump-ng and Other Tools
The first step in security testing is collecting data about available networks. This is done using airodump-ng from the package Aircrack-ng.
Start the scan:
sudo airodump-ng wlan0mon
In the output you will see:
To focus on a specific network, specify its BSSID and channel:
sudo airodump-ng --bssid [BSSID] -c [channel] --write capture wlan0mon
This command saves captured packets to a file. capture-01.cap for further analysis.
| Encryption type | Vulnerabilities | Probability of hacking | Time to select |
|---|---|---|---|
| WEP | Outdated protocol, vulnerable to IV attacks | Very high | Minutes |
| WPA/WPA2 (PSK) | Vulnerable to brute force if the password is weak | Medium (depending on password) | From hours to years |
| WPA3 | Resistant to most attacks, vulnerabilities are rare | Very low | Years (if configured correctly) |
| Open network (no password) | Risk of MITM attacks, traffic interception | High (but illegal) | Instantly |
Modern routers with WPA3 and brute force protection (for example, ASUS RT-AX88U or TP-Link Archer AX6000) are virtually invulnerable to standard attacks when configured correctly. If your goal is security testing, start with WEP or WPA2 networks with simple passwords.
Attacks on WEP: Why is this protocol obsolete?
WEP (Wired Equivalent Privacy) is the first Wi-Fi encryption standard, now considered completely insecure. It takes minutes to crack even on low-end hardware.
Attack algorithm:
- Capture enough packets (10,000–50,000):
sudo airodump-ng -c [channel] --bssid [BSSID] -w wep_capture wlan0mon - Wait for it to appear
WEP IVs(initialization vectors). - Run the hack using aircrack-ng:
sudo aircrack-ng wep_capture-01.cap
If there are not enough packets, you can speed up the process by sending deauthentication packets:
sudo aireplay-ng --deauth 10 -a [BSSID] wlan0mon
This will force the devices to reconnect, generating new packets for analysis.
⚠️ Note: WEP networks are extremely rare today (less than 1% of all access points). If you find such a network, it's most likely trap (honeypot) to detect hackers. Connecting to it may result in your MAC address being automatically recorded by law enforcement.
WPA/WPA2 Hacking: Brute-Force and Dictionary Attacks
WPA/WPA2 with Pre-Shared Key (PSK) Vulnerable only to dictionary attacks. Success depends on the password's complexity:
- 🔓 Passwords like
12345678orqwertyare hacked in seconds. - 🔓 Passwords like
Ivanov1985orMoscow2026can fall within hours. - 🔒 Passwords 12+ characters long with mixed case, numbers, and special characters (e.g.
kL9#pQ2!xY4@zR1) are practically impossible to brute force.
To attack you will need:
- Capture handshake (handshake) between the device and the router:
sudo airodump-ng -c [channel] --bssid [BSSID] -w handshake wlan0monWait for the inscription to appear
WPA handshake: [BSSID]. - Use aircrack-ng with a dictionary:
sudo aircrack-ng -w /path/to/dictionary.txt -b [BSSID] handshake-01.cap
Popular dictionaries for brute force:
- 📖 rockyou.txt — the standard dictionary in Kali Linux (~14 million passwords).
- 📖 SecLists — a collection of dictionaries from the project SecLists (includes passwords in different languages).
- 📖 Customized dictionaries created with crunch or cewl (for example, based on data about the network owner from social networks).
The speed of selection depends on the power of your PC:
- 🖥️ On Intel Core i5 With GPU NVIDIA GTX 1060: ~5,000–10,000 hashes/sec.
- 🖥️ On Raspberry Pi 4: ~100–300 hashes/sec (ineffective for complex passwords).
How to speed up brute force?
Use GPU instead of CPU with hashcatFor example, the command to hack handshake via GPU:
hashcat -m 2500 handshake.hccapx /path/to/dictionary.txt -d 1
Where -d 1 Specifies the use of the first GPU device. Speed can increase by 10-50 times compared to the CPU.
Protecting Your Network: How to Avoid Becoming a Victim?
If you are testing your network, here is minimum security measures, which will make her invulnerable to 99% of attacks:
- Use WPA3 instead of WPA2. If your devices don't support WPA3, set up WPA2 with
AES-CCMP(not TKIP!). - Set a complex password at least 15 characters long, for example:
Tr0ub4dour&3-Fo$c0m!Use password managers (Bitwarden, KeePass) for generation and storage.
- Disable WPS (Wi-Fi Protected Setup). This protocol is vulnerable to attacks. Reaver And Pixie Dust:
- Hiding the SSID It doesn't improve security - that's a myth. Instead, configure
MAC filtering(although it can also be bypassed). - Update your router firmware at least once every six months. Vulnerabilities in older versions (for example,
CVE-2019-11510V TP-Link) allow you to bypass protection.
Additional measures for advanced users:
- 🛡️ Set up guest network with a separate password for visitors.
- 🛡️ Use VLAN for isolating IoT devices (smart bulbs, cameras).
- 🛡️ Turn on logging connection attempts and set up notifications (for example, via Telegram-bot).
Routers with support IEEE 802.11w (PMF) Protected against deauthentication attacks used to capture handshake data. Enable this option if available in the settings.
Alternative methods: social engineering and phishing
Technical attacks often fail due to modern security measures. In such cases, attackers resort to social engineering - manipulation of people to obtain a password.
Common schemes:
- 🎣 Phishing pagesAn attacker creates a fake Wi-Fi login page (for example, mimicking a hotel portal) and distributes it over an open network.
- 📞 Calls from "support service"The scammer poses as a provider employee and asks for a password to "test the connection."
- 📋 Password snoopingIf the password is written on a sticker on the router or monitor, it can be seen in photos on social media or through a webcam.
Example of a phishing attack through Evil Twin:
- A clone of a legitimate network is created with the same SSID, but a stronger signal.
- Users connect to the clone, where they are prompted to "update their password."
- The entered data is transmitted to the attacker.
To protect against such attacks:
- 🔐 Never enter your password on unfamiliar pages.
- 🔐 Check your SSL certificate (click the lock in your browser's address bar).
- 🔐 Use VPN on public networks to avoid traffic interception.
⚠️ Attention: In Russia, the creation of phishing pages is classified as Article 159.6 of the Criminal Code of the Russian Federation ("Computer information fraud") and is punishable by imprisonment for up to 5 years.
FAQ: Answers to frequently asked questions
❓ Is it possible to hack Wi-Fi without Kali Linux?
Yes, but it's more complicated. You'll need to install the tools manually (Aircrack-ng, Reaver) on any Linux distribution. Kali Linux comes with everything you need out of the box, saving you time.
❓ Why can't I capture a handshake?
Possible reasons:
- The adapter does not support monitor mode or is unstable.
- The network uses 802.11w (PMF), which blocks deauthentication.
- You are too far from the router (signal level below -70 dBm).
- There are no active devices on the network that could initiate a handshake.
Solution: Move closer to the router, check the adapter for compatibility, or use a directional antenna.
❓ How can I protect myself from WPS attacks?
Disable WPS in your router settings. If this option is unavailable (for example, on some models) D-Link), update the firmware or replace the router. WPS is vulnerable to attacks. Reaver And Pixie Dust, which allow you to pick up a PIN code in a few hours.
❓ Is it legal to test someone else's network with the owner's permission?
Yes, but only if available written consent indicating:
- Testing purposes.
- List of tools used.
- Time frames.
- Confidentiality terms (what will happen with the received data).
Without such consent, even a "benevolent" pentest can be considered a hack.
❓ Is it possible to hack Wi-Fi via a smartphone?
Technically yes, but extremely inefficient. This would require:
- Root access on Android or jailbreak on iOS.
- Installation Termux and manual compilation of tools (Aircrack-ng not ported to ARM).
- External Wi-Fi adapter with monitor mode support (built-in smartphone adapters are not suitable).
The speed of password cracking on a smartphone is 100-1000 times slower than on a PC due to a weak processor.