How to steal Wi-Fi.
And how to keep the neighbors from stealing yours.
When I moved into a new neighborhood last week, I expected the usual hassles. Then I found out I’d have to wait more than a month for a DSL line. I started convulsing. If I don’t have Net access for even one day, I can’t do my job. So, what was I supposed to do? There’s an Internet café on the next block, but they close early. I had no choice—it was time to start sneaking on to my neighbors’ home networks.
Every techie I know says that you shouldn’t use other people’s networks without permission. Every techie I know does it anyway. If you’re going to steal—no, let’s say borrow—your neighbor’s Wi-Fi access, you might as well do it right. Step one: Lose the guilt. The FCC told me that they don’t know of any federal or state laws that make it illegal to log on to an open network. Using someone’s connection to check your e-mail isn’t like hacking into their bank account. It’s more like you’re borrowing a cup of sugar. (Unless you hog their bandwidth by watching lots of streaming video—that’s like hijacking a sugar truck. )
In the end, it’s your neighbor’s Internet service provider—not your neighbor—who will pay for the added traffic, and the ISP has already factored a small amount of line-sharing into their price plan. It is true that your surfing could cause the folks next door to break their service contract—many broadband providers do specifically forbid home customers from sharing a connection. But let’s deal with those abstract ethical issues later—you have important mail to answer!
If you want to find a Wi-Fi network, don’t start by looking on the sidewalk for chalk marks. “Warchalking, ” a technique for writing symbols in public places to alert neighbors to nearby wireless access points, is a cool concept that’s been undermined by the fact that no one has ever used it. The best method to find some free wireless is to treat your laptop like a cell phone. Since Wi-Fi and cell phone signals travel on a similar radio frequency, the same tricks you use for getting a better phone connection might work on your computer. Sit near a window, since Wi-Fi signals travel better through glass than through solid walls. Stay away from metal objects. Pay close attention to your laptop’s orientation—rotating your machine just a few degrees could help you pick up a network that you couldn’t see before. Raise your laptop over your head, put it flat on the floor, tilt it sideways while leaning halfway out the window—get out the divining rod if you have to. You might get a reputation for being some sick laptop yoga freak, but isn’t free Internet worth it?
If you live downtown or in a suburb where the houses are close together, a few minutes of laptop gymnastics will probably reveal several Wi-Fi networks. Certain names are a giveaway that a network probably won’t be password-protected. Look for “linksys, ” “default, ” “Wireless, ” “NETGEAR, ” “belkin54g, ” and “Apple Network 0273df. ” These are the default network names for the most popular wireless routers. If a network owner hasn’t taken the time to change the default name, that’s a good clue that they probably won’t have a password either. You should also look for signs of hacker culture. Since hackers love giving away Net access, an all-lowercase name like “hackdojo” is most likely an invitation to log on. On the other hand, a name in all caps is typically a network under corporate lockdown.
If you do get prompted for a password, try “public”—that’s the default on many of Apple’s AirPort units. You can also try common passwords like “admin, ” “password, ” and “1234”—or just check out this exhaustive list of default passwords. You should also try using the name of the network in the password space. A generic password could mean that the network’s owner didn’t have the sense to pick something less obvious or that they’ve decided to welcome outsiders. But who cares? You’re in. And again, there’s no specific law barring you from guessing the password, as long as you don’t crack an encrypted network and read other people’s transmissions.
You can tell that you’ve successfully joined a wireless network when your laptop’s IP address changes as it’s assigned a local number by the network’s router. To watch it happen on a PC, keep the Network control panel in Windows open; if you have an Apple notebook, look at the Network section of the System Preferences program. (And if you’re running Linux, I don’t need to tell you where to look. ) Once your laptop has an IP address, your next hurdle is getting DNS to work. DNS stands for Domain Name Service—it’s what translates Internet domains like “” into IP addresses like 207. 46. 141. 216. On most networks, DNS works automatically. But if you get a browser error like “Cannot find server, ” go back to your network menus and configure your laptop to use a public name server—144. 162. 120. 230 in Dallas, for instance.
Once DNS is working, you should be good to go. While you should be able to surf the Web with no problems, you may have trouble sending mail from Outlook or other desktop programs because of restrictions on e-mail routing that have been set up to stop spammers. If you have problems, just use a Web-based mail service like Hotmail or Gmail instead.
Keep in mind that the neighbors may not be thrilled that you’re sharing the line. One guy next door to my new building shut off his network the day after I moved in, probably because he got spooked by all those blinking LEDs on his router. Even neighbors who are happy to share may see you in a different light if they check their router’s URL logs and find a few hundred hits on porn sites. While your browsing will show up under an anonymous address, the short range of Wi-Fi means that they’ll at least be able to figure out that one of the laptop owners within 100 feet of their living room is a stuffed animal fetishist. (As a San Franciscan, I need to point out that a stuffed animal fetish is perfectly normal. It’s your neighbors who have the problem. )
Since everyone isn’t as eager to share their network as I am, it’s only fair to explain that there’s an incredibly easy way to keep neighbors and drive-by geeks off your network. All you have to do is set a password that isn’t as obvious as “1234. ” There’s an eye-glazing list of Wi-Fi security measures you can implement to block overachieving Russian teens from monitoring your keystrokes, but in real life the only people sniffing your wireless signal are jerks like me who need a place to log on until the phone company wires the apartment. An unguessable password sends as clear a message as a shot of Mace: Go find a Starbucks, creep.
Clarification, Nov. 22, 2004: There are some laws that could be used to charge you with unauthorized computer use, but my legal sources say that because there are so many networks left open to the public on purpose, it would be tough for an individual to make the legal case that their intent was to keep everyone off their network if it’s not password-protected. If you stick to surfing the Web and not other people’s PCs, you’ll probably be safe from prosecution.
How to Hack Wi-Fi Passwords | PCMag
Chances are you have a Wi-Fi network at home, or live close to one (or more) that tantalizingly pops up in a list whenever you boot up your laptop or look at the problem is, if there’s a lock next to the network name (AKA the SSID, or service set identifier), that indicates security is activated. Without a password or passphrase, you’re not going to get access to that network, or the sweet, sweet internet that goes with rhaps you forgot the password on your own network, or don’t have neighbors willing to share the Wi-Fi goodness. Pre COVID-19, you could just go to a café, buy a latte, and use the “free” Wi-Fi there (vaccines willing, maybe you’ll do it again soon). Download an app for your phone like WiFi-Map (available for iOS and Android), and you’ll have a list of millions of hotspots with free Wi-Fi for the taking (including some passwords for locked Wi-Fi connections if they’re shared by any of the app’s users). However, there are other ways to get back on the wireless. Some require such extreme patience that the café idea, even in quarantine, is going to look pretty good. Read on if you can’t wait.
Windows Commands to Get the KeyThis trick works to recover a Wi-Fi network password (AKA network security key) only if you’ve previously attached to the Wi-Fi in question using that very password. In other words, it only works if you’ve forgotten a previously used works because Windows 8 and 10 create a profile of every Wi-Fi network to which you connect. If you tell Windows to forget the network, then it also forgets the password. In that case, this won’t work. But few people ever explicitly do requires that you go into a Windows Command Prompt with administrative privileges. Click the Star Menu, type “cmd” (no quotes), and the menu will show Command Prompt; right-click that entry and select Run as administrator. That’ll open the black box full of text with the prompt inside—it’s the line with a right-facing arrow at the end, probably something like C:\WINDOWS\system32\>. A blinking cursor will indicate where you type. Start with this:netsh wlan show profile
The results will bring up a section called User Profiles—those are all the Wi-Fi networks (aka WLANs, or wireless local area networks) you’ve accessed and saved. Pick the one you want to get the password for, highlight it, and copy it. At the prompt below, type the following, but replace the Xs with the network name you copied; you only need the quotation marks if the network name has spaces in it, like “Cup o Jo Cafe. “netsh wlan show profile name=”XXXXXXXX” key=clearIn the new data that comes up, look under Security Settings for the line Key Content. The word displayed is the Wi-Fi password/key you are macOS, open up the Spotlight search (Cmd+Space) and type terminal to get the Mac equivalent of a command prompt. Type the following, replacing the Xs with the network curity find-generic-password -wa XXXXXReset the RouterThis isn’t for getting on someone else’s Wi-Fi in the apartment next door. You need physical access to the router for this to work. But, before you do a full router reset simply to get on your own Wi-Fi, try to log into the router first. From there, you can easily reset your Wi-Fi password/key if you’ve forgotten ‘s not possible if you don’t know the password for the router. (The Wi-Fi password and router password are not the same—unless you went out of your way to assign the same password to both). Resetting the router only works if you have access via Wi-Fi (which we’ve just established you don’t have) or physically, utilizing an Ethernet you’ve got a router that came from your internet service provider (ISP), check the stickers on the unit before a reset—the ISP might have printed the SSID and network security key right on the use the nuclear option: Almost every router in existence has a recessed reset button. Push it with a pen or unfolded paperclip, hold it for about 10 seconds, and the router will reset to the factory settings.
Once a router is reset, you’ll need that other username/password combo to access the router itself. Again, do this via a PC attached to the router via Ethernet—resetting the router probably killed any potential Wi-Fi connection for the moment. The actual access is typically done with a web browser, though many routers and mesh systems now can be controlled via an routers may also have a sticker with that default Wi-Fi network name (SSID) and network security key (password) so you can indeed go back on the Wi-Fi after a URL to type into the browser to access a router’s settings is typically 192. 168. 1. 1 or 192. 0. 1, or some variation. Try them randomly; that generally works. To determine which one on a PC connected to the router via Ethernet, open a command prompt and type ipconfig. Look among the gobbledygook for an IPv4 Address, which will start with 192. The other two spaces, called octets, are going to be different numbers between 0 and 255. Note the third octet (probably a 1 or 0). The fourth is specific to the PC you’re using to log into the the browser, type 192. x. 1, replacing the X with the number you found in the ipconfig search. The 1 in the last octet should point at the router—it’s the number one device on the network. (For full details, read How to Access Your Wi-Fi Router’s Settings. )At this point, the router should then ask for that username and password (which, again, is probably not the same as the Wi-Fi SSID and network security key). Check your manual, assuming you didn’t throw it away, or go to, which exists for one reason: to tell people the default username/password on every router ever created. You’ll need the router’s model number in some cases, but not all.
You will quickly discern a pattern among router makers of utilizing the username of “admin” and a password of “password, ” so feel free to try those first. Since most people are lazy and don’t change an assigned password, you could try those options even before hitting the reset button. (But c’mon, you’re better than that. ) Once you’re in the Wi-Fi settings, turn on the wireless network(s) and assign strong-but-easy-to-recall passwords. After all, you don’t want to share with neighbors without your that Wi-Fi password easy to type on a mobile device, too. Nothing is more frustrating than trying to get a smartphone connected to Wi-Fi with some cryptic, impossible to key-in-via-thumbs nonsense, even if it is the most secure password you’ve ever the CodeYou didn’t come here because the headline said “reset the router, ” though. You want to know how to crack the password on a Wi-Fi arching on “wi-fi password hack, ” or other variations, nets you a lot of links—mostly for software on sites where the adware and bots and scams pour like snake oil. The same goes for the many, many YouTube videos promising you ways to crack a password by visiting a certain website on your phone. Download those programs or visit those sites at your own risk, knowing many are phishing scams at best. We recommend using a PC you can afford to mess up a bit if you go that route. When I tried it, multiple tools were thankfully outright deleted by my antivirus before I could even try to run the EXE installation file.
Recommended by Our Editors
Kali LinuxYou could create a system just for this kind of thing, maybe dual-boot into a separate operating system that can do what’s called “penetration testing”—a form of offensive approach security, where you examine a network for any and all possible paths of a breach. Kali Linux is a Linux distribution built for just that purpose. You probably saw it used on Mr. Robot. Check out the video tutorial can run Kali Linux off a CD or USB key without even installing it to your PC’s hard drive. It’s free and comes with all the tools you’d need to crack a network. It even has an app for Windows 10 in the Windows App you don’t want to install a whole OS, then try the tried-and-true tools of Wi-Fi rcrackAircrack has been around for years, going back to when Wi-Fi security was only based on WEP (Wired Equivalent Privacy). WEP was weak even back in the day; it was supplanted in 2004 by WPA (Wi-Fi Protected Access). Aircrack-ng is labeled as a “suite of tools to assess Wi-Fi network security, ” so it should be part of any network admin’s toolkit. It will take on cracking WEP and WPA-PSK keys. It comes with full documentation and is free, but it’s not simple. To crack a network, you need to have the right kind of Wi-Fi adapter in your computer, one that supports packet injection. You need to be comfortable with the command line and have a lot of patience. Your Wi-Fi adapter and Aircrack have to gather a lot of data to get anywhere close to decrypting the passkey on the network you’re targeting. It could take a while. Here’s a how-to on doing it using Aircrack installed on Kali Linux and another on how to use Aircrack to secure your network. Another similar option on the PC using the command line is the much stronger WPA/WPA2 passwords and passphrases is the real trick. Reaver-wps is the one tool that appears to be up to the task. You’ll need that command-line comfort again to work with it. After two to 10 hours of brute-force attacks, Reaver should be able to reveal a password… but it’s only going to work if the router you’re going after has both a strong signal and WPS (Wi-Fi Protected Setup) turned on. WPS is the feature where you can push a button on the router and another button on a Wi-Fi device, and they find each other and link auto-magically, with a fully encrypted connection. It’s the “hole” through which Reaver if you turn off WPS, sometimes it’s not completely off, but turning it off is your only recourse if you’re worried about hacks on your own router via Reaver. Or, get a router that doesn’t support WPS. Hacking Wi-Fi over WPS is also possible with some tools on Android, which only work if the Android device has been rooted. Check out Wifi WPS WPA Tester, Reaver for Android, or Kali Nethunter as Top-Rated Routers
Like What You’re Reading?
Sign up for Security Watch newsletter for our top privacy and security stories delivered right to your inbox.
Hacking your neighbour’s Wi-Fi – the mango zone
Hey kid, wanna hack some Wi-Fi?
This article is your 100% lactose-free guide to hacking home Wi-Fi. By the end it’s okay to feel afraid, insecure, or even the urge to bulk-purchase home networking equipment. It’s okay. We’ve all been there.
Isn’t is strange how when you move into a place and get an internet connection, you typically get given a home router as part of the package? Isn’t it strange how this router is held together using nothing but matchsticks, broken promises, and man’s hubris?
Did you know that anyone nearby can kick you off a Wi-Fi network?
Did you know your phone constantly broadcasts the names and locations (by proxy) of every Wi-Fi network you’ve ever connected to?
Yeah it’s all pretty broken hey?
Below are the steps for breaking it more.
Step 0: Don’t actually do this
I’m using “your neighbour” as an easy-to-remember example here.
You might be having what seems like a genius idea, and that’s “wowee I should hack my neighbour’s wifi because uhhhhhh”. This idea is a bad one, in the same way that trying to break into your neighbour’s house is a bad idea.
If you want to actually hack some Wi-Fi, try disconnecting and doing this to your own Wi-Fi.
Step 1: Find the right Wi-Fi
So in our 99. 99999% theoretical scenario, you and your laptop are within range of your neighbour’s Wi-Fi router. You don’t know the password, but you want to connect. Time to do some crimes.
The first thing you’d do is take out your laptop and run airodump-ng, a tool for precisely the job of hacking Wi-Fi.
Here’s what it looks like.
You see the names of nearby Wi-Fi networks and also their “BSSID”, which is a bit like an ID for Wi-Fi networks. It’s actually exactly like that.
Step 2: Get the password hash
Once you know the BSSID of your neighbour’s Wi-Fi, the goal is to get the Wi-Fi password. The router won’t tell you the Wi-Fi password, but it will give up the password hash1.
A password hash is like a scrambled version of the password. You can’t unscramble it. Kinda like how you can’t unscramble scrambled eggs back into the white and the yolk.
We’re going to find the hash by watching……the secret handshake.
The secret handshake
You heard me.
“is that real”
You might be wondering why there’s a secret handshake happening every time you connect to Wi-Fi, and that’s fair enough, I’m glad you asked.
Let’s say you’re a legitimate businessperson just connecting to your home Wi-Fi. No funny business. You know the password. But you need to prove to the Wi-Fi that you know the password. And the Wi-Fi needs to prove to you that it knows the password. The trouble is, everyone else can hear you.
Wi-Fi is broadcast as radio waves out of your device and router all the time. Anyone within range can hear what you’re saying.
It’s kinda like if you came up to me at a party and you said “I know your Facebook password”. It gets real tense. I nervously glance up at you and say “Really? ”. I want to know if you really do know my Facebook password, but I also don’t want you to just say “Your Facebook password is cooldude69” because everyone else at the party is listening.
So, the secret handshake lets you and the Wi-Fi router both prove you know the password without saying it.
The trick is that by spying on the handshake, an eavesdropper (that’s us) could see:
A randomly chosen bit of text (e. g. 3b5ef)
The same text, encrypted with the Wi-Fi password as the key (b8%&G)
You know the text, you know what it encrypts to, and you know how to do the encryption. The only thing you don’t know is what the key is. This means that you can guess something as the key, and check if your guess was right.
We see “3b53f” encrypts to “b8%&G”
Try encrypting “3b53f” with key “password1” -> “AAERJ” // Wrong!
Try encrypting “3b53f” with key “cooldad1964” -> “b8%&G” // Found it!
What if you just encrypt the text 3b5ef with cooldad1964 as the key, and it happens to encrypt to b8%&G?
Then you know that the password was cooldad1964. And if 3b5ef encrypts to something else, then you know your guess was wrong.
Step 3: Crack the password
So using the trick above, we’re going to just guess the password. The trick is that we’re going to be able to guess passwords way faster than if we were just typing them into the “Enter the password for this Wi-Fi network” box.
So, get out your pen and paper and blow the dust off that compass and straightedge because it’s time to do some encryption.
Just kidding, we’re not going to use pen and paper you big bozo. We’re going to use a graphics card.
Graphics cards are the part inside a computer that lets the computer be able to play 3D games such as PLAYERUNKNOWN’S ALLCAPS Murder Paradise and Viva Piñata: Party Animals. They also happen to be really fast at encrypting stuff.
So we’re going to get a big list of millions of passwords, and try them all to try and guess the Wi-Fi password.
Alright so you know how websites get hacked?
Sometimes, the hackers release the passwords of everyone on the website at the time it got hacked. You may have heard of these as “data breaches”.
Sites that got hacked recently and had passwords publicly exposed include LinkedIn, Adobe, and Myspace.
You, a person with an internet connection, can find these lists via Google. No dark web, no getting behind 7 proxies and insisting that your parents only call you by your “code name”, no nothing.
There are two kinds of home Wi-Fi networks: The kind that are called NETGEAR-7BDFC, which probably have randomly generated passwords, and the kind that are called Chris & Liz 2013, with passwords that are in these password lists.
I’m going to guess that your neighbour’s password is probably in one of the heaps big lists of passwords. But to find out which one it is, we’re going to have to encrypt 3b5ef (in this example) with every single password in the list as the encryption key2, and see if any of them match what we saw the Wi-Fi password encrypt to (b8%&G).
(If your neighbour has one of those randomly generated passwords, then you’re out of luck. JUST kidding click here for a fun time. )
Now that you’ve “acquired” these password lists, you gotta figure out which password is the Wi-Fi password.
Rapid-fire password guessing
Hashcat is software that can take a password list and a hash3 (“b8%&G”) and try to “unhash” it by comparing it to all the passwords in the list. To give you an estimate of how long this takes, my computer can check 10 million passwords in about 10 minutes. Specialised computers overflowing with graphics cards can do this in seconds.
You just plug the file containing the handshake that you got in Step 2 into hashcat, as well as your password lists.
And that’s it. Hashcat will likely just spit out the password, and you can just type it in the Wi-Fi “Enter the password” box. The main part is furiously guessing millions of passwords until we find the right one.
Why does this work?
Because people pick easy-to-guess passwords. English word with the first letter maybe capitalised then one or two numbers? That pattern covers a lot of people’s passwords and a computer can just quickly check all of them.
If you’re an average internet user, your password for everything is the same, and it’s your pet’s name followed by your house number. Even worse, it’s probably a password hackers already have in their password lists. What I’m saying is that on average, most Wi-Fi passwords people choose don’t stand a chance against these password lists.
You can check whether your password has been stolen by hackers (and published) by browsing to
So you can probably hack home Wi-Fi. What’s the point of doing it?
Finding your neighbour’s ISP password
Routers often store the password used to connect to the ISP in their admin pages.
This password would let you prove that you are your neighbour when talking to their ISP. You can cancel their internet all together. You can see their billing information. You are them.
Let me walk you through the complex process of hacking a home router.
First you open up the popular hacking software, Google Chrome, and go to 192. 168. 0. 1, which is usually the IP address of the router.
When you get there, you’ll see something like this.
Easiest admin/admin of your LIFE right there.
Once you’re in the router, the password is in the config page.
Oh no! The password is just dots! Your hacking career is over before it started!
Fear not, young keyboard warlock, for there is a deus ex machina that saves you in this cutscene.
You can Right Click > Inspect Element (hacker voice: i’m in) on the password field, and you’ll see this:
Edit that HTML to remove the type=”password” aaaaaaand
That’s right, the dots were only put there by your browser. The password was under them all along. You were trapped in a prison of your own mind.
Steal your neighbour’s data
So this one isn’t as cool as it used to be, but using ancient forbidden techniques like ARP poisoning (not nearly as cool as it sounds), you can spy on what your neighbour is sending to the internet.
This won’t work for websites with that lovingly hand-forged green HTTPS lock, since your neighbour’s data will be encrypted.
But, there are still plenty of sites that will ask for your password or credit card information over plain ol’ HTTP.
Even for some HTTPS sites (which do not use Certificate Pinning or HSTS or other Dark Rituals), you can force your victim to use plain unencrypted HTTP with SSLStrip.
It’s possible that reading the words on this hypertext page has made you question the bulletproof security of your own home network situation.
Here are some things you can do to stop worrying about your home Wi-Fi security.
1. Absolutely nothing
Don’t even worry about it. The pool of people who can attack your home Wi-Fi is limited to the people in physical range of it.
A website like PayPal is attackable by:
anyone with a computer
Your home Wi-Fi is attackable by:
anyone nearby your house
What I’m saying here is that the chance of someone with skills and motivation to hack your Wi-Fi actually doing it is… small. Probably your neighbours are just that nice family and that one guy who always leaves his beer bottles in your recycling bin.
Anyway that guy’s not gonna hack your Wi-Fi. This is why it’s not a total catastrophe that most people’s Wi-Fi security isn’t very good.
You might leave a spare key under the mat, or not bother to lock your windows even though someone could easily climb through them, because you’re not worried about someone physically breaking in. In the same way, your house probably doesn’t need extra-strong Wi-Fi security.
So don’t worry about it! Go to the beach! Work all day to make a rich dude slightly richer! He might thank you, but probably not! Eat a cupcake! Your Wi-Fi security probably isn’t worth worrying about.
2. Enable Paranoia Mode
“Wait what if there IS someone trying to hack my home Wi-Fi, like my local government or perhaps a particularly intelligent bird? ”
I mean the government has far easier ways to spy on you, but if you really want to tighten up your Wi-Fi security, you can:
Use WPA2-PSK, and change the Wi-Fi password to something unguessable but easy to share (for your guests, of course).
Good examples include fresh*life*fresh*mangoes and gday$one$internet$please. Or randomly generate one like [email protected]&*3Wj if you hate your guests and love typing.
Install custom router firmware like DD-WRT.
This has far fewer security holes than whatever 1997 PHP spaghetti your router came with.
Thanks for taking the time to read this blog post.
Big ol’ thanks to these heroes for their large brains which showed me how to do words more good.
If you want to talk to me about this, @ me on Twitter I guess.