Complete Network Hacking Course 2026 - Beginner to Advanced

In this lecture we shall talk about some basics that we need to understand before we can start learning how to test network's security.

In this lecture, I will start you off with basic terms used in ethical hacking

I will be talking about some of the basic terms which you will need order to follow this course through. I will go over the three different types of hackers: White Hat Hackers, Grey Hat Hackers and Black Hat Hackers. Everything that we will be doing in this course falls in the white hat category, which include people such pen testers, ethical hackers - people like you and me. The activities of Grey Hat Hacker border between legal and illegal. Black Hat Hackers conduct all sorts of illegal activities: extract new information from certain servers credentials, your card information, take services down usually to extract some sort of financial gain, etc.
I will also go over footprinting, DoS, DDoS, RAT, fishing, rootkit, etc.

Essential Software Tools

In this section, we'll outline the critical software tools you'll need for your cybersecurity lab. This includes installing Kali Linux, setting up virtual machines, and configuring additional tools such as Wireshark, Nmap, and Metasploit. Ensuring you have these tools ready will prepare you for hands-on exercises and real-world scenarios throughout the course.

How to install VirtualBox in a Windows environment

In this lecture, I will show you how to install VirtualBox within a Windows environment. Previously I showed you how to do it in a Linux environment, which is a bit more complex because you do need to add repositories and then pull the packet from the repositories. However in Windows, the process is fairly straightforward and simple.

How to install Kali Linux within a virtual environment.

In this lecture, I will continue with the installation of Kali Linux within a virtual environment. I will also go over more of the things you need to know about this installation. In the following lecture, after the installation is complete, I will show you how to configure it and introduce you to its interface.

How to configure Kali Linux in a virtual environment.

In this lecture, I will continue where we left off in the installation process of Kali Linux in a virtual environment. Now I will show you how to configure Kali Linux, as well as introduce you to the interface. I will also begin walking you through how to do the updates.

Basic Overview of Kali Linux

Kali Linux is a specialized operating system designed for cybersecurity professionals and ethical hackers. It comes preloaded with a wide range of tools used for tasks such as penetration testing, vulnerability analysis, and digital forensics. In this section, you'll learn about the key features of Kali Linux, how to navigate its interface, and the essential tools you'll use for various security assessments. Understanding the basics of Kali Linux is your first step towards becoming proficient in cybersecurity operations.

The Linux Terminal is a powerful tool that allows users to interact directly with the operating system through the Command Line Interface (CLI). Understanding basic functionalities such as file navigation, process management, and system configuration is essential for effective system administration and cybersecurity tasks. The CLI offers greater control and flexibility compared to graphical user interfaces (GUIs), enabling users to execute commands, automate tasks, and manage system resources efficiently. In this section, you'll learn key commands and techniques to navigate the Linux file system, manipulate files and directories, and perform essential system operations using the terminal. Mastery of the Linux Terminal is crucial for anyone working in a Linux environment, particularly in the field of cybersecurity.

A Media Access Control (MAC) address is a unique identifier assigned to network interfaces for communications at the data link layer of a network segment. Every network device, such as a computer, smartphone, or router, has a MAC address, which is used to ensure proper routing of data within a local network. Unlike IP addresses, which can change, a MAC address is typically hardcoded into the network interface card (NIC) and is intended to be permanent. However, it is possible to change or "spoof" a MAC address using specific tools or commands. Changing a MAC address can be useful for testing network security, bypassing access restrictions, or enhancing privacy. In this section, you'll learn what a MAC address is, its role in network communication, and step-by-step methods for changing it on different operating systems.

Wireless Modes: Managed & Monitor Mode

Wireless network interfaces can operate in different modes, with Managed and Monitor mode being two of the most important for network operations and security assessments.

• Managed Mode is the default mode for most wireless devices, where the network interface card (NIC) connects to a wireless access point (AP) and communicates within a typical network setup. In this mode, the device interacts with a specific network, sending and receiving data through the access point.

• Monitor Mode, on the other hand, allows the NIC to capture all wireless traffic in the air, regardless of the network it is associated with. This mode is crucial for tasks such as packet sniffing and network analysis, as it enables the capture of packets not addressed to the device. Understanding these modes is vital for effective wireless network security assessments and penetration testing.

Wireless Modes: Managed & Monitor Mode

Wireless network interfaces can operate in different modes, with Managed and Monitor mode being two of the most important for network operations and security assessments.

• Managed Mode is the default mode for most wireless devices, where the network interface card (NIC) connects to a wireless access point (AP) and communicates within a typical network setup. In this mode, the device interacts with a specific network, sending and receiving data through the access point.

• Monitor Mode, on the other hand, allows the NIC to capture all wireless traffic in the air, regardless of the network it is associated with. This mode is crucial for tasks such as packet sniffing and network analysis, as it enables the capture of packets not addressed to the device. Understanding these modes is vital for effective wireless network security assessments and penetration testing.

Packet Sniffing Basics Using Airodump-ng

Packet sniffing is a fundamental technique in network security, used to capture and analyze the data packets traveling over a network. Airodump-ng, a tool within the Aircrack-ng suite, is specifically designed for sniffing and capturing packets on wireless networks. It operates in Monitor Mode, allowing you to collect information about nearby Wi-Fi networks, including SSIDs, MAC addresses, signal strength, and encryption methods.

With Airodump-ng, you can:

• Identify Wireless Networks: Discover all wireless networks within range, along with detailed information about each network and its associated devices.

• Capture Data Packets: Collect packets for analysis, which can be used to identify vulnerabilities or prepare for further attacks, such as cracking WEP/WPA keys.

• Monitor Traffic: Track the communication between devices on a network to detect anomalies or unauthorized access.

Learning to use Airodump-ng effectively is crucial for conducting wireless network assessments and understanding how data flows through a network, as well as for identifying potential security weaknesses.

Targeted Packet Sniffing Using Airodump-ng

Targeted packet sniffing with Airodump-ng allows you to focus on capturing packets from specific devices or networks, making your data collection more precise and efficient. Unlike general packet sniffing, which captures all wireless traffic within range, targeted sniffing hones in on particular devices or access points to gather detailed information or prepare for specific attacks.

Here's how you can perform targeted packet sniffing using Airodump-ng:

1. Identify the Target Network: First, use Airodump-ng to scan for nearby wireless networks and identify the target network by its SSID (network name) and BSSID (MAC address).

2. Target Specific Devices: Once you have identified the target network, you can focus on specific client devices connected to that network. Airodump-ng displays the MAC addresses of all devices communicating with the access point.

3. Filter and Capture: Use Airodump-ng's filtering options to capture only the packets related to the target network or device. This focused approach reduces the amount of data collected, making analysis easier and more relevant to your objectives.

4. Save and Analyze Data: The captured packets can be saved to a file for later analysis using tools like Wireshark. This can help you identify potential vulnerabilities, such as weak encryption or unauthorized access points.

Targeted packet sniffing is a powerful technique for cybersecurity professionals, enabling detailed network analysis and the identification of specific security issues within a wireless network.

A deauthentication attack is a technique used by malicious actors to forcibly disconnect devices from a Wi-Fi network by exploiting the IEEE 802.11 protocol's deauthentication frames. This attack, categorized as a denial-of-service (DoS) attack, can be executed without requiring knowledge of the network password.

The attacker sends spoofed deauthentication frames to the target device, impersonating either the access point or the device itself, effectively telling it that it has been disconnected from the network.

This legitimate feature of the Wi-Fi protocol is abused by attackers to disrupt the normal operation of the network for the targeted device, which can be particularly problematic in public spaces or shared networks.

While deauthentication attacks can be used for various purposes, such as capturing WPA/WPA2 handshakes for password cracking or enabling evil twin attacks, it is crucial to note that performing such actions without explicit permission is illegal and unethical, with potentially severe legal consequences.

Gaining access to a Wi-Fi router's settings typically involves using a web browser to navigate to the router's internal IP address, which is commonly 192.168.0.1 or 192.168.1.1. Upon entering the IP address in the browser, users are prompted to log in with a username and password, often defaulting to "admin" for both fields. If these credentials have been changed and forgotten, the router can be reset to factory settings by pressing the reset button for about ten seconds, allowing access with the default credentials again. Once logged in, users can modify various settings, including the Wi-Fi network name (SSID), security mode, and password, enhancing the network's security and performance. It is crucial to change the default login credentials to prevent unauthorized access to the router's settings

Wired Equivalent Privacy (WEP) was once a standard encryption protocol for securing wireless networks, but it is now considered highly insecure due to several vulnerabilities. WEP cracking is the process of exploiting these weaknesses to gain unauthorized access to a network protected by WEP encryption.

Here’s how WEP cracking typically works:

1. Packet Capture: Using tools like Airodump-ng, you capture a large number of data packets from the target WEP-protected network. The goal is to collect enough Initialization Vectors (IVs), which are small, non-secret pieces of data used in the WEP encryption process.

2. Data Injection: To speed up the cracking process, you can perform an ARP (Address Resolution Protocol) replay attack. This involves injecting captured ARP packets back into the network, prompting the access point to generate more packets with new IVs. This significantly increases the rate at which you can capture the necessary data.

3. Cracking the Key: Once a sufficient number of IVs are collected, you can use a tool like Aircrack-ng to analyze the captured packets and attempt to crack the WEP key. The tool exploits the weak implementation of the RC4 encryption algorithm used by WEP to uncover the network key.

4. Gaining Access: After successfully cracking the WEP key, you can use it to connect to the network as an authorized user, gaining full access to its resources.

While WEP cracking demonstrates the vulnerabilities of outdated encryption methods, it also underscores the importance of using stronger, modern encryption protocols like WPA2 or WPA3 to protect wireless networks.

In this video we shall learn the basics of cracking WEP encryption , the target is a WEP encrypted network with active clients.

A Fake Authentication Attack is a technique used to associate with a target wireless network without having the correct credentials or key. This attack is often a precursor to other attacks, such as packet injection or WEP cracking, and is particularly useful in situations where an attacker needs to establish a connection with a network that uses open or WEP encryption.

Here’s how a Fake Authentication Attack typically works:

1. Identify the Target Network: First, the attacker identifies the target network by capturing packets using tools like Airodump-ng. The network’s SSID and BSSID are necessary to carry out the attack.

2. Initiate Fake Authentication: The attacker then uses a tool like Aireplay-ng to send authentication frames to the target access point (AP). This frame pretends to be from a legitimate client attempting to connect to the network. Since WEP networks do not have strong authentication mechanisms, the AP often accepts the fake authentication request, even if the attacker does not possess the correct WEP key.

3. Establish Connection: Once the AP accepts the fake authentication, the attacker is effectively associated with the network. This association allows the attacker to proceed with further attacks, such as capturing more data packets or launching an ARP replay attack to accelerate WEP cracking.

4. Persistence: In some cases, the attacker might need to continuously send keep-alive packets to maintain the fake authentication. Tools like Aireplay-ng can automate this process, ensuring the attacker remains associated with the network for as long as necessary.

The Fake Authentication Attack is a key step in wireless penetration testing, particularly when dealing with older, less secure encryption protocols like WEP. Understanding and defending against such attacks is crucial for maintaining network security.

An ARP Request Replay Attack is a technique used in wireless network security testing to accelerate the process of capturing data packets, particularly when cracking WEP encryption. By injecting ARP request packets into the network, the attacker forces the access point (AP) to generate a large number of encrypted response packets, which can then be captured and used to crack the WEP key.

Here’s how the attack works:

1. Identify the Target Network: The attacker first identifies a WEP-encrypted network and captures some initial packets to confirm the network’s encryption method and gather necessary information like the BSSID (MAC address of the access point).

2. Capture ARP Packets: Using a tool like Airodump-ng, the attacker listens for ARP request packets on the network. ARP packets are ideal because they are small, frequent, and can be replayed to generate a predictable response from the AP.

3. Inject ARP Requests: The attacker uses a tool like Aireplay-ng to inject the captured ARP request back into the network repeatedly. This forced interaction causes the AP to generate many new encrypted packets containing the same Initialization Vector (IV) with each response.

4. Collect Packets: As the AP responds to the injected ARP requests, the attacker captures the resulting traffic, amassing a large number of packets in a short time. The more packets collected, the faster the WEP key can be cracked.

5. Crack the WEP Key: With enough captured packets, the attacker can use a tool like Aircrack-ng to analyze the IVs and eventually crack the WEP key, gaining unauthorized access to the network.

This attack exploits the predictable nature of WEP encryption and highlights the importance of using more secure protocols like WPA2 or WPA3 to protect wireless networks.

A Fragmentation Attack is another method used to crack WEP encryption by exploiting the way WEP handles packet fragmentation. In WEP, data packets can be fragmented into smaller pieces, and each fragment is individually encrypted. The Fragmentation Attack leverages this by manipulating small packet fragments to eventually recover the full WEP key, making it easier to gain unauthorized access to a wireless network.

How the Fragmentation Attack Works:

1. Identify the Target Network: Similar to other WEP attacks, the attacker first identifies the WEP-protected network and gathers preliminary information using tools like Airodump-ng.

2. Capture a Packet Fragment: The attacker then listens for small, encrypted packet fragments that are being transmitted by the access point (AP). A packet with a small payload size is preferred because it requires fewer fragments, making it easier to manipulate.

3. Forge a New Packet: Once a small fragment is captured, the attacker can use it to forge a new packet that has a known plaintext (unencrypted data) and a corresponding ciphertext (encrypted data). This forged packet is crafted to produce more fragments when it is sent back to the network.

4. Inject the Fragmented Packet: The attacker then injects the forged fragmented packet into the network using a tool like Aireplay-ng. The AP will attempt to reassemble the fragmented packet, which can result in the AP sending more packet fragments that the attacker can capture.

5. Recover the Keystream: With enough captured fragments, the attacker can start to recover the keystream used for encryption. This allows the attacker to eventually reconstruct the full WEP key by analyzing the relationships between the fragmented packets.

6. Crack the WEP Key: After enough fragments have been captured and analyzed, the attacker can use tools like Aircrack-ng to crack the WEP key, gaining full access to the network.

Introduction to WPA/WPA2 Cracking

WPA (Wi-Fi Protected Access) and WPA2 are security protocols designed to protect wireless networks by encrypting data transmitted over the network. Unlike WEP, which has significant vulnerabilities, WPA and WPA2 offer stronger encryption methods, including TKIP (Temporal Key Integrity Protocol) for WPA and CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol) for WPA2. However, despite their enhanced security, WPA/WPA2 networks can still be vulnerable to certain types of attacks, particularly when weak passwords are used.

WPA/WPA2 Cracking Methods:

1. Handshake Capture:

   • Four-Way Handshake: When a client device connects to a WPA/WPA2 network, it performs a "four-way handshake" with the access point to authenticate and establish an encrypted connection. This handshake is essential for cracking WPA/WPA2 encryption.

   • Capturing the Handshake: The first step in cracking WPA/WPA2 is to capture this handshake, which contains encrypted data that can potentially be decrypted to reveal the network password. Tools like Airodump-ng are used to monitor and capture this handshake.

2. Deauthentication Attack:

   • Forcing a Handshake: If no handshake is readily available, an attacker can perform a deauthentication attack to force a connected client to disconnect and reconnect to the network. This action triggers the four-way handshake, which the attacker can then capture.

   • Using Aireplay-ng: The attacker sends deauthentication frames to the target client, forcing it to disconnect. When the client reconnects, the handshake can be captured by tools like Airodump-ng.

3. Dictionary or Brute-Force Attack:

   • Cracking the Handshake: Once the handshake is captured, the attacker uses a dictionary or brute-force attack to try different passwords until the correct one is found. This is typically done using tools like Aircrack-ng or Hashcat.

   • Password Complexity: The success of this attack largely depends on the complexity of the password. Weak or common passwords are easier to crack, while strong, complex passwords can be very difficult to break.

4. WPS (Wi-Fi Protected Setup) Vulnerability:

   • WPS Attacks: Some WPA/WPA2 networks use WPS, a feature intended to simplify the connection process. However, WPS has a significant vulnerability that can be exploited to bypass WPA/WPA2 encryption entirely. Tools like Reaver and Bully can be used to exploit this flaw.

   • PIN Recovery: The WPS attack involves recovering the PIN used by WPS to connect devices to the network, which can then be used to retrieve the WPA/WPA2 passphrase.

   • 
     

   These resources provide comprehensive guides and tools for understanding and performing WPA/WPA2 cracking, offering both theoretical and practical insights into how these attacks are conducted and how to defend against them.

Wi-Fi Protected Setup (WPS) is a network security standard designed to make it easier for users to connect devices to a wireless network. WPS allows devices to join a network by pressing a physical button on the router or by entering a PIN. While WPS is convenient, it has a significant vulnerability that can be exploited to gain unauthorized access to WPA/WPA2-protected networks.

How WPS Exploitation Works:

1. Understanding the WPS PIN:

   • WPS uses an 8-digit PIN for authentication. However, this PIN is not as secure as it might seem. Due to the way the WPS protocol is implemented, the PIN is typically verified in two halves (4 digits each), significantly reducing the number of possible combinations an attacker needs to try.

2. Brute-Forcing the PIN:

   • Attackers can use a brute-force method to guess the WPS PIN, taking advantage of the fact that routers often don't implement proper rate-limiting or lockout mechanisms. Tools like Reaver and Bully automate the process of trying different PIN combinations until the correct one is found.

   • Once the correct WPS PIN is discovered, the attacker can retrieve the WPA/WPA2 passphrase, gaining full access to the network.

3. Exploiting Vulnerable Routers:

   • Many routers are vulnerable because they either have WPS enabled by default or do not allow users to disable it. Even if the WPS button is not physically pressed, the PIN-based method can still be active, allowing for remote attacks.

4. Using Reaver:

   • Reaver is one of the most popular tools for exploiting WPS. It works by sending numerous PIN attempts to the target router until it finds the correct one. Reaver requires a compatible wireless network interface that can be put into monitor mode.

   • The basic command to use Reaver is:

     csharpCopy codereaver -i <interface> -b <BSSID> -vv

     
     

   • The -i option specifies the wireless interface, and the -b option specifies the BSSID of the target network.

5. Using Bully:

   • Bully is another tool that performs a similar function to Reaver but is designed to handle routers that have certain protections against Reaver's method. Bully is particularly effective against routers with specific vulnerabilities in their WPS implementation.

6. Defending Against WPS Exploitation:

   • The best defense against WPS exploitation is to disable WPS on your router, if possible. If the router does not allow you to disable WPS, consider upgrading to a more secure device. Additionally, monitoring your network for unauthorized devices can help detect if someone has exploited WPS to gain access.

Capturing a Wi-Fi handshake is a crucial step in testing the security of WPA/WPA2-protected networks. The handshake contains encrypted information that, when captured, can be used in attempts to recover the network password through offline attacks. Here’s an explanation of the process:

1. Understand the Handshake

• The WPA/WPA2 four-way handshake occurs when a device connects to a Wi-Fi network, ensuring both the client and AP know the Pre-Shared Key (PSK).

2. Requirements

• OS: Use Kali Linux or similar.

• Wi-Fi Adapter: Needs monitor mode and packet injection capability.

• Tools: Aircrack-ng or similar tools.

3. Enable Monitor Mode

• Monitor mode allows capturing all packets on a specific channel, including the handshake.

4. Capture Traffic

• Focus on the target network’s channel and BSSID to capture the handshake packets.

5. De-authentication (Optional)

• Force a client to reconnect by sending de-authentication packets to capture a handshake.

6. Analyze the Handshake

• Save and analyze the handshake file with tools to attempt password cracking.

7. Ethical Considerations

• Only capture handshakes on networks you own or have permission to test.

Useful Links:

1. Aircrack-ng Documentation

2. Kali Linux

3. Understanding WPA2 Handshake

4. Wi-Fi Pineapple by Hak5

Always ensure your actions are legal and ethical.

Cracking WPA2 involves capturing a handshake and then using Aircrack-ng to attempt to recover the Wi-Fi password. Here’s a simplified overview of the process:

1. Prepare Your Environment

• Tools Needed:

  • Kali Linux: A popular Linux distribution for penetration testing.

  • Aircrack-ng Suite: A set of tools for monitoring and cracking Wi-Fi networks.

  • Wi-Fi Adapter: Must support monitor mode and packet injection.

2. Enable Monitor Mode

• Switch your wireless adapter to monitor mode, which allows you to capture packets from all networks within range.

3. Capture the Handshake

• Use airodump-ng to capture the four-way handshake. Focus on the channel and BSSID of the target network.

• If necessary, force a client to disconnect using a de-authentication attack, prompting the handshake to occur when they reconnect.

4. Crack the Password

• With the handshake captured, use aircrack-ng to attempt to crack the password.

• Provide a wordlist (a list of potential passwords) to aircrack-ng, which will try each entry against the captured handshake.

5. Analyze the Results

• If the password is in the wordlist, aircrack-ng will reveal it.

• If not, you may need a more extensive wordlist or different attack methods.

6. Ethical Considerations

• Only perform these actions on networks you own or have explicit permission to test. Unauthorized access is illegal and unethical.

Fern WiFi Cracker is a tool for Wi-Fi penetration testing, specifically designed to crack WPA/WPA2 passwords. It provides a graphical user interface (GUI), making it user-friendly compared to command-line tools like Aircrack-ng.

Steps to Crack WPA Wi-Fi Using Fern WiFi Cracker

1. Install Fern WiFi Cracker

• Pre-installed: Fern WiFi Cracker comes pre-installed in Kali Linux.

• Install Manually: If not installed, it can be installed via the Kali Linux repositories or from the developer's website.

2. Set Up Your Environment

• Wi-Fi Adapter: Ensure you have a Wi-Fi adapter that supports monitor mode and packet injection.

• Monitor Mode: Fern automatically puts your Wi-Fi adapter into monitor mode, which is necessary for capturing packets.

3. Launch Fern WiFi Cracker

• Open Fern WiFi Cracker from the applications menu in Kali Linux.

• The tool will automatically detect your network interface and switch it to monitor mode.

4. Scan for Wi-Fi Networks

• Use the "Scan for Access Points" button to detect all nearby Wi-Fi networks.

• Select the target WPA/WPA2 network you want to crack.

5. Capture the Handshake

• Fern will start capturing packets from the selected network.

• To capture the WPA handshake, it may automatically de-authenticate clients connected to the network, prompting them to reconnect and generate a handshake.

6. Crack the Password

• Once the handshake is captured, Fern WiFi Cracker will attempt to crack the password using various methods, including dictionary attacks.

• You can supply a custom wordlist for the attack.

7. Analyze the Results

• If the correct password is found in the wordlist, Fern WiFi Cracker will display it.

• If the password isn't found, you may need a different or larger wordlist.

Ethical Considerations

• Always ensure you have explicit permission to test the network you are targeting. Unauthorized access to networks is illegal and unethical.