The following article is a guide to crack WPA/WPA2 wifi using password list. The information is available everywhere to crack wifi but I’m still writing about it because I have to show different ways of wifi hacking, simply because not every time password list works. But I have to still write about it because I have cracked many passwords using this.
- Kali OS
Before starting with the lines of command, let’s first talk about what we are doing here exactly and how we do it and why we do it.
airmon-ng is used to make the network card up for monitoring. We can only use it for wireless. It is different from promiscuous mode because promiscuous mode works when inside the network and it works for both wired and wireless. The monitor mode works for only wireless and it does not connect to a network but it takes all packets in the air. So to do that we need to first check and kill the already connected network and then start monitor on the wireless network.
airodump-ng is used to dump the packets presented by the airmon-ng. It will dump every packet telling you about their power of signal, the beacon info, the cipher, the type of wireless with SSID info etc.
aireplay-ng is used to inject frames to play with the wifi. The injected frame that we are using here are de-authentication frames. The deauth frames are injected so that the currently authenticated user will be disconnected from the device and will try to re-authenticate with it. It helps in capturing the WPA handshakes so we can get the password.
aircrack-ng is the final command that cracks the password by comparing with a list of passwords that we provide it and the password that we have captured in airodump-ng cap file with the help of aireplay-ng.
Let’s start with commands:
Use this command to check your wireless interface information. Mine is wlan0.
- airmon-ng check kill
This command is used to kill your already connected wireless connection because you need to monitor the packets in air.
- airmon-ng start wlan0This command will start monitoring my wireless network wlan0.
- airodump-ng wlan0monThis command dump everything from the air,including all SSID present in the air and their information.
- airodump-ng -c channel_number –bssid -w filename_with_location wlan0mon
Open a new terminal and write the above command. Channel number will be used to define on which channel your targeting wireless communicates. The packets that are captured will be written in the file called filename_with_location. The channel number is important to specify here.
aireplay-ng -0 10 -a bssid_number wlan0mon
Without closing the terminal above of airodump and letting it capture, open a new terminal with the command above for aireplay. The aireplay command will send deauth packets to the clients. Here we have specified that it will send 10 deauth packets which is defined by -0 flag. -a will define the bssid we are targeting and wlan0mon is our monitoring interface.
- aircrack-ng -w passwordlist -b target bssid capfile by airodump with wpahandshake
The above command will crack the passwords that WPAhandshake cap file captured. The passwordlist is the list of password. I have used rockyou.txt.
This way doesn’t always work. Because it will only give out the password if it is in the password list.
If this way doesn’t work check if the WPS pin is enabled in the target wifi using wash -i wlan0mon. The entire way of cracking WPS cracking is available in the link: http://www.anonhack.in/2015/08/wireless-hacking-wpawpa2/