How To Crack WPA/WPA2 Wi-Fi Passwords Using Aircrack-ng

To crack Wi-Fi, first, you need a computer with Kali Linux and a wireless card which supports monitor/injection mode. If your wireless card is not able to do this, you need to get an external wireless card that is capable of monitor/injection mode.

Apart from these tools, you need to have a word list to crack the password from the captured packets.

First, you need to understand how Wi-Fi works. Wi-Fi transmits signals in the form of packets in the air so we need to capture all the packets in the air so we use airodump to dump all the packets in the air. After that, we should see if anyone is connected to the victim’s Wi-Fi. If anyone is not connected to the Wi-Fi, cracking is not possible as we need a WPA handshake. We can capture handshakes by sending de-authentication packets to clients connected to Wi-Fi. Aircrack cracks the password.

Step-1:-

First, open the terminal. We need to know the name of the wireless adapter connected to the computer because the computer has many adapters connected.

the command for this is iwconfig.

In my case, my wireless adapter is with the name wlan0. In your case, it may be different. If connected to an external wireless card, it may be wlan1or2.

Step-2:-

For some wireless cards, it gives error messages to enable monitor mode on wireless cards. For that, you should use airmon-ng check kill.

step-3:-

In this step, you need to enable the monitor mode on the wireless card. The command is as follows:

airmon-ng start wlan0(interface of wireless card).

Now this command will enable the monitor mode on the wifi card. So while using interface in any terminal or command line use wlan0mon.

Note: You should use the interface which is indicated with a red mark.

step-4:-

We need to use the command airodump-ng wlan0mon, this will display all the access points in your surroundings and also the clients connected to that access points.

Now, this command captures the packets in the air. This will gather data from the wireless packets in the air.
Note: Do not close this terminal. This will be used to know WPA has been captured or not.
step-5:-
In this step, we will add some parameters to airodump-ng.
command is airodump-ng -c channel –bssid [bssid of wifi] -w [path to write the data of packets] wlan0mon[interface].
-bssid in my case bssid is indicated with a red mark.
-c channel is the channel of victim wifi in my case it is 10(see in the previous screenshot for channel number)
-w It is used to write the captured data to a specified path in my case it is ‘/root/Desktop/hack’.
Interface in my case is wlan0mon.

In the above command, the path /root/Desktop/hack hack is the name of the file to be saved.

The above command displays this terminal.

step-6
In this step, we deauthenticate the connected clients to the Wi-Fi.
The command is aireplay-ng –deauth 10 -a [router bssid] interface

In the above command, it is optional to give the client mac address it is given by -c <client mac>
This will disconnect the client from the access point.
Screenshot of a client connected to access point.

After this, the client tries to connect to the Wi-Fi again. At that time, we will capture the packets which send from the client. From this result, we will get WPA handshake.

step-7:-
Now we should start cracking the Wi-Fi with captured packets command for this is
aircrack-ng -b [bssid of router] -w [path to word list] [path to capture packets]
-w path to word list in my case it is ‘/root/Desktop/wordlist.txt’
If you did not have a word list, get one. If you want to generate your custom wordlist, you can visit our other post: How to generate a word list using crunch.

Now press enter aircrack will start cracking the Wi-Fi.

Aircrack cracked Wi-Fi and key found.
Note: To use this method you need to have a wordlist compulsory there are many wordlists available in the internet you can download them.

Leave a Reply

Your email address will not be published.