Cracking a WPA2 WiFi Password with Aircrack-ng

September 1, 2015 | Views: 165887

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hola amigos…

Aim: To crack a WPA2-psk encrypted WiFi password using Aircrack-ng.


  • If  you’re using a Kali Linux in VMware or other virtual machines, then you need to get a compatible USB WiFi receiver (I’m using an Atheros AR9271 wireless network adapter), because WiFi connections don’t show up in virtual machines. Instead, they show those connections as LAN and also in order to do packet injections (we’ll discuss about packet injections and their need in few minutes).
  • If you dual-booted your system and/or using Ubuntu or Mint Linux, then you’re good to go.


You also need a word list comprising of all the possible different combination of pass-phrases. You can can download some of them from Torrentz or click here.

You need the Aircrack-ng suite (in Kali Linux, it comes as a built-in tool). For others, you can get it by doing “sudo apt-get install aircrack-ng”


Moving ahead, assuming that you have met the above requirements…



Attach the USB WiFi receiver to the virtual machine (if you’re using one). Open up your terminal as root and type “ifconfig”. This will show you all the networking interfaces connected to your device.

Now, type “airmon-ng start wlan0 mon0”. This command will push your wireless interface into monitor mode. Here, ‘airmon-ng’ is a traffic monitoring tool, ‘wlan0’ is your wireless interface, ‘mon0’ is monitor mode and ‘start’ will start the monitor mode on the particular interface.

After entering this command, there pops up a list of process id’s that cause trouble during the process, so kill those processes by typing “kill <pid>”  In my case, “kill 3130 3227 4210 4236”. Now, type ifconfig and this will show the newly set monitoring interface i.e, mon0.

Next, type “airodump-ng mon0” (airodump-ng is a WiFi packets capturing tool) and this will start capturing all packets. From the captured packets, select your target and note its ‘bssid’ (bssid = base service set identifier) and channel. Stop the capture using “cntrl+c”.

Now, to start capturing the packets of your target network, type the following command “airodump-ng -c <channel> -w <name> -bssid <bssid> mon0” (-c = channel of your target, -w = writes the captutred data to a file, name = name assosiated to the file, -bssid = base service set id of your target, mon0 = interface on which capturing takes place).

In my case, “airodump-ng -c 11 -w wifi –bssid 10:FE:ED:2E:29:34 mon0”, which will start the capturing of packets.

While the capturing of packets goes on, open a new terminal as root and type “aireplay-ng -0 0 -a <bssid> mon0” (aireplay-ng = tool for deauthentication, fake authentication and other packet injections, -0 = number associated for deauthentication, 0 = deauth count, -a = bssid).

Here, we’re trying to send a deauthentication request. In my case, the command looks like “aireplay-ng -0 0 -a 10:FE:ED:2E:29:34 mon0”. After a few seconds, stop it using cntrl+c.

You can also do the fake authentication request by typing “aireplay-ng -1 0 -a 10:FE:ED:2E:29:34 -h 20:EF:FD:3F:36:45 wlan0” (-1 = fake authentication request number, 0 = count, -h = host bssid. The host bssid doesn’t really matter – some fake id would do the work).

If you look at the other terminal, we have successful captured the WPA handshake.

You can now stop the capturing using cntrl+c and type “ls”. This will bring up all the current directories and files. Select a file with “.cap”extension and type the following command “aircrack-ng -w <full location of the word list> <name of the file>” (aircrack-ng is a tool that helps in cracking the password). I

n my case, the command looks like “aircrack-ng -w /home/upendra/passwords.lst wifi-01.cap”  Now, it starts finding suitable passphrase.

Wait…wait and wait…(Password strength and cracking time are directly proportional.) Patience pays off …

In the end,

Key found.


“Yeah, everything works great but my neighbor uses his mobile number as a pass key and sometimes some random combination of specific words. How can I create a custom dictionary or word list of my own so that i could crack his password???”

Coming up, stay tuned …

Point to remember:  “With great power comes great responsibility.”

– Thank you –

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. to know how to generate or create a custom password list please take a look at

  2. Hi, I did as you wrote, but can not get wpa handshake. what can be a problem?

  3. LoL: guys learn linux (Kali linux)its the best pentesting tool, dont go for window it will not give u possibilities of success as u will get in linux.

  4. please give a tutorial for windows 7…

    • Just download Virtual Box or VMWare and run Kali Linux as a VM. Plug your wireless USB NIC in after Kali is up and running and it will pick it up (if they are compatible). Now you can keep windows and still run Kali/utilize this tutorial.

  5. hey,UPENDRA

    can you make a tutorial for windows7 please……?

    • Just download Virtual Box or VMWare and run Kali Linux as a VM. Plug your wireless USB NIC in after Kali is up and running and it will pick it up (if they are compatible). Now you can keep windows and still run Kali/utilize this tutorial.

Page 3 of 6«12345»...Last »
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?