Coming mid-July
Cybrary Reimagined.
People first, Security first.
Coming mid-July.
Cybrary Reimagined.
Celebrate Cybersecurity Awareness Month with our buy 2, get 1 offer!
People first, Security first.
Valid until October 31. Elevate your skills today!
Start for free
Cracking a WPA2 WiFi Password with Aircrack-ng - Cybrary

Hola amigos...Aim: To crack a WPA2-psk encrypted WiFi password using Aircrack-ng.Requirements:

  • If  you're using a Kali Linux in VMware or other virtual machines, then you need to get a compatible USB WiFi receiver (I'm using an Atheros AR9271 wireless network adapter), because WiFi connections don't show up in virtual machines. Instead, they show those connections as LAN and also in order to do packet injections (we'll discuss about packet injections and their need in few minutes).
  • If you dual-booted your system and/or using Ubuntu or Mint Linux, then you're good to go.

Wait...wait...You also need a word list comprising of all the possible different combination of pass-phrases. You can can download some of them from Torrentz or click here.You need the Aircrack-ng suite (in Kali Linux, it comes as a built-in tool). For others, you can get it by doing "sudo apt-get install aircrack-ng" Moving ahead, assuming that you have met the above requirements... Procedure:Attach the USB WiFi receiver to the virtual machine (if you're using one). Open up your terminal as root and type "ifconfig". This will show you all the networking interfaces connected to your device. Now, type "airmon-ng start wlan0 mon0". This command will push your wireless interface into monitor mode. Here, 'airmon-ng' is a traffic monitoring tool, 'wlan0' is your wireless interface, 'mon0' is monitor mode and 'start' will start the monitor mode on the particular interface.

After entering this command, there pops up a list of process id's that cause trouble during the process, so kill those processes by typing "kill <pid>"  In my case, "kill 3130 3227 4210 4236". Now, type ifconfig and this will show the newly set monitoring interface i.e, mon0.

Next, type "airodump-ng mon0" (airodump-ng is a WiFi packets capturing tool) and this will start capturing all packets. From the captured packets, select your target and note its 'bssid' (bssid = base service set identifier) and channel. Stop the capture using "cntrl+c".

Now, to start capturing the packets of your target network, type the following command "airodump-ng -c <channel> -w <name> -bssid <bssid> mon0" (-c = channel of your target, -w = writes the captutred data to a file, name = name assosiated to the file, -bssid = base service set id of your target, mon0 = interface on which capturing takes place).In my case, "airodump-ng -c 11 -w wifi --bssid 10:FE:ED:2E:29:34 mon0", which will start the capturing of packets.While the capturing of packets goes on, open a new terminal as root and type "aireplay-ng -0 0 -a <bssid> mon0" (aireplay-ng = tool for deauthentication, fake authentication and other packet injections, -0 = number associated for deauthentication, 0 = deauth count, -a = bssid).Here, we're trying to send a deauthentication request. In my case, the command looks like "aireplay-ng -0 0 -a 10:FE:ED:2E:29:34 mon0". After a few seconds, stop it using cntrl+c.

You can also do the fake authentication request by typing "aireplay-ng -1 0 -a 10:FE:ED:2E:29:34 -h 20:EF:FD:3F:36:45 wlan0" (-1 = fake authentication request number, 0 = count, -h = host bssid. The host bssid doesn't really matter - some fake id would do the work).

If you look at the other terminal, we have successful captured the WPA handshake.

You can now stop the capturing using cntrl+c and type "ls". This will bring up all the current directories and files. Select a file with ".cap"extension and type the following command "aircrack-ng -w <full location of the word list> <name of the file>" (aircrack-ng is a tool that helps in cracking the password). In my case, the command looks like "aircrack-ng -w /home/upendra/passwords.lst wifi-01.cap"  Now, it starts finding suitable passphrase.Wait...wait and wait...(Password strength and cracking time are directly proportional.) Patience pays off ...

In the end,Key found. "Yeah, everything works great but my neighbor uses his mobile number as a pass key and sometimes some random combination of specific words. How can I create a custom dictionary or word list of my own so that i could crack his password???"Coming up, stay tuned ...Point to remember:  "With great power comes great responsibility."- Thank you -


Start learning with Cybrary

Create a free account

Related Posts

All Blogs