How To Hack WPA/WPA2 Wi-Fi With Kali Linux & Aircrack-ng

Kali Linux can be used for many things, but it probably is best known for its ability to penetration test, or “hack,” WPA and WPA2 networks. There are hundreds of Windows applications that claim they can hack WPA; don’t get them! They’re just scams, used by professional hackers, to lure newbie or wannabe hackers into getting hacked themselves. There is only one way that hackers get into your network, and that is with a Linux-based OS, a wireless card capable of monitor mode, and aircrack-ng or similar.

These are things that you’ll need:

• A successful install of Kali Linux (which you probably have already done). If not, follow my tutorial here: https://dedsechackingclub.blogspot.com/2017/05/installing-kali-linux.html
• A wireless adapter capable of injection/monitor mode. 
• A wordlist to attempt to “crack” the password once it has been captured. From here you can download: http://www.mediafire.com/file/qk1m9vewvk868yp/BIG-WPA-LIST-1.rar
• Time and patients

  Important notice: Hacking into anyone’s Wi-Fi without permission is considered an illegal act or crime in most countries. We are performing this tutorial for the sake of penetration testing, hacking to become more secure, and are using our own test network and router.

Step 1:

Type airmon-ng start followed by the interface name of your wireless card. mine is wlan1, so my command would be: airmon-ng start wlan1.

Step 2

Type airodump-ng followed by the name of the new monitor interface, which is probably wlan1mon.

Step 3:
Airodump will now list all of the wireless networks in your area, and a lot of useful information about them. Locate your network or the network that you have permission to penetration test. Once you’ve spotted your network on the ever-populating list, hit Ctrl + C on your keyboard to stop the process. Note the channel of your target network.

Step 4:
Now type this command: 
airodump-ng -c [channel] --bssid [bssid] -w /root/Desktop/ [monitor interface]Replace [channel] with the channel of your target network. Paste the network BSSID where [bssid] is, and replace [monitor interface] with the name of your monitor-enabled interface, (mon0). The “–w” and file path command specifies a place where airodump will save any intercepted 4-way handshakes (necessary to crack the password). Here we saved it to the Desktop, but you can save it anywhere.

Now press enter.

Airodump with now monitor only the target network, allowing us to capture more specific information about it. What we’re really doing now is waiting for a device to connect or reconnect to the network, forcing the router to send out the four-way handshake that we need to capture in order to crack the password.
Also, four files should show up on your desktop, this is where the handshake will be saved when captured, so don’t delete them!

But we’re not really going to wait for a device to connect, no, that’s not what impatient hackers do. We’re actually going to use another cool-tool that belongs to the aircrack suite called aireplay-ng, to speed up the process. Instead of waiting for a device to connect, hackers can use this tool to force a device to reconnect by sending deauthentication (deauth) packets to one of the networks devices, making it think that it has to reconnect with the network

.

Step 5:

Leave airodump-ng running and open a second terminal. In this terminal, type this command:
aireplay-ng --deauth 10 –a [router bssid] –c [client bssid] wlan1monThe --deauth for the deauth mode and the 2 is the number of deauth packets to send.
-a indicates the access point/router’s BSSID, replace [router bssid] with the BSSID of the target network, which in my case, is 00:14:BF:E0:E8:D5.
-c indicates the client’s BSSID, the device we’re trying to deauth, noted in the previous picture. Replace the [client bssid] with the BSSID of the connected client, this will be listed under “STATION.”

Step 6:

Upon hitting Enter, you’ll see aireplay-ng send the packets. If you were close enough to the target client, and the deauthentication process works, this message will appear on the airodump screen (which you left open):

This means that the handshake has been captured, the password is in the hacker’s hands, in some form or another. You can close the aireplay-ng terminal and hit Ctrl + C on the airodump-ng terminal to stop monitoring the network.

Step 11:

Cracking the password...

Open a new Terminal, and type in this command:
aircrack-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap

-a is the method aircrack will use to crack the handshake, 2=WPA method.
-b stands for bssid, replace [router bssid] with the BSSID of the target router, mine is 00:14:BF:E0:E8:D5.
-w stands for wordlist, replace [path to wordlist] with the path to a wordlist that you have downloaded. I have a wordlist called “wpa.txt” in the root folder.
/root/Desktop/*.cap is the path to the .cap file containing the password. The * means wild card in Linux, and since I’m assuming that there are no other .cap files on your Desktop, this should work fine the way it is.

Aircrack-ng will now launch into the process of cracking the password. However, it will only crack it if the password happens to be in the wordlist that you’ve selected. Sometimes, it’s not. If this is the case, you can try other wordlists. If you simply cannot find the password no matter how many wordlists you try, then it appears your penetration test has failed, and the network is at least safe from basic brute-force attacks.

Cracking the password might take a long time depending on the size of the wordlist. Mine went very quickly.

If you find the password without a decent struggle, then change your password, if it’s your network. If you’re penetration testing for someone, then tell them to change their password as soon as possible.

Please use this information only in legal ways

#DedHak

Video Tutorial