#hacking #kali

Hacking a WPA2 Wi-Fi Network with Aircrack-ng and Kali Linux

Published Mar 11, 2021 by Logan O'Connell


Getting Up to Speed

This guide to hacking WPA2 networks assumes that you have an installation of Kali Linux running, either in a VM or on bare metal, or you have the aircrack-ng suite built on your computer, perhaps through Homebrew.

This guide will unfortunately not have images, although I may update them later with images, as I am currently without my external Wi-Fi card.

Oh! That reminds me. Make sure if you are going through this tutorial that you have an external Wi-Fi card or a built in Wi-Fi chip that allows for monitor mode. This is crucial in getting these commands to work correctly.

Alright, let’s get started.

The Process

1.) Finding the Interface

In your terminal, type:

airmon-ng

This will yield a small table that shows the interface of your external Wi-Fi card, which should be something along the lines of wlan0 or wlan0mon.

2.) Activating Monitor Mode

In your terminal, type:

airmon-ng start [interface name]

This will set the card to monitor mode. Here comes the fun stuff.

3.) Dumping All Surround Networks

In your terminal, type:

airodump-ng [interface name]

This will bring up an updating table, which wall show all the SSIDs of surrounding Wi-Fi networks.

Once you seen the Wi-Fi network you would like to target, feel free to CTRL + C out of there. Copy the BSSID and channel number (referred to by “CH”) of the Wi-Fi network you would like to target, and move to the next step.

4.) Starting the Handshake Sniffing

In your terminal, type:

airodump-ng -c [channel number] --bssid [BSSID] -w /root/Desktop [interface name]

This will begin sniffing for handshakes between the Wi-Fi network and a device looking to connect to it. An updating table will pop up, and once a “WPA handshake” column appears, the handshake has been captured and the .pcap file containing the data has been saved to /root/Desktop.

5.) Deauthing to Decrease Time

Sometimes it can take a while for a handshake to appear, especially if its a smaller network and devices are not joining too frequently. To combat this, we can attempt to deauth devices on the network already and force them to reinitiate a handshake. When “STATION”s begin to populate the table from the last section’s command, we can run the code below to attempt to deauth the device.

In your terminal, type:

aireplay-ng -0 2 -a [BSSID] -c [STATION] [interface name]

6.) Cracking the Handshake

Now that we have the .pcap file, we have the handshake ready to be cracked. From here, download a wordlist or use one of the one’s built into Kali Linux already. Here is one specifically meant for WPA2 networks.

Then, type the following in your terminal to begin cracking the .pcap file:

aircrack-ng -a2 -b [BSSID] -w [path to wordlist] [path to .pcap file]

If the correct password is found, you should see a “KEY FOUND!” prompt in the middle of the terminal window. If it fails, keep trying other wordlists.

That’s all!