How to get WPA2 WiFi password using Aircrack-ng?

Friends, all welcome!

In this article, I will show you how to use airmon-ng (scripts from the aircrack-ng package) to discover wireless networks around us. We then deauthenticate the clients of a specific wireless network to intercept the handshake and then decrypt it to find the WiFi password.

The network I will be attacking is my own network, I will not be attacking someone else’s network. Please do not use this information for unethical purposes. What I share here intended for educational purposes only.

Before we get started, let’s see what we need:

  1. WiFi network adapter that supports monitor mode.

  2. Kali Linux or any other Linux distribution with Aircrack-ng installed.

  3. Password dictionary (list of words wordlist.txt).

Let’s get started, the first thing we need to do is to check if the WIFI adapter is connected to Kali Linux, to do this please enter the command below:

Open terminal and type:

kali@kali:~$ ifconfig

This will show all network interfaces connected to your device:

If your wireless network adapter is connected and recognized by the operating system, you should see “wlan0” as shown in the photo above. Note that the name may change if you have multiple wireless adapters connected.

Now, to enable monitor mode, enter the following command:

kali@kali:~$ sudo airmon-ng start wlan0

Monitor mode is enabled, now we have to kill all PIDs that interfere with the adapter, These processes are highlighted in red in the example above. Processes can be killed with the kill command:

kali@kali:~$ kill 508 1420

So now let’s detect the wireless networks around us. To do this, use the sudo airodump-ng wlan0 command:

kali@kali:~$ airodump-ng wlan0

To stop the search process and save the list of detected networks, press Ctrl + C:

As you can see, a whole bunch of wireless networks have been detected. So, here are the BSSIDs or MAC addresses of the wireless networks in the first column. I’m interested in a network called Kali on channel 1. Note the channel number and MAC address of the target AP. In my case:

  • Channel: 1

  • BSSID: 50:D4:F7:E5:66:F4

Next, we will use the sudo airodump-ng -c 1 -w kali –bssid wlan0 command:

kali@kali:~$ airodump-ng -c 1 -w kali –bssid 50:D4:F7:E5:66:F4 wlan0

So in this window we are capturing packets trying to capture the handshake, now open a second window to deauthenticate clients from the network. This action will speed up the interception of the handshake. For deauthentication, we will use aireplay-ng:

kali@kali:~$ aireplay-ng -0 0 -a 50:D4:F7:E5:66:F4 wlan0

We haven’t fixed the handshake yet, but once I deauthenticate the clients, we’ll get a WPA handshake as shown in the image below:

Now we need to decrypt the handshake. In the terminal, type “ls” to list all current directories and files. Select a file with the extension “.cap”, which should be called kali-01.capand enter the following command:

kali@kali:~$ aircrack-ng -w wordlist.txt kali-01.cap

The aircrack-ng tool compares the hash inside the .cap file with the hashes of the passwords listed in the file wordlist.txt, converting each line of text into a hash, and if the hashes match, we get the password from the WIFI. 🙂

Now all you have to do is wait until you see “KEY Found (your key is here 😉)”.

Thank you all for your attention! 🙂

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *