Anecdota

Laughter is the Best Medicine

How to Crack WPA WPA2 WiFi Password using aircrack-ng | Kali Linux


Keeping a weak password on your WiFi
is a really bad habit because your good neighbor has a bad habit too,
and that habit is looking for free WiFi and want your WiFi password. I am just kidding
I didn’t mean – every neighbor could be like this. So, let’s see – how your WiFi password can be cracked, and every wireless attack needs
a wireless network adapter that supports monitor mode and packet injection ant that type of USB wireless card
I have on wlan1 interface. First, enable monitor mode on it, with airmon-ng start
then wlan interface, and now press enter. As you see, now wlan1 interface is working on wlan1mon interface which indicates it on monitor mode. Now, we need to look at available WiFi networks
in our area, and we monitor the WiFi network with airodump tool. So, type airodump-ng then monitor mode enabled
wlan interface, and press enter. And, wait for 10 or 20 seconds until it brings
all WiFi networks in your neighborhood. Until then, we should know something first. This wireless card is searching WiFi Networks
on all channels, which WiFi network signal appearing on this card. And the name of the WiFi shows under the essid
section, which channel on WiFi is working shows here, and WiFi’s mac address will appear
under the bssid. And any connected device with the WiFi, will
appear under the station. You can capture packets for a particular WiFi
using its mac address, or using its essid or name. But first, press “Ctrl + C” to stop this process, then press up arrow key,
and get the last used command, now add “-c” option to specify a channel,
and that channel for this WiFi is 6 then specify one of WiFi’s essid or bssid
– you can use WiFi essid by using –essid and then enter the WiFi name, if it has space, then enter the name between quotes. And you can use bssid as well, for that type –bssid
– then enter the WiFi mac address. Any packets this wireless card capture, we will save
or write these packets in a file with -w option and after it, enter the file name
where you want to save on this PC, here I will save the file on the Desktop with
“passw0rd-inside” name. Before I go for this WiFi, we should have a look on aireplay tool, which we use for de-authentication attack. First open a new terminal by pressing “Ctrl + Shift + N” then type – “aireplay-ng –help” then press enter. There are a lot of options, but we use –deauth
or -0 option for de-authentication attack for disconnect the device from a WiFi. And we will use -a option for specify a particular
WiFi mac address, and below this option, we will use -c option
for a client to disconnect. Or you can use dash e option as well to specify
name of the WiFi. Now start the packets capturing process on the first terminal, then move on the second terminal there type aireplay-ng then -0 option to deauth,
and put de-authentication packets amount, like 30 packets
or 0 – when you want to keep running this attack, but 30 or 20 packets enough for disconnect a device,
then dash a option to specifying the WiFi or access point mac address. Then enter monitor mode enabled wlan interface. You should specify the client because this command-line will disconnect all the connected devices from the WiFi, so type -c, then enter the mac address of a device, copy that from the first terminal,
then paste it on the second terminal. Before I go forward – there is a legal disclaimer –
you are not allowed to run Dos attack on anyone’s WiFi without written permission of the WiFi owner,
if you did it without permission will be illegal. Here, I am doing this on my WiFi, and doing penetration
testing own devices is not illegal. Ok, so let’s press enter on the second terminal to send
de-authentication packets to disconnect that device from WiFi
and wait for reconnect. When it reconnects to WiFi you will see it
has captured 4-ways handshake. When you see this message – WPA handshake,
you will stop Dos attack on WiFi, and the capturing as well with Ctrl + C shortcut. This process saves five different files with
the given name, but only cap file has WiFi password hash,
so I should get rid of other files. Now, we have WiFi password hash in this capture file,
so, we don’t need to keep running monitor mode, or any kind of attack on WiFi,
so you should stop that too. OK – This file has 4-ways handshake,
or should I say WiFi password hash? Maybe its doesn’t matter. And when you want to check – this file exactly
has handshake or not, then type aircrack-ng then enter the cap file path,
then hit enter, and it will show you all handshakes list
that are inside it, and captured packets amounts as well. But here is only one. Now you need wordlists – custom or common used
password lists. If you don’t have,
then check pinned comment first. Copy this command-line, and run it, that brings
few popular wordlists in your PC, and this requires internet connection
to download wordlists. Those wordlists you can find in worlists in
Home directory, there are some wordlists available, like rockyou, darkc0de, and some others. Now let’s use aircrack tool for crack
WiFi password. First thing is – this cap file only has a one handshake,
and we will talk about when you have multiple handshakes in one cap file, then how can you use aircrack tool. First type aircrack-ng then cap file path
that has handshake, then press enter. And now press up arrow key to get last command,
then add -w option to specify a wordlist for dictionary attack,
and enter the wordlist file path. I am going to use one of the wordlist that I download before, I think newest is better. There are other options available in aircrack tool,
when this cap file has multiple handshake. For get help for aircrack tool options, open a new terminal and run help command
for aircrack tool As you can see, you can use -a option for WEP,
and -a2 option for WPA 2 protect WiFi when cap file have multiple handshakes
then you must use -b option for mac address of one of the WiFi handshake which is inside
the cap file, and you can use -e option for essid or WiFi name. So let’s see how can we use these options. You will specify -a2 option because
this WiFi is WPA2 protected. Then -b option to specify the mac address of WiFi,
you should only use these options, when this cap file has more than one handshake. And you can use WiFi essid as well with -e option,
and essid is the name of the WiFi, just copy selected text on terminal with
“Ctrl + Shift + C” and paste with “Ctrl + Shift + V” As I said before, these options useful,
if cap file has multiple handshakes or you should leave these options when it has
only one handshake and press enter. Then wait until aircrack tool check passwords
from the wordlist, and find the right password. As you can see, aircrack tool tried all passwords
that inside this wordlist, but right password of this wifi is not in the wordlist. That indicates, this WiFi password is strong,
and not can be easily cracked by anyone. So, only a strong password can protect your WiFi,
and if that strong password is in one of these wordlists then there is no hope to keep secure your WiFi,
except keeping a strong password and that doesn’t exist any of these wordlist. Now, I am going to search my WiFi password
in all of these wordlists, so I use grep command for this And this is my WiFi password, and no output means – none of these wordlists have this password. So, first, I am going to put this password in a wordlist,
then I will show you if your WiFi password is, like password, password123,
12345678, then it will crack in less than a second. And I will put password into this wordlist,
and – password is this. Now this output shows – my WiFi password is in
the wordlist, if I use this wordlist password will crack,
because I already put it into the wordlist, yeah sounds weird. But my aim is to show you only strong password –
how can protect your WiFi, if your WiFi is vulnerable or someone get your WiFi password hash
as WPA handshake. OK then – if cap file has more than one handshake,
then you should try command like this. As you see, this indicates password only crack,
if right password of WiFi is in the wordlist, otherwise, dictionary attack will fail. So, keep a strong password on your WiFi. And that cap file has captured packets,
if you like – you should keep it for analysis, just open this file with “wireshark” tool,
and start looking on. First, we will talk about 4-ways handshake,
you can filter these, just enter in “eapol” in filter box then press enter. Maybe you remember, that 30 packets I sent,
that did disconnect connected device two times, that why there are two handshakes available. And you can extend these packets
for see more information in these. Properly there is an encryption working between
router and devices, that’s why these packetsare not human readable. But yeah, you know these handshakes can cracked
by tool like aircrack, and there are more tools available for crack WiFi password, we will talk about these later. So, I hope you enjoy this video, and thanks for watching.

2 thoughts on “How to Crack WPA WPA2 WiFi Password using aircrack-ng | Kali Linux

  1. ⚡️⚡️⚡️ Before You Ask

    ⚡️Download Wordlists: http://bit.ly/w0rdl15ts

    ⚡️ test monitor mode: http://bit.ly/testMonitorM

    Q. I have enable monitor mode but when I scan WiFi it doesn't show anything?
    A. Wireless Attack requires Wireless Card/Adapter that supports Monitor Mode and Packet Injection. Mostly internal Wireless Card of your PC doesn't compatiable for Wireless hacking, so you need a Wireless Card like Alfa AWUS036NHA, ALFA AWUS036NEH, TP-Link TL-WN722N v.1, Panda Wireless PAU06 & PAU09.

    Q. I doesn't see any devices under the station?
    A. Properly no device is connected to that WiFi. In this case try PMKID Attack?

Leave a Reply

Your email address will not be published. Required fields are marked *