Being Wi-Fi Password Hacker made easy using most popular wireless cracker tool Aircrack-ng, since 1990s, when Wi-Fi has been developed almost all security technologies used to prevent unauthorized access have been cracked, starting from WEP protocol which has proven to be easily cracked in minutes, for a stronger Wi-Fi security, WPA2 has been developed and it uses very strong encryption algorithm called AES, very hard to crack, but every security technology has its weakness, using Aircrack-ng, we will perform a dictionary attack on encrypted password that we will get from 4-way handshake process which is used to authenticate client to Wi-Fi network.
How to install Aircrack-ng?
This tutorial is for beginners, so we’re going to explain everything step by step from installing to final step where you will see cracked password.
Aircrack-ng is pre-installed in such called “Hacking Operating Systems” like: Kali Linux, BackTrack or Parros Security OS, etc, and you just need to run it, but if you’re not using such operating system, Aircrack-ng is compatible with Linux, Mac OS & Windows and you can download it securely from its official website, detailed installation instructions can be found in Aircrack-ng documentation page.
Let’s Crack any Wi-Fi Password!
Let’s start to be a Wi-Fi Password Hacker! Now that we’ve installed Aircrack-ng, I will crack my Wi-Fi password which uses WPA2 encryption to explain how Aircrack-ng works, for this tutorial we will be using Aircrack-ng in Kali Linux.
Step 1
First of all we need to configure our wireless adapter from station mode to monitor mode, not all wireless adapters are compatible with monitor mode, you need to check and research carefully when you buy one, we suggest using this network adapter which is very popular for begineers which is fully compatible with monitor mode.
Monitor mode allows us to capture all wireless networks packets without connecting to Wi-Fi network.
Let’s start by typing: airmon-ng start wlan0
We can see wireless adapter mode changed from station to monitor mode and interface name has been renamed from wlan0 to wlan0mon, this helps us to identify easier current adapter mode.
Step 2
It’s time to capture traffic and get critical information that we need with airodump-ng.
Type: airodump-ng wlan0mon
“wlan0mon” is used in our case, you should use your interface name, type: ifconfig in your terminal to view your current interface name.
Airodump-ng screen contain access points (upper) and clients information (lower), this time we need access point information.
Now we can see information we need: Access Point Mac Address (BSSID), AP Operating Channel (CH) & AP Name (ESSID), AP Encryption (ENC), etc.
Step 3
To continue we need to copy our target (access point) information and focus only in this access point to capture handshake process.
Capture handshake by typing:
airodump-ng –bssid 74:DA:38:B0:70:DA -c 1 –write CrackedPassword wlan0mon
- –bssid 74:DA:38:B0:70:DA, is the BSSID.
- -c 1, is the operating channel.
- –write CrackedPassword, is the file where we will write information.
- wlan0mon, is our Wi-Fi network interface.
*Terminal needs to be opened to capture encrypted password, don’t close it.
Step 4
To get encrypted password, we need to kick/disconnect all clients from targeted access point using “Aireplay-ng –Deauth”, they will be disconnected and reconnected automatically in seconds while we are capturing all traffic and waiting to grab encrypted password from handshake packets.
Important: Previous terminal must remain open and capturing packets.
Open a new terminal and type deauth command: aireplay-ng -0 100 -a 74:DA:38:B0:70:DA wlan0mon
- -0, is aireplay-ng option for deauth attack.
- 100, is number of deauth attack packets.
- -a 74:DA:38:B0:70:DA, is the targeted access point mac address.
- wlan0mon, is our Wi-Fi network interface.
Step 5
When we performed deauth attack, all users connected to our targeted access point were kicked, at this time we were capturing packets with airodump-ng.
Right after they started to reconnect, we grabbed encrypted password from handshake process. To know if we were successful, please open airodump-ng terminal and check in top right corner for “WPA handshake: XX:XX:XX:XX:XX:XX (ap mac address)”, this tells us we were successful.
Step 6
This is final step, time to be Wi-Fi Password Hacker. Now that we grabbed encrypted password using above steps, we’re ready to crack encrypted password using “aircrack-ng“.
To start we should have a password list, we can use default password list, create our own list or download big password lists online.
I will use my own list for this tutorial, start cracking encrypted password with this command:
aircrack-ng CrackedPassword-02.cap -w Passwords.txt
- CrackedPassword-02.cap – is the file we created in step 3 with airodump-ng (this file contains encrypted password inside).
- -w Passwords.txt – is my own password list, located in root directory.
As we can see password has been cracked successfully!
Cracking process may take days or weeks to complete depending in your password list size and your computing power.
This is the end of “How to be Wi-Fi Password Hacker” tutorial, we’ve explained step by step process of cracking WPA2 encrypted passwords.
Thanks for reading, please use comments section below to ask your question or make a suggestion.