These days the Wi-Fi networks are more secure than the older days, These days most wireless access points use WPA(Wi-Fi Protection Access) 2 Pre Shared Key in order to secure the network. This WPA 2 uses a stronger encryption algorithm which is known as AES which is very difficult to crack.
When it comes to security nothing is 100% flawless and so as with WPA PSK 2. WPA PSK 2 has a vulnerability which is that the password in the encrypted form is shared by means of a 4-way handshake. When a user authenticates through the Access Point the user and the Access Point have to go through a 4-way Handshake in order to complete the authentication process. In Wi-Fi hacking, we capture the 4-way handshake packet and look for the encrypted key in those packets. After getting the encrypted key we try a specific wordlist in order to crack the encrypted password. Though there are many other ways as well to crack a wifi password the one with wordlist is the easiest to use and is widely used by the attackers.
1. List all the available network Interfaces.
The airmon-ng tool is used to work with network interfaces. Enter the following command to get the list of all the available network interfaces.
2. Monitor the desired network interface
The next step is to monitor the wireless network interface, so that we may see all the traffic that passes through the interface. airmon-ng command is used for the purpose.
airmon-ng start wlan0 1
Replace wlan0 with your desired wifi network and 1 with the desired channel number.
3. Capture the network interface traffic
Now as we are monitoring our wireless network interface, it’s time to capture the traffic. To do so we will use airodump-ng tool. Enter the following command to display the captured information.
Note: Copy the bssid of the desired network.
Replace wlan0mon with the wireless interface which you want to use.
4. Capture required data from the specific network
Now, we have to attack a specific network, so in order to do that, we will capture the traffic on that network and will start the capturing of the 4-way handshake. Enter the following command to do that.
airodump-ng --bssid 09:98:98:98:98:98 -c 1 --write psk wlan0mon
Here, 09:98:98:98:98:98 is the bssid of the network copied from the above step, -c 1 is the channel number, psk is the file in which the captured traffic would be written and wlan0mon is the network interface that is being monitored.
Note: Do not quit the command being executed in the terminal till the 6th step.
5. De authenticate the client
Now, we have to de authenticate the client against the AP in case they’re already authenticated. To do so we use aireplay-ng command. Enter the following command to de authenticate the client in the new terminal window.
aireplay-ng --deauth 100 -a 09:98:98:98:98:98 wlan0mon
Here, 09:98:98:98:98:98 is the bssid of the network, 100 is the number of de authenticate frames to be sent and wlan0mon is the network interface that is being monitored.
6. Verify the captured handshake file.
Now, our handshake file is captured successfully which can be confirmed with the “ls” command.
Now our handshake file is successfully captured.
7. Stop Wi-Fi interface monitoring
Now, we have successfully captured our handshake file and it’s time to get our Wi-Fi interface back to its defaults. Enter the following command to stop monitoring the Wi-Fi interface.
airmon-ng stop wlan0mon
8. Cracking password from the captured handshake file.
Now everything is done it’s time to brute force the password. In order to get the password by means of a brute force attack, we need a wordlist and our handshake file. Inn order to generate a good wordlist use crunch utility in Kali Linux or use the one from predefined wordlists. and after that enter the following command in terminal.
aircrack-ng -w wordlist psk*.cap
- psk*.cap : It is the file which has the captured handshake file.
- wordlist: It is the wordlist that contains the password to be tested.
It will display key Found along with the key after successfully cracking the password.
- Top 10 Kali Linux Tools For Hacking
- How to Hack WPA/WPA2 WiFi Using Kali Linux?
- Difference Between Arch Linux and Kali Linux
- Kali Linux - Password Cracking Tool
- Difference Between Ubuntu and Kali Linux
- How to Install Lazy Script in Kali Linux?
- Kali Linux Tools
- What is Vulnerability Scanning in Kali Linux?
- Introduction to Kali Linux
- How to Change the Mac Address in Kali Linux Using Macchanger?
- Kali Linux - File Management
- Kali Linux - Default Passwords
- Kali Linux - Crunch Utility
- How to Create Reverse Shells with Netcat in Kali Linux?
- Kali Linux - Terminal and Shell
- Kali Linux - Command Line Essentials
- How to Change the username or userID in Kali Linux?
- Difference Between Fedora and Kali Linux
- Kali Linux - Exploitation Tools
- Kali Linux - Information Gathering Tools
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.