First of all, to crack Wi-Fi, you need a machine with Kali Linux and a wireless card that supports the monitor / injection feature. If your wireless card is unable to do this, you need to have an external wireless card capable of monitoring / injection mode.
Apart from these resources, you need a word-list to crack the password from the packets you have captured.
You need to understand how Wi-Fi functions first. Wi-Fi transmits a signal in the form of air packets so that we need to capture all packets in the air so that we use airodump to dump all packets in the air. After that, we should see if anyone is connected to the victim's Wi-Fi. When someone is is not connected to the Wi-Fi, cracking is not feasible because we need a wpa handshake. We can capture a handshake by sending deauthentication packets to a Wi-Fi-connected device. Aircrack cracks the password.
Step 1:- Open the terminal first. We need to know the name of the wireless adapter connected to the device as the device has multiple adapters attached to it.
command for this is iwconfig.
In my case, my wireless adapter is called wlan0. It may be different in your situation. If it is attached to an external wireless card, it may be wlan1or2.
Step 2:- For some wireless cards, it gives error messages to allow monitor mode on wireless cards. You will use airmon-ng to kill for this.
Step 3:- In this stage, you need to activate the monitor mode on the wireless card. The order is the following:
airmon-ng start wlan0 (Wireless Card Interface).
This command will now activate the monitor mode on the wifi card. So use wlan0mon when using the interface in any terminal or command line.
Note:You should use the interface which is indicated with red mark.
Step 4:- We need to use the command
which will show all the access points in your field, as well as the clients connected to those access points.
This command now catches the packets in the air. It will gather data from the airborne wireless packets.
Note : Please do not close this terminal. This will be used to learn whether or not the wpa has been identified.
Step-5:- In this step, we are going to add some parameters to the airodump-ng.
airodump-ng -c channel –bssid [bssid of wifi] -w [path to write the data of packets] wlan0mon[interface].
-bssid in my case bssid is indicated with red mark. -c channel is the channel of victim wifi in my case it is 10(see in previous screenshot for channel number) -w It is used to write the captured data to a specified path in my case it is ‘/root/Desktop/hack’. Interface in my case is wlan0mon.
In the above command the path /root/Desktop/hack hack is the name of the file to be saved.
Above command displays this terminal.
Step-6:- In this step, we will de-authenticate the connected clients to the Wi-Fi.
aireplay-ng –deauth 10 -a [router bssid] interface
In the above command, it is optional to send the mac address client denoted by
-c < client mac >
This will disconnect the client from the access point.
The client's screen shot connected to the connection point.
After that, the client is trying to connect to the Wi-Fi again. By that time, we 're going to catch the packets that the client sends. We 're going to get wpa handshake from this result.
Step 7:- We will start cracking Wi-Fi with the captured packet command now.
aircrack-ng -b [bssid of router] -w [path to word list] [path to capture packets]
-w path to word list in my case it is ‘/root/Desktop/wordlist.txt’
If you haven't got a word list, get one. Now click enter, aircrack will crack the Wi-Fi.
Aircrack cracked Wi-Fi and key found.
Note: In order to use this method you need a mandatory wordlist, there are many wordlists available on the internet that you can download. This post is for educational purpose only, use it on your own.