How to Crack WiFi Password using Aircrack-ng
Table of Contents
In this step-by-step guide we will learn how to crack WiFi password using Aircrack-ng in Kali Linux. Aircrack-ng is a suite of WiFi hacking tools used to scan wireless networks, capture packets, and crack WPA/WPA2/PSK keys from the command-line.
Understanding WiFi Passwords
The WiFi password is a key that devices use to access and secure the network. These are defined by wireless security protocols such as WPA, WPA2, and PSK. WPA and WPA2, PSK is used to authenticate devices and create a common encryption key for securing network traffic.
Each device that wants to join the network must know the correct PSK to connect and communicate securely. While WPA2 is the more secure and widely adopted version, PSK, in this context, is the shared passphrase or key.
Before we begin, make sure you have the following prerequisites:
Ensure you have a Kali Linux installation. You can download it from the official Kali Linux website.
Wireless Network Adapter:
You'll need a compatible wireless network adapter capable of packet injection. Aircrack-ng requires this to capture and analyze packets from the target network.
Typically, Kali Linux comes with Aircrack-ng pre-installed. You can check if it's installed by opening a terminal and typing
aircrack-ng. If it's not installed, use the package manager (
apt) to install it.
Prepare a wordlist containing possible passwords. You can create your own or find one online. Wordlists are crucial for the password cracking process.
Crack WiFi Password using Aircrack-ng
Step 1: Set Up Your Environment
- Plug in your compatible wireless network adapter if it's not already connected.
- Open a terminal in Kali Linux. Most of the actions in this guide will be performed through the command line.
Step 2: Put Your Wireless Adapter into Monitor Mode
Identify your wireless network interface by running the following command:
Take note of the name of your wireless interface; it's typically named something like
Put your wireless interface into monitor mode using the
wlan0 with your interface name:
airmon-ng start wlan0
This command will create a new interface with a name like
You will use this interface for packet capture.
Step 3: Capture Handshake Packets
Start capturing packets from the target WPA network.
wlan0mon with your monitor mode interface and
channel with the target network's channel (you can find this using tools like
airodump-ng -c channel --bssid target_BSSID -w output_file wlan0mon
-c: Specify the channel of the target network.
--bssid: Specify the BSSID (MAC address) of the target network.
-w: Specify the name of the output capture file.
Keep this terminal open as it continuously captures packets.
Step 4: Deauthenticate Clients
Open a new terminal window and use the
aireplay-ng tool to deauthenticate clients from the target network. This action generates more authentication packets, which are crucial for password cracking.
target_BSSID as before:
aireplay-ng -0 0 -a target_BSSID wlan0mon
-0 flag specifies the deauthentication attack, and
0 indicates an unlimited number of deauthentication frames.
Step 5: Capture the WPA Handshake
Return to the terminal where you're running
airodump-ng. Wait until you see "WPA handshake" in the top right corner of the terminal. This indicates that you've successfully captured the WPA handshake, which is necessary for password cracking.
Once you've captured the handshake, press
Ctrl + Cto stop
airodump-ng. You can also close the terminal.
Step 6: Password Cracking
Now that you have the capture file with the handshake, it's time to crack the WPA key using Aircrack-ng. Run the following command, replacing output_file with the name of your capture file and wordlist.txt with the path to your wordlist:aircrack-ng -w wordlist.txt output_file.cap
Aircrack-ng will initiate the password cracking process using the captured handshake and the wordlist you provided. The time it takes to crack the password depends on the complexity of the password and the size of your wordlist.
If the password is found in the wordlist, Aircrack-ng will display it on the screen. If not, you may need to try a different wordlist with a wider range of potential passwords.
Step 7: Clean Up
Once you've successfully obtained the Wi-Fi password or determined that it's not in your wordlist, it's important to clean up your environment.
To stop monitoring mode and return your wireless interface to its original state, run:airmon-ng stop wlan0mon
wlan0mon with your monitor mode interface name.
Cracking a WiFi passwords using Aircrack-ng is a challenging process that requires patience and the right tools. However, it's essential to emphasize that this knowledge should be used responsibly and legally. Cracking WiFi password without permission is a violation of privacy and may have legal consequences.
This guide has provided you with a step-by-step walkthrough of the process, from setting up your environment and capturing packets to deauthenticating clients and ultimately cracking the WPA key. Always prioritize ethical and legal use of these techniques to ensure network security and respect for others' privacy.