How to Crack WiFi Password using Aircrack-ng

In this step-by-step guide we will learn how to crack WiFi password using Aircrack-ng in Kali Linux. Aircrack-ng is a suite of WiFi hacking tools used to scan wireless networks, capture packets, and crack WPA/WPA2/PSK keys from the command-line.

Understanding WiFi Passwords

The WiFi password is a key that devices use to access and secure the network. These are defined by wireless security protocols such as WPA, WPA2, and PSK. WPA and WPA2, PSK is used to authenticate devices and create a common encryption key for securing network traffic.

Each device that wants to join the network must know the correct PSK to connect and communicate securely. While WPA2 is the more secure and widely adopted version, PSK, in this context, is the shared passphrase or key.


Before we begin, make sure you have the following prerequisites:

  • Kali Linux:
    Ensure you have a Kali Linux installation. You can download it from the official Kali Linux website.

  • Wireless Network Adapter:
    You'll need a compatible wireless network adapter capable of packet injection. Aircrack-ng requires this to capture and analyze packets from the target network.

  • Aircrack-ng:
    Typically, Kali Linux comes with Aircrack-ng pre-installed. You can check if it's installed by opening a terminal and typing aircrack-ng. If it's not installed, use the package manager (apt) to install it.

  • Wordlist:
    Prepare a wordlist containing possible passwords. You can create your own or find one online. Wordlists are crucial for the password cracking process.

Crack WiFi Password using Aircrack-ng

Step 1: Set Up Your Environment

  • Plug in your compatible wireless network adapter if it's not already connected.
  • Open a terminal in Kali Linux. Most of the actions in this guide will be performed through the command line.

Step 2: Put Your Wireless Adapter into Monitor Mode

Identify your wireless network interface by running the following command: iwconfig Take note of the name of your wireless interface; it's typically named something like wlan0.

Put your wireless interface into monitor mode using the airmon-ng command. Replace wlan0 with your interface name: airmon-ng start wlan0 This command will create a new interface with a name like wlan0mon. You will use this interface for packet capture.

Step 3: Capture Handshake Packets

Start capturing packets from the target WPA network. Replace wlan0mon with your monitor mode interface and channel with the target network's channel (you can find this using tools like airodump-ng): airodump-ng -c channel --bssid target_BSSID -w output_file wlan0mon -c: Specify the channel of the target network.
--bssid: Specify the BSSID (MAC address) of the target network.
-w: Specify the name of the output capture file.

Keep this terminal open as it continuously captures packets.

Step 4: Deauthenticate Clients

Open a new terminal window and use the aireplay-ng tool to deauthenticate clients from the target network. This action generates more authentication packets, which are crucial for password cracking. Replace wlan0mon and target_BSSID as before: aireplay-ng -0 0 -a target_BSSID wlan0mon The -0 flag specifies the deauthentication attack, and 0 indicates an unlimited number of deauthentication frames.

Step 5: Capture the WPA Handshake

  • Return to the terminal where you're running airodump-ng. Wait until you see "WPA handshake" in the top right corner of the terminal. This indicates that you've successfully captured the WPA handshake, which is necessary for password cracking.
  • Once you've captured the handshake, press Ctrl + C to stop airodump-ng. You can also close the terminal.

Step 6: Password Cracking

Now that you have the capture file with the handshake, it's time to crack the WPA key using Aircrack-ng. Run the following command, replacing output_file with the name of your capture file and wordlist.txt with the path to your wordlist:

aircrack-ng -w wordlist.txt output_file.cap

Aircrack-ng will initiate the password cracking process using the captured handshake and the wordlist you provided. The time it takes to crack the password depends on the complexity of the password and the size of your wordlist.

If the password is found in the wordlist, Aircrack-ng will display it on the screen. If not, you may need to try a different wordlist with a wider range of potential passwords.

Step 7: Clean Up

Once you've successfully obtained the Wi-Fi password or determined that it's not in your wordlist, it's important to clean up your environment.

To stop monitoring mode and return your wireless interface to its original state, run:

airmon-ng stop wlan0mon

Replace wlan0mon with your monitor mode interface name.

Demonstration Video

Bottom Line

Cracking a WiFi passwords using Aircrack-ng is a challenging process that requires patience and the right tools. However, it's essential to emphasize that this knowledge should be used responsibly and legally. Cracking WiFi password without permission is a violation of privacy and may have legal consequences.

This guide has provided you with a step-by-step walkthrough of the process, from setting up your environment and capturing packets to deauthenticating clients and ultimately cracking the WPA key. Always prioritize ethical and legal use of these techniques to ensure network security and respect for others' privacy.

Like this Article? Please Share & Help Others: