How to crack a Wifi Password using Kali Linux Leave a comment

Note: If you do not have Kali Linux, you can buy a pre-made ready to boot USB with Kali Linux on it from our shop or you can buy Kali Linux on Amazon.

A quick preview of what we’ll be doing:

Step 1: Check if your card supports monitor mode

Before we do anything, you need to make sure that your wifi adapter supports monitor mode. To do this, we can open up a terminal and type

iw list

As you can see, my wifi card has “monitor” listed under “Supported interface modes.” If your card doesn’t support monitor mode, you can buy a wifi adapter from amazon. We will need a wifi card that supports monitor mode for this tutorial

Step 2: Put Kali Linux in monitor mode and view traffic

Open up a terminal and type in

airmon-ng start wlan0

to put your computer in monitor mode. If Kali responds with any warnings, type in

airmon-ng check kill

to silence them. Keep in mind that you will kill your wifi connection when you put Kali in monitor mode.

We can check that we are in monitor mode by typing in

ifconfig

We see that wlan0mon is listed under our wifi devices.

To capture the traffic, type in

airodump-ng wlan0mon

Step 3: Capture the traffic and find the handshake

In order to capture the handshake, we need to isolate the traffic on one router. We can do this by noting the BSSID of the router and the channel that it is communicating on. Type in

airodump-ng --bssid [BSSID of router] -c [channel of the router] --write [name of the file to write data to] wlan0mon

In this case, we’re going to try to find the password for router with SSID “mayhem.”

Next, we are going to capture the handshake by forcing people off of the network. When they reconnect, we can intercept the handshake.

To force people off the network, we are going to send a bunch of deauth packets, essentially DDOSing the network. To do this, type in

aireplay-ng --deauth 100 -a [BSSID of router] wlan0mon

This will send 100 deauthorization packets to the router, booting everyone off of it. Note that you can send as many deauth packets as you want. 100 should be enough for smaller networks though.

Once the people that we kicked off the network log back onto the network, we can capture the handshake, which will appear at the top of the traffic window.

Step 4: Crack the password

When we crack the password, we’re going to do a brute force attack. This means that we’re going to throw a bunch of passwords at the router and see if any of them connect. This is made much faster if we have a password list, and luckily Kali comes with a bunch of lists. We can navigate to /usr/share/wordlists to see the password lists we have.

cd /usr/share/wordlists
ls

To run the password list against the router, type in

aircrack-ng [Name of file].cap -w /usr/share/wordlists/[path to password list to use]

If the password to the router is in the list, the program will crack it and you’ll be able to find the password.

If the password wasn’t found, that means that the password wasn’t in the list you provided. You can run another one that came with Kali Linux, or download a password list from the internet.

This GitHub repository has a lengthy list of them.

In conclusion:

  • We used Kali Linux to hack a wifi router (if you don’t have Kali Linux, you can buy it here).
  • We used airmon, aireplay, and aircrack to find the wifi traffic and capture the handshake.
  • Finally, we checked each password in a password list to see if the router had that password, eventually finding the password and hacking the wifi router.

Leave a Reply

Your email address will not be published.