To crack a wpa2-psk encrypted wifi password using aircrack-ng.

Posted by Unknown on 10:22 with No comments

To crack a wpa2-psk encrypted wifi password using aircrack-ng.


requirements:
  • If  you are using a kali linux in vmware or other virtual machines then you need to get a compatible usb wifi receiver (in this case i’m using Atheros AR9271 wireless network adapter) because wifi connections dosen’t show up in virtual machines instead they show those connections as lan and also in order to do packet injections (we’ll discuss about packet injections and their need in few minutes).
  • If you dual booted your system and or using ubuntu or mint linux then you are good to go.
wait…wait…         you also need a word list comprising of all the possible different combination of pass-phrases you can download some of them from torrentz or click here and you need aircrack-ng suite (in kali linux it comes as a in built tool and for others you can get it by doing “sudo apt-get install aircrack-ng“)
moving ahead assuming that you have met the above requirements,
Procedure:
Attach the usb wifi receiver to the virtual machine(if you are using one). open up your terminal as root and type “ifconfig” , this will show you all the networking interfaces connected to your device.
Now type “airmon-ng start wlan0 mon0 this command will push your wireless interface into monitor mode, here ‘airmon-ng’ is a traffic monitoring tool, ‘wlan0’ is your wireless interface, ‘mon0’ is monitor mode and ‘start’ will start the monitor mode on the particular interface.
After entering this command there pop ups a list of process id’s that cause trouble during the process so kill those processes by typing “kill <pid>” , in my case “kill 3130 3227 4210 4236” and now type ifconfig and this will show the newly set monitoring interface i.e, mon0.
Now type “airodump-ng mon0” (airodump-ng is a wifi packets capturing tool) and this will start capturing all packets and from the captured packets select your target and note its ‘bssid’ (bssid = base service set identifier) and channel and stop the capture using “cntrl+c“.
Now to start capturing the packets of your target network type the following command “airodump-ng -c <channel> -w <name> -bssid <bssid> mon0” (-c = channel of your target, -w = writes the captutred data to a file, name = name assosiated to the file, -bssid = base service set id of your target, mon0 = interface on which capturing takes place). In my case “airodump-ng -c 11 -w wifi –bssid 10:FE:ED:2E:29:34 mon0” this will start the capturing of packets.
while the capturing of packets goes on, open a new terminal as root and type “aireplay-ng -0 0 -a <bssid> mon0” (aireplay-ng = tool for deauthentication, fake authentication and other packet injections, -0 = number associated for deauthentication, 0 = deauth count, -a = bssid) here we are trying to send a deauthentication request. In my case the command looks like “aireplay-ng -0 0 -a 10:FE:ED:2E:29:34 mon0” after few seconds stop it using cntrl+c.
you can also do the fake authentication request by typing “aireplay-ng -1 0 -a 10:FE:ED:2E:29:34 -h 20:EF:FD:3F:36:45 wlan0” (-1 = fake authentication request number, 0 = count, -h = host bssid, host bssid dosen’t really matter some fake id would do the work). 
now if you look at the other terminal we have successful captured the wpa handshake.

you can now stop the capturing using cntrl+c and type “ls” that would bring up all the current directories and files. Select a file with “.cap“extension and type the following command “aircrack-ng -w <full location of the word list> <name of the file>” (aircrack-ng is a tool that helps in cracking the password). In my case the command looks like “aircrack-ng -w /home/upendra/passwords.lst wifi-01.cap”  Now it starts finding suitable passphrase.
wait…
wait and wait…
                          (password strength and cracking time are directly proportional)
patience pays off …

 
at the end,
key found