Posted on 7 Comments

Crack WPA WPA2 password with aircrack

This is a tutorial on how to crack WPA WPA2 with aircrack. WPA stands for Wifi Protected Access. It is an encryption system to secure WLAN networks. It eliminates all known vulnerabilites in WEP(Wired Equivalent Privacy).  WPA uses 128 bit key and  48 bit initialization vector while WEP uses 108 bit key with 24 bit initialization vector. WPA2 is the successor of WPA. Both WPA and WPA2 use temporal key integrity protocol(TKIP) for encryption and  pre-shared key(PSK) authentication.  The only difference between WPA and WPA2 is that they use Rivest Cipher(RC4) and Advanced Encryption Standard(AES) encryption algorithms respectively. Both can be configured to use counter cipher block chaining mode(CCM) though. They are by far consired  most secure for Wifi networks.

So, today we are going to see WPA/WPA2 password cracking with aircrack. For this howto, I am going to use Kali Linux. ( For this howto, if you are running Kali Linux in Vmware or Virtualbox you need to have a compatible wifi usb adapter). I am running Kali Linux in live USB mode(see how to make kali live usb) as my laptop has Atheros adapter. So let’s start.

Once you have booted into Kali Linux, open terminal and type command “iwconfig”. It lists your wireless interfaces just like ifocnfig shows wired interfaces.

wpacrack1

We can see that we have a wireless interface wlan0. Now we are going to start monitor mode on our wireless interface. Monitor mode is same as promiscuous mode in wired sniffing. Type command “airmon-ng start wlan0″. We can see below that monitor mode has been enabled on “mon0″.

wpacrack2

Now let’s see all the traffic collected by our wireless interface. Type command airodump-ng mon0.

wpacrack3

Hit Enter. We can see all the wireless networks available as shown below.

wpacrack4

We can see that all the wifi networks are configured with  WPA2 or WPA. We are going to hack the network “shunya”. We will collect the shunya’s network traffic into a file. Open a terminal and type command “airodump-ng –bssid <Mac address of wifi access point> -c 13 –write wpacrack mon0″.

wpacrack5

where

–bssid stands for base station security identifier

<MAC address> is the Mac address of access point.

-c is used to specify the channel the wifi network is operating on.

–write to write to a file.

wpacrack  is the file name we are writing into.

mon0 is the interface

Hit Enter. We will see the result as below.

wpacrack6

We can only hack a WPA/WPA2 protected wifi network by capturing it’s handshake process or association( when the client is trying to connect to the wifi network.).  So let’s try to disconnect all the clients connected to the wifi network “shunya” first. Open a new terminal and type the command “aireplay-ng  –deauth 100 -a <MAC> –ignore-negative-one mon0″.

where

–deauth are the deauthentication packets,

100 are the number of deauthentication packets we want to send.

-a stands for access point.

<MAC> is the MAC address of the wifi access point.

wpacrack7

This command will send 100 deauthentication packets to the broadcast address of the wifi access point. This will make all the clients connected to the shunya get disconnected. As soon as this happens, all the clients will try to connect back to the wifi network once again. We can see that a WPA handshake has happened in the previous terminal.

wpacrack8

Now let’s see where our capture file is located. Type “ls”. We will do dictionary password cracking here. So let’s find out where the dictionaries are.  Type command “locate wordlists”. This will show us a number of wordlists available by default in kali linux.

wpacrack9

Our captured traffic is stored in .cap file. We will use the wordlist big.txt for cracking the password. Open a new terminal and type command “aircrack-ng wpacrack-01.cap -w /usr/share/dirb/wordlists/big.txt”.

wpacrack10

Hit Enter. If our dictionary has the password, the result will be as below. If our dictionary doesn’t have the password, we have to use another dictionary.

wpacrack11

Remember that the choice of dictionary will play a key role in WPA/WPA2 password cracking. So that is one way in which we crack wpa wpa2 password  with aircrack for you. Hope this was helpful. Learn how to crack wpa wpa2  with a graphical tool.

7 thoughts on “Crack WPA WPA2 password with aircrack

  1. […] everybody. In a previous howto, we saw WPA/WPA2 password cracking using aircrack, a tool inbuilt in Kali Linux. But that needed lot […]

  2. […] We have seen how to perform dictionary password cracking on WPA/WPA2 wifi networks using both aircrack and Fern Wifi Cracker. Today we will see WPA/WPA2 password cracking with a tool called Bully which […]

  3. Hi, I just wanted to thank you for writing and presenting these explanations in terms that beginners can actually understand. I am a high school student who is really interested in network security and want to learn how to use my computer correctly in order to properly secure my own network by knowing how to break in. Most tutorials are not very user-friendly as they presume that anyone using the tutorial is already versed in the terminology. Thank you again,
    JG

    1. Thank you JG.

  4. My last step when i enter aircrack-ng wpacrack-01.cap -w /usr/share/dirb/wordlists/big.txt then after 25 second passphrase not in dictionary quitting aircrack….. and another way last step airceack-ng -w /root/Desktop/wordlist dwfcon-01.cap then error operation not permitted opening dwfcon-01.cap. read 287965………..

  5. Please help me for solutions

  6. Anyone help me for above question

Leave a Reply