WI FI Hacking...

How to hack WPA/WPA2 Wi Fi with kali Linux.

Kali Linux can be used for many things, but it probably is best known for its ability to penetration test, or “hack,” WPA and WPA2 networks. There are hundreds of Windows applications that claim they can hack WPA; don’t get them! They’re just scams, used by professional hackers, to lure newbie or wannabe hackers into getting hacked themselves. There is only one way that hackers get into your network, and that is with a Linux-based OS, a wireless card capable of monitor mode, and aircrack-ng or similar. Also note that, even with these tools, WiFi cracking is not for beginners. Playing with it requires basic knowledge of how WPA authentication works, and moderate familiarity with Kali Linux and its tools, so any hacker who gains access to your network probably is no beginner!

Step

1.  Start Kali Linux and login, preferably as root.

2.

Plugin your injection-capable wireless adapter (unless your computer card supports it).

3.

Disconnect from all wireless networks. Open a Terminal, and type airmon-ng. This will list all of the wireless cards that support monitor (not injection) mode.

• If no cards are listed, try disconnecting and reconnecting the card and check that it supports monitor mode. You can check if the card supports monitor mode by typing ifconfig in another terminal, if the card is listed in ifconfig, but doesn’t show up in airmon-ng, then the card doesn’t support it.

4.

Type airmon-ng start followed by the interface of your wireless card. For example, if yours is wlan0, your command would be: airmon-ng start wlan0.

• The “(monitor mode enabled)” message means that the card has successfully been put into monitor mode. Note the name of the new monitor interface, mon0.

5.

Type airodump-ng followed by the name of the new monitor interface. The monitor interface is probably mon0.

6.

Review the Airodump results. It will now list all of the wireless networks in your area, and lots of useful information about them. Locate your network or the network that you have

permission to penetration test. Once you’ve spotted your network on the ever-populating list, hit Ctrl+C on your keyboard to stop the process. Note the channel of your target network.

7.

Copy the BSSID of the target network. Now type this command: airodump-ng -c [channel] -- bssid [bssid] -w /root/Desktop/ [monitor interface]

• Replace [channel] with the channel of your target network. Paste the network BSSID where [bssid] is, and replace [monitor interface] with the name of your monitor-enabled interface, (mon0).
• A complete command should look like this: airodump-ng -c 10 --bssid 00:14:BF:E0:E8:D5 -w /root/Desktop/ mon0.

8

Wait. Airodump with now monitor only the target network, allowing us to capture more  specific information about it. What we’re really doing now is waiting for a device to connect or reconnect to the network, forcing the router to send out the four-way handshake that we need to capture in order to crack the password. 

• Also, four files should show up on your desktop; this is where the handshake will be saved when captured, so don’t delete them! But we’re not really going to wait for a device to connect, no, that’s not what impatient hackers do.
• We’re actually going to use another cool-tool that belongs to the aircrack suite called aireplay-ng, to speed up the process. Instead of waiting for a device to connect, hackers use this tool to force a device to reconnect by sending deauthentication (deauth) packets to the device, making it think that it has to reconnect with the router. Of course, in order for this tool to work, there has to be someone else connected to the network first, so watch the airodump-ng and wait for a client to show up. It might take a long time, or it might only take a second before the first one shows. If none show up after a lengthy wait, then the network might be empty right now, or you’re to far away from the network.

9.

Leave airodump-ng running and open a second terminal. In this terminal, type this command: aireplay-ng –0 2 –a [router bssid] –c [client bssid] mon0.

• The –0 is a short cut for the death mode and the 2 is the number of death packets to send.
• -a indicates the access point (router)’s bssid; replace [router bssid] with the BSSID of the target network, for example 00:14:BF:E0:E8:D5.
• -c indicates the clients BSSID. Replace the [client bssid] with the BSSID of the connected client; this will be listed under “STATION.”
• And of course, mon0 merely means the monitor interface; change it if yours is different.
• A complete command looks like this: aireplay-ng –0 2 –a 00:14:BF:E0:E8:D5 –c 4C:EB:42:59:DE:31 mon0.

10. Open a new Terminal. Type in this command: aircrack-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap

• -a is the method aircrack will use to crack the handshake, 2=WPA method.
• -b stands for bssid; replace [router bssid] with the BSSID of the target router, like 00:14:BF:E0:E8:D5.
• -w stands for wordlist; replace [path to wordlist] with the path to a wordlist that you have downloaded. For example, you might have “wpa.txt” in the root folder./root/Desktop/*
• .cap is the path to the .cap file containing the password; the * means wild card in Linux, and assuming there are no other .cap files on your Desktop, this should work fine the way it is.
• A complete command looks like this: aircrack-ng –a2 –b 00:14:BF:E0:E8:D5 –w /root/wpa.txt /root/Desktop/*.cap.