Aircrack
TLDR Commands
Setup
When it comes to password cracking, there are two main components that can potentially prevent you from cracking the password. This is not being able to capture the 4-way handshake, as well as not having the actual password in your wordlist. This guide will walk you though how to crack WPA/WPA2 passwords, as long as you have the two aforementioned items. I will be doing these cracks using the Kali Linux VMware OS. In order to intercept packets and crack passwords, we will need a network adapter. I have bought this one from Amazon:
Next you will have to install the software for cracking the password. We will be using the aircrack-ng suite for this. In order to download this, run the following command:
This will download aircrack-ng, as well as the dependencies for air-crack-ng.
Intercepting Passwords
In order to crack passwords, we will first have to capture the 4-way handshake. This allows us to then crack the capture (.cap) file in order to find out the password. In order to do this, we have to run the following command:
This command will initialize our wireless card to be in monitor mode. We can then use it to intercept traffic. The next command we will use will allow us to see the nearby networks and see their BSSIDs.
We can now see the local networks, alongside their BSSIDs. I usually let the command run for 10-30 seconds, which gives it enough time to get together a good list of local networks. We then have to capture the handshake. For this to happen, we will have to have two terminal windows open simultaneously. On the first terminal we will run the following command:
On the other terminal, we will run:
This part gets a bit complicated. We have to run the "aireplay" command with a count that will allow us to get a handshake capture. For me, 20 works. The capture will be seen in the terminal running "airodump-ng". If nothing has changed in the "airodump-ng" terminal, then the handshake has not been captured yet. When the handshake is captured, you can go to the "Cracking Passwords" section of this tutorial.
Cracking Passwords
In order to crack passwords, there are 2 main methods to do it: using aircrack-ng to crack the password file, or using a password cracking software such as John the ripper or hashcat. I will be using the aircrack-ng command to crack the passwords. As I mentioned earlier, the only way you will be able to crack the password are based on two conditions: you have a 4-way handshake captured in a .cap file, and you have the password to the wifi in the dictionary you are using. I would reccomend building your own wordlist. This can help you have a dictionary which has 8+ characters (which is the minimum password size). I would look at the following links to make your own list. I use a (somewhat) combination of all of the following links:
You could also make your own password list using the "crunch" command on Kali or Parrot OS.
To crack the password, using the aircrack-ng command, we will run the following command:
Resources
(MacOS aircrack setup) https://louisabraham.github.io/articles/WPA-wifi-cracking-MBP.html
Last updated