How To Hack wifi WPA2-PSK using KALI LINUX.

Recently i had learn how to crack Wifi (WPA2-PSK) from Kali Linux,thought to share with you guys,this is just manipulation of some commands using kali linux terminal.

> First what is Wifi (WPA2-PSK) & (WEP)

WPA stand for Wi-Fi Protected Access

WEP stand for wired Equivalent Privacy

Step 1:

Kali Linux Commands List

The first step is to verify the router configuration. Normally in a real penetration test we would not have this option, but since this is a home lab I have a little more flexibility.

In this case the lab access point is securing the wireless network Wireless Lab with WPA2-PSK. It using the passphrase Cisco123. You can use any wireless router to setup your wireless lab.

Setup a old router and log into it setting it up as WEP for wireless security to use as a test router. Have one other computer, tablet, or smartphone connected to it wirelessly since the encrypted data between the two will need to be captured.

The basic idea of this attack is to capture as much traffic as possible using airodump-ng. Each data packet has an associated three byte Initialization Vector called IV’s. After the attack is launched the goal is to get as many encrypted data packets or IV’s as possible then use aircrack-ng on the captured file and show the password.

Step 2:

The iwconfig command will show any wireless cards in the system. I am using a RealTek wireless card. Linux ships with the RealTek drivers, making it a Linux plug and play wireless card.

The operating system recognizes a  wireless interface named wlan0.


Step 3:

My next step will be to enable the wireless interface. This is accomplished issuing the ifconfig wlan0 up command.

Step 4:

I need to understand what wireless networks my wireless card sees. I issue the iwlist wlan0 scanning command.

This command forces the wireless card to scan and report on all wireless networks in the vicinity.

You can see from this example it found my target network: Wireless Lab. It also found the MAC address of my access point: 0E:18:1A:36:D6:22. This is important to note because I want to limit my attack to this specific access point (to ensure we are not attacking or breaking anyone else’s password).

Secondly, we see the AP is transmitting on channel 36.This is important because it allows us to be specific on what wireless channel we will want our wireless card to monitor and capture traffic from.

Step 5:

The next step is to change the wireless card to monitoring mode. This will allow the wireless card to examine all the packets in the air.

We do this by creating a monitor interface using airmon-ng. Issue the airmon-ng command to verify airmon-ng sees your wireless card. From that point create the monitor interface by issuing the command: airmon-ng start wlan0

Next, run the ifconfig command to verify the monitor interface is created. We can see mon0 is created.

Now verify the interface mon0 has been created.

Step 6:

Use airodump-ng to capture the WPA2 handshake. The attacker will have to catch someone in the act of authenticating to get a valid capture. Airodump-ng will display a valid handshake when it captures it. It will display the handshake confirmation in the upper right hand corner of the screen.

Note: We will manually connect to the wireless network to force a handshake. In a future post I will show you how to force a reauthorization to make a device automatically disconnect and reconnect without any manual intervention.

We used the following command: airodump-ng mon0 – -bssid 20:aa:4b:1f:b0:10 (to capture packets from our AP) – –channel 6 (to limit channel hopping) – –write BreakingWPA2 (the name of the file we will save to)

airodump-ng mon0 – -bssid 0E:18:1A:36:D6:22 – –channel 36 – –write BreakingWPA2

(make sure there is no space between “–“)

To capture the handshake you are dependent on monitoring a legitimate client authenticate to the network. However, it does not mean you have to wait for a client to legitimately authenticate. You can force a client to re-authenticate (which will happen automatically with most clients when you force a deauthorization).

When you see the WPA Handshake Command you know you have captured an valid handshake

Step 7:

We will use aircrack-ng with the dictionary file to crack the password. Your chances of breaking the password are dependent on the password file.

The command on  is: aircrack-ng “name of cap file you created” -w “name of your dictionary file”

Example Aircrack

The BreakingWPA2-01.cap file was created when we ran the airodump-ng command. The valid WPA2 handshake airodump captured is stored in the BreakingWPA2-01.cap file.

Backtrack 5 ships with a basic dictionary. The dictionary file darkc0de.lst is a popular worldlist that ships with BackTrack5. We added our password Cisco123 in this file to make the test run a little smoother

Many attackers use large dictionaries that increase their chances of cracking a passwords. Many dictionaries contain passwords from real users and websites that have been cracked and posted on the Internet. Some sophisticated dictionaries combine multiple languages, permutations of each word, and key words and phrases from social media sites such as Twitter and Facebook.

Kali does not come with the darkc0de.lst but you can download it from here

NOTE: Kali does have built-in worldlists in: /usr/share/worldlist 

In this blog we created a file named “sample.lst” and added the word Cisco123 in it.


If the password is found in the dictionary file then Aircrack-ng will crack it.

3,946 thoughts on “How To Hack wifi WPA2-PSK using KALI LINUX.”

  1. homepage says:

    It’s awesome in favo of me to have a website, which
    is good designed for my knowledge. thanks admin

  2. official statement says:

    If some one desires to be updated with newest technologies afterward he must be pay a visit this website and be up to date daily.

  3. 메리트카지노 says:

    Thanks for your marvelous posting! I really enjoyed reading it, you’re a great
    author. I will ensure that I bookmark your blog and will come back later in life.
    I want to encourage yourself to continue your great writing, have
    a nice day!

  4. 카지노 룰렛 says:

    Incredible! This blog looks just like my old one! It’s on a
    entirely different subject but it has pretty much the same layout and design. Wonderful choice of

  5. 메리트카지노 says:

    Hi i am kavin, its my first occasion to commenting
    anyplace, when i read this paragraph i thought i could also create comment due to this good

  6. xo 카지노 says:

    Hello, I want to subscribe for this blog to get hottest updates, therefore where can i
    do it please assist.

  7. 더킹카지노 says:

    I have read so many articles on the topic of the blogger lovers but this
    article is really a fastidious post, keep it up.

  8. 더킹카지노 says:

    What i do not realize is if truth be told how you’re no longer actually much more
    smartly-favored than you may be now. You’re very intelligent.
    You understand thus considerably relating to this topic, made me for my part consider it
    from so many varied angles. Its like women and men don’t seem to be fascinated
    unless it’s one thing to accomplish with Lady gaga!
    Your individual stuffs excellent. At all times deal with it up!

  9. 메리트카지노 says:

    Sweet blog! I found it while browsing on Yahoo News. Do you have any suggestions on how to
    get listed in Yahoo News? I’ve been trying for a while but I never seem to get there!
    Thank you

Leave a Reply