WPA/WPA2
Steps to crack the WPA/WPA2 key. We will need a WPA handshake.
1. Monitor mode
First of all check and kill with airmon-ng:
sudo airmon-ng check
sudo airmon-ng check killNext, we enable monitor mode:
sudo airmon-ng start wlan0
sudo airmon-ng start wlan0 <channel_id>
# scan 5ghz networks
sudo airodump-ng -b a wlan02. Finding target
We will now find the bssid (MAC) and essid (SSID) of our target:
sudo airodump-ng wlan0Example output:
We found our target F0:A7:31:46:69:71 and see its using WPA2 PSK auth. We can also see its on channel 1.
3. Dumping & getting handshake
-c | channel to 1
-w for write output as wpa2
--bssid for target MAC
wlan 0 our monitor interface
We will now have to wait for a client to connect to the network or inject using a deauthorization attack. We can see one station (client) is connected 8C:EC:7B:0F:63:24.
4. Re-authentication attack
We use ‘aireplay-ng’ which is an injection attack. This forces a re-authentication packet into the wire.
After that we can see "WPA handshake: X" status:
We now have captured a handshake in the .cap file. We can now use aircrack to crack the PSK.
5. Cracking
Now we will run ‘aircrack-ng’ against the dump file we gathered earlier.
With hashcat
Convert cap to hashcat hash mode 22000
Crack it
With cowpatty
First generate list of hashes:
Then crack it:
Connecting to WPA2 network
Then connect to wlan3 interface
And get DHCP IP:
Last updated