How to Hack WPA/WPA2 Wi Fi with Kali Linux
wikiHow is a “wiki,” similar to Wikipedia, which means that many of our articles are co-written by multiple authors. To create this article, 26 people, some anonymous, worked to edit and improve it over time.
This article has been viewed 1,291,285 times.
Want to find out if your Wi-Fi network is easy to hack? As a Kali Linux user, you have hundreds of pre-installed security auditing and penetration testing tools at your disposal. These tools are intended for ethical hacking—finding and repairing weak spots in a network—and not for illegal purposes. To find out if a WPA/SPA PSK network is susceptible to a brute-force password attack, you can use a suite of tools called aircrack-ng to hack the key. We’ll show you how!
Starting Monitor Mode
- If you haven’t enabled root logins in Kali and are using KDE or GNOME, run sudo apt install kali-root-login at the prompt. [1] X Research source Once installed, you can set a root password by running sudo password (no username) and entering a new root password. At that point, you can log in to the desktop as root.
- In most cases, simply attaching the card to your computer will be enough to set it up. Check the instructions for your Wi-Fi card to be sure.
- If you’re not sure if your Wi-Fi card supports monitoring, it doesn’t hurt to try these next few steps.
Disconnect from Wi-Fi. To successfully test a network, you’ll want to make sure your computer is not actively connected to Wi-Fi—not even to the network you’re testing.
- If you see a message that says «Found processes that could cause trouble,» run airmon-ng check kill to kill them.
Run airodump-ng mon0 to view the results. Replace mon0 with the correct virtual interface name if that’s not what you saw earlier. This displays a data table for all Wi-Fi routers in range.
- Make sure the router is using WPA or WPA2 security. If you see «WPA» or «WPA2» in the «ENC» column, you can proceed.
Find the BSSID and channel number of the router. Now you’ll want to make note of the values of the «BSSID» and «CH» fields for the router you want to hack. These pieces of information are to the left of the network’s name.
- airodump-ng -c number —bssid xx:xx:xx:xx:xx:xx -w /root/Desktop/ mon0
- Replace the word number with the channel number you saw, and the xx:xx:xx:xx:xx:xx with the BSSID.
- As long as this command stays running, you’ll be monitoring for all connections and new handshakes.
Logging and Cracking the Password
- If you already see a line with the tag «WPA handshake:» followed by a MAC address in the output of the airodump-ng command, skip to Step 5—you have what you need to crack the password and don’t need to send deauth packets.
- Remember—use these tools for ethical purposes only.
Wait for something to connect to the network. Once you see two BSSID addresses appear next to each other—one labeled BSSID (the Wi-Fi router) and the other labeled STATION (the computer or other device)—this this means a client is connected. To force them into a handshake, you’ll now send them deauth packets that kill their connection.
Open a new terminal. Make sure airodump-ng is still running in original terminal window, and drag it to another place on your desktop so both terminals are visible.
- This command will send 2 deauth packets to disconnect the client from the network. [2] X Research source Don’t try to send more than this—sending too many packets could prevent the client from reconnecting and generating the handshake.
- As long as you’re close enough to the target client, they’ll be disconnected from the router and forced to reconnect with a handshake. If this doesn’t work, move closer to the client.
- As soon as the client reconnects, all of the information you’ll need to crack the password will be available.
In the original terminal window, press Control + C to quit airodump-ng. This stops the dump and saves a file ending with .cap to your desktop.
- You won’t be able to crack the password if it’s not in the wordlist. You can always try one of the other wordlists if rockyou.txt doesn’t crack the password.
- Depending on the strength of the password and the speed of your CPU, this process can take anywhere from a few hours to a few days.
- If you’re cracking static WEP key network instead of a WPA/WPA2-PSK network, replace -a2 with -a1 . [4] X Research source
Look for «KEY FOUND!» in the terminal window. When you see a «KEY FOUND!» heading appear, aircrack-ng has found the password, which will appear in plain text.
Community Q&A
Thanks! We’re glad this was helpful.
Thank you for your feedback.
As a small thank you, we’d like to offer you a $30 gift card (valid at GoNift.com). Use it to try out great new products and services nationwide without paying full price—wine, food delivery, clothing and more. Enjoy! Claim Your Gift If wikiHow has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission. Support wikiHow
Go to kali.org. At the top of the page, there is a Download tab. Once you open that, it will pull up the list of current downloads.
Thanks! We’re glad this was helpful.
Thank you for your feedback.
As a small thank you, we’d like to offer you a $30 gift card (valid at GoNift.com). Use it to try out great new products and services nationwide without paying full price—wine, food delivery, clothing and more. Enjoy! Claim Your Gift If wikiHow has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission. Support wikiHow
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. Mati Aharoni, Devon Kearns and Raphaël Hertzog are the core developers.
Thanks! We’re glad this was helpful.
Thank you for your feedback.
As a small thank you, we’d like to offer you a $30 gift card (valid at GoNift.com). Use it to try out great new products and services nationwide without paying full price—wine, food delivery, clothing and more. Enjoy! Claim Your Gift If wikiHow has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission. Support wikiHow
Using this method to test your own Wi-Fi for weak spots before launching a server is a good way to prepare your system for similar attacks.
Sending more than two death packets may cause your target computer to crash, thus arousing suspicion.
Hacking into anyone’s Wi-Fi without permission is illegal in most countries. Only perform the above steps on a network that either belongs to you or for which you have explicit consent to test.
You Might Also Like
Mirror Your Screen to a TV: Miracast, Chromecast & Wireless HDMI
How to Connect Apple TV to Wi-Fi Without a Remote
9 Simple Steps to Update Wi-Fi on Alexa
How to Improve your Wi-Fi Reception: Complete Guide
How to Fix WiFi Connection Issues on a Laptop
Hack Wifi (WPA/WPA2) with Aircrack-ng
airodump-ng does not discover any wifi networks, though they all are in very close proximity and good strength, they are visible on my phone but airodump-ng shows this and stays like this forever, without any change
5 likes Like Comment button
I’m a Quick Learner | Love to Write Code | Learn new Tech stuffs | Find Peace in Solving or Fixing an Error. ~Every code matters !~
sometimes it cant capture the handshake and there can be may reasons for that like your wirelesses adapter is not capable of capturing it, weak signal bla bla.
Try to stay close to the targeted device.
5 likes Like Comment button
Yes i searched about it a lot on the internet and finally got to know that there is some issue with the QUALCOM ATHEROS Q933. adapter which comes in a lot of devicesand the only possible solution for this is to use an external Wi-Fi card
I’m a Quick Learner | Love to Write Code | Learn new Tech stuffs | Find Peace in Solving or Fixing an Error. ~Every code matters !~
1 like Like Comment button
When i follow these steps at some point i get this error:
sudo airodump-ng wlp3s0mon
nl80211 not found.
Interface wlp3s0mon:
ioctl(SIOCGIFINDEX) failed: No such device
Failed initializing wireless card(s): wlp3s0mon
What am i doing wrong or what am i missing?
Also in the step before i get the message:
Requested device «wlp3s0» does not exist.
2 likes Like Comment button
I’m a Quick Learner | Love to Write Code | Learn new Tech stuffs | Find Peace in Solving or Fixing an Error. ~Every code matters !~
can you show me the output of ifconfig
1 like Like Comment button
ifconfig
enp0s3: flags=4163 mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::ceb7:156a:789d:6d60 prefixlen 64 scopeid 0x20
ether 08:00:27:18:68:bf txqueuelen 1000 (Ethernet)
RX packets 585 bytes 256028 (256.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 640 bytes 83216 (83.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 320 bytes 31490 (31.4 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 320 bytes 31490 (31.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
I’m a Quick Learner | Love to Write Code | Learn new Tech stuffs | Find Peace in Solving or Fixing an Error. ~Every code matters !~