Cracking Wifi Passwords using Aircrack-ng

Have you ever thought about cracking wifi passwords

Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

Wi-Fi Protected Access 2 – Pre-Shared Key, and also called WPA or WPA2 Personal, it is a method of securing your network using WPA2 with the use of the optional Pre-Shared Key (PSK) authentication, which was designed for home users without an enterprise  authentication server.

Firstly I would like to discuss you all about some very basic Wifi protection access


When Wi-Fi was first developed in the late 1990s, Wired Equivalent Privacy was created

to give wireless communications confidentiality. WEP, as it became known, for a number of reasons, WEP is extraordinarily easy to crack because of a flawed implementation of the RC4 encryption algorithm. It’s not unusual to be able to crack WEP in less than 5 minutes. This is because WEP used a very small (24-bit) initialization vector (IV) that could be captured in the data stream, and this IV could then be used to discover the password using statistical techniques.

If you want to go in through detail in capturing cipher-texts and applying algorithms in order to unlock those passwords I suggest you should research on topics such as cryptography technique and algorithm and how you create programs on them so to encrypt and decrypt the data within it. Well remember one thing practice makes a man perfect.



WPA was the response by the industry to the revealed weaknesses of WEP. It’s often referred to as WPA1 to distinguish it from WPA2.

WPA used Temporal Key Integrity Protocol (TKIP) to improve the security of WEP without requiring new hardware. It still uses WEP for encryption, but it makes the statistical attacks used to crack WEP much more difficult and time-consuming.


WPA2-PSK is the implementation of WPA2 for the home or small business user. As the name implies, it’s the WPA2 implementation that uses a pre-shared key (PSK). It’s this security standard that is used by most households today, and although it’s far more secure, it’s still vulnerable to various attacks.

A feature that was added in 2007 called Wi-Fi Protected Setup, or WPS, allows us to bypass the security in WP2-PSK . We’ll look at a few attacks on WPA2-PSK in coming weeks.

Hacking Tool For WPA2-PSK


For nearly all of our Wi-Fi hacking, we will be using aircrack-ng which is included in BackTrack. Even in those hacks where we use other tools such cowpatty or reaver, we will use the aircrack-ng suite of tools for some part of the hack, so we need to become familiar with it.

I’ll probably do a dedicated tutorial on aircrack-ng suite in the very near future.

I will describe talk about some more hacking tool later in this blog

Download The file from the official website only other promising tools may generate errors.

I can guide you the steps using aircrack-ng

It is similar to put a device in between that captures everything in between

Step 1: open a terminal and type:

  • airmon-ng start wlan0

Step 2: Capture Traffic with Airodump-Ng

Now that our wireless adapter is in monitor mode, we have the capability to see all the wireless traffic that passes by in the air. We can grab that traffic by simply using the airodump-ng command.

Before I tell you the next steps firstly you got to know what Channel is

Like our radio, wireless has multiple channels so that various communication streams don’t interfere with each other. The 802.11 standard allows for channels ranging from 1 thru 14.


We need the BSSID and channel to do this. Let’s open another terminal and type:

  • airodump-ng —bssid 08:86:30:74:22:76 -c 6 –write WPAcrack mon0

Step 4: Aireplay-Ng Deauth

In order to capture the encrypted password, we need to have the client authenticate against the AP. If they’re already authenticated, we can de-authenticate them (kick them off) and their system will automatically re-authenticate, whereby we can grab their encrypted password in the process. Let’s open another terminal and type:

  • aireplay-ng –deauth 100 -a 08:86:30:74:22:76 mon0

Step 5: Capture the Handshake And Type the following Command to get the Password

  • aircrack-ng WPAcrack-01.cap -w /pentest/passwords/wordlists/darkc0de