Wi-Fi password cracking
Test the strength of your Wi-Fi password with Aircrack-ng and Reaver.
Here, we’ll focus on using Kali’s tools to test the strength of your networks wireless keys by attempting to directly crack the password. In recent years, this technology has come a long way and provided your network is using WPA2-AES encryption, a strong password, and has WPS disabled ( seethebox below) it’s extremely difficult to access.
One method of hacking encrypted Wi-Fi passwords is “brute forcing” whereby every single combination of characters is tried until you hit on the right one. It’s theoretically possible, but this can take years in practice, especially so if a long password is used.
Kali includes the aircrack-ng tools suite, which can he used by hackers to speed up this process considerably. This is usually done through trying passwords from pre-compiled word lists containing default and common passwords, as well as forcing devices to reauthenticate so you can capture the crucial handshake procedure, where the wireless key is exchanged with the router.
To get started you need to have a wireless card/dongle capable of packet injection. The TP-Link USB dongle we mentioned in the previous section does this.
Once you have this, check that Kali can detect the adapter by opening Terminal and running the command airmon-ng. Disable any processes that might interfere with your packet capturing with airmon-ng check kill, and put the adapter in monitoring mode with airmon-ng start wlan0.
Make a note of the interface name, then run airodump-ng <interface name> to list networks around you, for example airodump-ng wlan0mon.
Find your target network in the list. Note down the “BSSID” and “CH” (Channel). Next, run this command: airodump-ng –w <logfile> –c <channel> –bssid <bssid> –ivs <interface>
For example, this might read: airodump-ng –w log.txt –c 11 --bssid B0:48:7A:ED:32:5C --ivs wlan0mon
Airodump will now begin capturing data packets and saving them to your log file. The more devices that use the wireless network, the more data is captured.
You can try and knock all devices off the Wi-Fi network so that they’re forced to reconnect. This will enable you to capture the vital handshake which contains the password. Open a new Terminal and run: aireplay-ng -0 5 -a <bssid> <interface>
Finally, use Ctrl+C to terminate the process and then run ls to display the exact name of your log file.
Password cracking requires a word list. You can either download one or extract the file rockyou.txt.gz that’s located in /usr/share/wordlists in Kali.
Begin password cracking with the command: aircrack-ng <filename> –w /usr/share/wordlists/rockyou.txt.