How to Hack WPA/WPA2 Wi Fi with Kali Linux

Download Article
Download Article

Want to find out if your Wi-Fi network is easy to hack? As a Kali Linux user, you have hundreds of pre-installed security auditing and penetration testing tools at your disposal. These tools are intended for ethical hacking—finding and repairing weak spots in a network—and not for illegal purposes. To find out if a WPA/SPA PSK network is susceptible to a brute-force password attack, you can use a suite of tools called aircrack-ng to hack the key. We'll show you how!

Part 1
Part 1 of 2:

Starting Monitor Mode

Download Article
  1. Step 1 Log into your Kali desktop as root.
    This logs you in to the desktop environment as the root user.[1]
    • If you haven't enabled root logins in Kali and are using KDE or GNOME, run sudo apt install kali-root-login at the prompt.[2] Once installed, you can set a root password by running sudo password (no username) and entering a new root password. At that point, you can log in to the desktop as root.
  2. Step 2 Plug your Wi-Fi...
    Plug your Wi-Fi card (if needed). If you don't have a Wi-Fi card that allows monitoring (RFMON) or you're using Kali Linux in a virtual machine, you'll need to attach an external card that does.
    • In most cases, simply attaching the card to your computer will be enough to set it up. Check the instructions for your Wi-Fi card to be sure.
    • If you're not sure if your Wi-Fi card supports monitoring, it doesn't hurt to try these next few steps.
    Advertisement
  3. Step 3 Disconnect from Wi-Fi.
    To successfully test a network, you'll want to make sure your computer is not actively connected to Wi-Fi—not even to the network you're testing.
  4. Step 4 In a terminal...
    In a terminal window, run the airmon-ng command. This tool come with Kali Linux as a part of the aircrack-ng package, and will show you the names of the connected Wi-Fi interface(s). You'll want to take note of what you see under the "Interface" header for your card.
    • If you don't see an interface name, your Wi-Fi card doesn't support monitoring.
  5. Step 5 Run airmon-ng start wlan0 to start monitoring the network.
    If the name of your Wi-Fi interface isn't wlan0, replace that part of the command with the correct name. This gives you a new virtual interface name, which will usually be something like mon0, which you'll see next to "(monitor mode enabled)."[3]
    • If you see a message that says "Found processes that could cause trouble," run airmon-ng check kill to kill them.
  6. Step 6 Run airodump-ng mon0 to view the results.
    Replace mon0 with the correct virtual interface name if that's not what you saw earlier. This displays a data table for all Wi-Fi routers in range.[4]
  7. Step 7 Find the router...
    Find the router you want to hack. At the end of each string of text, you'll see a router name.
    • Make sure the router is using WPA or WPA2 security. If you see "WPA" or "WPA2" in the "ENC" column, you can proceed.
  8. Step 8 Find the BSSID and channel number of the router.
    Now you'll want to make note of the values of the "BSSID" and "CH" fields for the router you want to hack. These pieces of information are to the left of the network's name.
  9. Step 9 Monitor the network for a handshake.
    A "handshake" occurs when an item connects to a network (e.g., when your computer connects to a router). You need to wait until a handshake occurs so you capture the data necessary to crack the password. To start monitoring, run the following command:
    • airodump-ng -c number --bssid xx:xx:xx:xx:xx:xx -w /root/Desktop/ mon0
    • Replace the word number with the channel number you saw, and the xx:xx:xx:xx:xx:xx with the BSSID.
    • As long as this command stays running, you'll be monitoring for all connections and new handshakes.
    10. Advertisement
Part 2
Part 2 of 2:

Logging and Cracking the Password

Download Article
  1. Step 1 Understand what a deauth attack does.
    A deauth attack sends deauthentication packets to the router you're trying to break into, causing uses to disconnect and requiring them to log back in.[5] When a user logs back in, you will be provided with a handshake. If you don't do a deauth attack, you might have to wait around for a long time for a handshake to complete—you'll need that handshake to crack the password.
    • If you already see a line with the tag "WPA handshake:" followed by a MAC address in the output of the airodump-ng command, skip to Step 5—you have what you need to crack the password and don't need to send deauth packets.
    • Remember—use these tools for ethical purposes only.
  2. Step 2 Wait for something to connect to the network.
    Once you see two BSSID addresses appear next to each other—one labeled BSSID (the Wi-Fi router) and the other labeled STATION (the computer or other device)—this this means a client is connected. To force them into a handshake, you'll now send them deauth packets that kill their connection.
  3. Step 3 Open a new terminal.
    Make sure airodump-ng is still running in original terminal window, and drag it to another place on your desktop so both terminals are visible.
  4. Step 4 Send the deauth packets.
    Run this command, replacing STATION BSSID with the BSSID of the client that connected to the network, and NETWORK BSSID with the router's BSSID: aireplay-ng -0 2 -a STATION BSSID -c NETWORK BSSID mon0.[6]
    • This command will send 2 deauth packets to disconnect the client from the network.[7] Don't try to send more than this—sending too many packets could prevent the client from reconnecting and generating the handshake.
    • As long as you're close enough to the target client, they'll be disconnected from the router and forced to reconnect with a handshake. If this doesn't work, move closer to the client.
    • As soon as the client reconnects, all of the information you'll need to crack the password will be available.
  5. Step 5 In the original terminal window, press Control+C to quit airodump-ng.
    This stops the dump and saves a file ending with .cap to your desktop.[8]
  6. Step 6 Decompress the rockyou.txt wordlist.
    To crack the password, you'll need a wordlist. Fortunately, since you're using Kali Linux, you have several already in /usr/share/wordlists.[9] The one we'll want to use is called rockyou.txt, but it's zipped up by default. To unzip it, run gzip -d /usr/share/wordlists/rockyou.txt.gz.
    • You won't be able to crack the password if it's not in the wordlist. You can always try one of the other wordlists if rockyou.txt doesn't crack the password.
  7. Step 7 Run the command to crack the password.
    You'll use a tool called aircrack-ng, which come with Kali Linux, to do so. The command is aircrack-ng -a2 -b NETWORK BSSID -w /usr/share/wordlists/rockyou.txt /root/Desktop/*.cap. Replace NETWORK BSSID with the BSSID for the router.
    • Depending on the strength of the password and the speed of your CPU, this process can take anywhere from a few hours to a few days.
    • If you're cracking static WEP key network instead of a WPA/WPA2-PSK network, replace -a2 with -a1.[10]
  8. Step 8 Look for "KEY FOUND!"
    in the terminal window. When you see a "KEY FOUND!" heading appear, aircrack-ng has found the password, which will appear in plain text.[11]
    9. Advertisement

Community Q&A

Search
Add New Question
  • Question
    What is a word list, and how do I find one?
    Community Answer
    Community Answer
    A word list is a file with passwords in it. RockYou is a good one.
    Thanks! We're glad this was helpful.
     Thank you for your feedback.
     If wikiHow has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission. Support wikiHow
    Yes No
    Not Helpful 36 Helpful 72
  • Question
    Where can I download Kali Linux?
    Community Answer
    Community Answer
    Go to kali.org. At the top of the page, there is a Download tab. Once you open that, it will pull up the list of current downloads.
    Thanks! We're glad this was helpful.
     Thank you for your feedback.
     If wikiHow has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission. Support wikiHow
    Yes No
    Not Helpful 24 Helpful 40
  • Question
    Who created Kali Linux?
    Community Answer
    Community Answer
    Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. Mati Aharoni, Devon Kearns and Raphaël Hertzog are the core developers.
    Thanks! We're glad this was helpful.
     Thank you for your feedback.
     If wikiHow has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission. Support wikiHow
    Yes No
    Not Helpful 28 Helpful 82
See more answers
Ask a Question
200 characters left
Include your email address to get a message when this question is answered.
Submit
Advertisement

Video

Tips

  • Using this method to test your own Wi-Fi for weak spots before launching a server is a good way to prepare your system for similar attacks.
    Thanks
Submit a Tip
All tip submissions are carefully reviewed before being published
Submit
Thanks for submitting a tip for review!
Advertisement

Warnings

  • Sending more than two death packets may cause your target computer to crash, thus arousing suspicion.
    Thanks
  • Hacking into anyone’s Wi-Fi without permission is illegal in most countries. Only perform the above steps on a network that either belongs to you or for which you have explicit consent to test.
    Thanks
Advertisement

You Might Also Like

Change Your Wi Fi Password
How to
Change Your Wi Fi Password
Find Your WiFi Password when You Forgot It
How to
Find Your WiFi Password when You Forgot It
WiFi Not Working on Phone but Working on Other DevicesWhen Wi-Fi Isn't Working on Your Phone but Works for Others
Connect Your PC to Your TV WirelesslyMirror Your Screen to a TV: Miracast, Chromecast & Wireless HDMI
Switch on Wireless on an HP LaptopHow to Switch On Wireless on an HP Laptop
Connect TV to WiFi Without RemoteHow to Connect your Smart TV to Wi-Fi Without The Remote
Change WiFi on Alexa9 Simple Steps to Update Wi-Fi on Alexa
Hack Wi Fi Using Android
How to
Hack Wi Fi Using Android
Why Is My Laptop Not Connecting to WiFiHow to Fix WiFi Connection Issues on a Laptop
Find Your WiFi Password
How to
Find Your WiFi Password
Connect Apple TV to WiFi Without RemoteHow to Connect Apple TV to Wi-Fi Without a Remote
Connect Two WiFi Routers Without a Cable
How to
Connect Two WiFi Routers Without a Cable
Find Your Router's IP AddressFind Your Router's IP Address on PC, Mac, ChromeOS, & Mobile
Configure Your PC to a Local Area Network
How to
Configure Your PC to a Local Area Network
Advertisement

References

  1. https://www.kali.org/docs/general-use/enabling-root/
  2. https://www.kali.org/docs/general-use/enabling-root/
  3. https://www.aircrack-ng.org/doku.php?id=cracking_wpa
  4. https://www.aircrack-ng.org/doku.php?id=cracking_wpa
  5. https://sudorealm.com/blog/deauthentication-attack-using-kali-linux
  6. https://www.aircrack-ng.org/doku.php?id=cracking_wpa
  7. https://www.aircrack-ng.org/doku.php?id=cracking_wpa
  8. https://www.geeksforgeeks.org/kali-linux-hacking-wi-fi/
  9. https://www.kali.org/tools/wordlists/
  1. https://www.aircrack-ng.org/doku.php?id=aircrack-ng
  2. https://www.geeksforgeeks.org/kali-linux-hacking-wi-fi/

About This Article

Stan Kats
Written by:
Stan Kats
Cybersecurity Expert
This article was written by Stan Kats and by wikiHow staff writer, Nicole Levine, MFA. Stan Kats is the COO and Chief Technologist for The STG IT Consulting Group in West Hollywood, California. Stan provides comprehensive technology & cybersecurity solutions to businesses through managed IT services, and for individuals through his consumer service business, Stan's Tech Garage. Stan has over 7 years of cybersecurity experience, holding senior positions in information security at General Motors, AIG, and Aramark over his career. Stan received a BA in International Relations from The University of Southern California. This article has been viewed 1,416,871 times.
How helpful is this?
Co-authors: 29
Updated: March 31, 2024
Views: 1,416,871
Categories: Wi Fi
Article SummaryX

Log into your Kali Linux computer as root and plug a Wi-Fi card into your computer. Next, open your computer’s terminal. From here, you’ll be able to begin monitoring the network and listen to nearby routers. When you find the router you want to hack, watch it for a handshake, which will give you the code to enter the network. To learn how to use Aircrack-Ng for Non-GPU computers, keep reading!

Did this summary help you?

In other languages
Thanks to all authors for creating a page that has been read 1,416,871 times.

Is this article up to date?

Advertisement