WPA/WPA2 WIFI Cracking

Hello Reader, I am Jonty Bhardwaj currently enrolled in Master Certificate in Cyber Security HackerU program, this is my first blog and I want to share some of my learnings with you about common WPA/WPA2 attacks and how to crack any WPA or WPA2 Wi-Fi considering you have the Dictionary for it to crack the WPA handshake.

Without any more delay lets start the fun stuff and get our hands dirty. First of all you need to Setup you Wi-Fi adapter and open Kali Terminal to verify if the adapter is setup or not with the command


As we see here our Wi-Fi adapter is setup and working fine, now we have to first kill the process which are running and can create disturbance in the attack with the following command

airmon-ng check kill

After the pre-checks are over we can start the attack . First we have to put the Wi-Fi adapter in monitor mode with the command

airmon-ng start wlan0

As you can see we are in monitor mode now and can monitor the packets flowing on the Wi-Fi Network. After getting the adapter in monitor mode its time to start monitoring the network about how many Wi-Fi are there in the surrounding area and then select our target and try to capture WPA handshake on them. To start monitoring the network we will use the command

airodump-ng wlan0

where wlan0 is the network interface on which we want to monitor

After starting the monitor mode on the network interface your screen should look like this where -

BSSID means MAC address of Access Point.

PWR means the intensity of the signal.

Beacons means no of Announcement Packet's send by Access Point.

Data means no of captured packets.

#/s means no of data packets per second over interval of 10 secs.

MB means maximum speed supported by Access Point.

ENC means encryption used.

CIPHER means cipher detected by the Adapter.

AUTH means the Authentication protocol in use.

ESSID states the name of Wi-Fi network.

After understanding what every field is we can now go ahead with our attack .We need a target among these networks which we want to attack specifically and crack. So in this case our target is the First Wi-Fi network in table with ESSID FTTxJBNET9911155022.

We will now attack this specific network and try to get a WPA handshake

airodump-ng wlan0 — bssid 38:94:XX:XX:XX:XX -c 4 — write wifi.cap

As you see here there are different Clients connected to this Wi-Fi Network under STATION and in order to capture a WPA Handshake we need a new client to connect to this network so that we can capture the packets and crack it. But there is one problem as we could have to wait for longer periods of time in wait for someone new to connect or for any existing client to reconnect. But most of the time we don't have the liberty to waste so much time waiting and due to this scenario we would have to improvise.

Luckily for us there is a specific attack which can help us in solving the problem. This attack is know as De-Auth Attack and in this attack our aim is to kick one of the device connected to Network Forcefully by sending De-Auth packets to the Access Point which will think that the Packets are coming from the original device and will disconnect the device. Due to this the client will be confused why it was disconnected and will try to connect itself back and in this process of connecting back we will capture the WPA Handshake.

aireplay-ng -0 1 -a 38:94:XX:XX:XX:XX -c 2C:FD:XX:XX:XX:XX wlan0


  • -0 means DE authentication
  • 1 is the number of De-Auth packets to send (you can send multiple if you wish); 0 means send them continuously
  • -a specifies the MAC address of the access point
  • -c specifies the MAC address of the client to DE authenticate
De-Auth Attack

As soon as we do this the Client will try to reconnect itself and we will see a WPA Handshake being Captured in the file wifi.cap.

As you see in the top right corner of image WPA handshake is captured. Now we will stop the attack with Control + C and check the file we have created with the name of wifi.cap.

Now we can use the created file to Crack the WPA Handshake and get the password. To crack the WPA handshake we will use another utility with name Aircrack-ng with the command

aircrack-ng wifi.cap-01.cap -w wordlist.txt


  • -w wordlist.txt is the wordlist you want to use to crack the Handshake.
  • wifi.cap-01.cap is the main capture file to crack

If the particular password is in the Wordlist you have given, then and then only the Brute-force attack will be successful and the time will vary on the key complexity, you now just have to wait and watch.

Key Cracked

Congrats!! You have successfully cracked your Wi-Fi Password. Hope this blog helped you in successfully cracking your Wi-Fi password.

Thank you for reading this blog. Happy Hacking!!




Avid learner and writer trying to gain as much knowledge as possible in the domain of cyber security while sharing my learning to help other people like myself.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

USDN pool lottery on curve.fi: Vote and Win! $600k Prize fund!

Higher Security Through Passwordless Authentication

First DEX linking Tixl’s Cross-Chain Bridge

Network address discovering tool Netdiscover

{UPDATE} Pirates of Coin Hack Free Resources Generator

AMC SESSION: Beyond “Install Tor & Signal” Saturday, June 17 • 2:00pm — 3:30pm State Hall Room: 111…

{UPDATE} Zodi Bingo Hack Free Resources Generator

Internet Of Things Teddy Bear Leaked Two Million Parent And Kids Message Recordings

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jonty Bhardwaj

Jonty Bhardwaj

Avid learner and writer trying to gain as much knowledge as possible in the domain of cyber security while sharing my learning to help other people like myself.

More from Medium

Decrypting end-to-end encryption

picam — Using raspberry pi camera module as home cctv

Create a Pi-powered air quality meter with PMS7003

How to assign a static IP address to Raspberry Pi?