How to Hack WiFi Password Using Linux

There are many Fake Software and Apps available on the internet to hack WiFi which does not work mostly so we had made a Survey and wrote this post. The requirement to crack the WiFi password is Linux Os.

A lot of people ask me How to Hack Wifi Password? So I thought of writing an article on How to Hack Wifi Password? As you all know that Wi-Fi was developed in the late 1990s and WEP has a big flaw in it as it can be easily cracked.As a replacement for the WEP now near about all wireless access points are using the Wi-Fi Protected Access 2 with pre-shared key and known as WPA2-PSK.It uses a very strong algorithm AES that is very difficult to crack. But nothing is impossible.

There is some weaknesses in the WPA2 that it goes through the 4-way handshake so if we can grab the password at the time of authentication then we can attempt to crack the password. To know more about WPA2-PSK you can go here.

1] Crack WEP protected wifi using the terminal.

1. Open terminal in Kali Linux.
2. In Terminal Type: airmon-ng
(Above command is used to Check weather your wireless card is available and working properly)
3. Type: airmon-ng start wlan0
(Put your wireless card into monitoring mode as wifi cracking is possible in monitoring mode only)
4. Type command: airodump-ng mon0
(Command to scan the wireless access point around you and get details about those access point.)
5. Type command : airodump-ng –w <File name> –c <Target Channel no.> –bssid <BSSID of target > mon0
( eg: airodump-ng –w MTNL-01 –c 3 –bssid 11:22:33:44:55:66 mon0)
(command starts capturing the packet for cracking the wifi password.)
6. Type command : aireplay-ng -0 0 -a 11:22:33:44:55:66 mon0
(If there are only a few packets then you can deauth to generate more data packets with the above command. It helps to capture the packet faster.)
7. Type command: aircrack-ng MTNL-01.cap
( AirCrack is used to crack the WEP key )

2] How to Hack Wifi Password: Capturing the traffic

Now the wireless card has got the capability of seeing the traffic going nearby so we will now capture the traffic using Aircrack-Ng command.

  • airodump-ng mon0

In the upper part of the screen is the APs while in the lower part the clients connected to it.

3] How To Crack WPA/WPA2 Protected Wi-Fi With Dictionary

Step 1: Get Ready Your Dictionary File

First, we’re gonna need a dictionary, to perform the dictionary attack. If the network you’re attacking has WPS enabled, you may attempt to get the password that way first.

In Kali, you have a nice wordlist that comes bundled within your installation/live USB. It’s located in /usr/share/wordlists, but it comes compressed in .gz format (at least in the live version).

To get it ready for the attack, we need to type:

gzip -d /usr/share/wordlists/rockyou.txt.gz

And within seconds it’ll be extracted and ready to use.

Backtrack has them located in /pentest/passwords/wordlists. It has one that’s called darkc0de.lst along with the rockyou.txt one.

You can use them simply copying one of this after the ‘-dict’ option.

/pentest/passwords/wordlists/rockyou.txt
/pentest/passwords/wordlists/darkc0de.lst

For any other distros, search for “download wordlist rockyou” or “download wordlist darkc0de”, or just “download wordlist” in DuckDuckGo. It gives more precise results than Google for this kind of stuff.

For the rest of this, I’ll assume that you’re using Kali.

Step 2: Launch Wifite To launch Wifite, you must be running with root permissions. In a live Kali boot, you are logged on by default with the root user. If you let it run for a while (while cracking with the dictionary, presumably) and it asks for a password to return to the session, it’s ‘toor’ (root backwards). Same for BackTrack (confirmation needed), and for other distros you can gain root access by typing “su” or “sudo su” and entering the password. The first command requires you to know root’s password, and the second your current account’s and it must have root privileges. TL;DR? Okay, you just want the command? Here it is! wifite -mac -aircrack -dict /usr/share/wordlists/rockyou.txt-mac | Anonymizes your MAC Address by randomizing it (it mustn’t be set to monitor mode, or this command won’t work). -aircrack | Tells Wifite we’ll be doing an Aircrack only attack. -dict | Select a dictionary to use for cracking the password after capturing the handshake, otherwise, you’ll get the ‘.cap’ file and Wifite will terminate.

I have it located in a different folder because I’m not running Kali, but it’s pretty much the same.

Step 3: Select Your Wireless Adapter and Your Target

If you have a laptop, you’ll probably have to choose which adapter to use, if you have an external USB adapter. Please note that you’ll need a compatible adapter that’s able to inject packets and enter into promiscuous mode (monitor mode), or this won’t work.

If prompted, we select our adapter choosing the number Wifite has assigned it. In my case, I’ll type ‘1’, because that’s mine. One good indicator for knowing which one it is, is reading that name to the left of phy. For example, I have one that says ‘usb’ in it, and one that doesn’t. And yep, I have it plugged to USB, so that one’s it.

Now we’ll see a list of wireless networks, and if we let it run, it will eventually display ‘client’ or ‘clients’ at the top right of the network info, showing that it has a client (or more) connected to it.

To stop the scan, press Ctrl+C. I’ll choose “Casa” (spanish for House).

Step 4: Sit and Wait

If the network you’re attempting to crack has WPS enabled, it’ll start cracking it like that first. To stop it, just press Ctrl+C Now it will attempt to capture the handshake for a few minutes. If no clients are connected, it’ll send a general deauth to the wireless adapter, so that clients may show up. If it detects a client connected to the network, it’ll tell you it’s MAC Address, and proceed to send targeted deauths to that client. When it succeeds deauthenticating a client (who has re-connect enabled by default), or a new client connects to the network, hopefully, it will capture the handshake, and it’ll start attempting to crack it with aircrack-ng and the dictionary file you gave it. If the passphrase is any of the words contained in that dictionary, it’ll stop and show it on screen. Otherwise, it’ll run through the whole dictionary, and say it couldn’t find the key. But it has a nice success rate.

I used my country in lowercase letters as the passphrase (Argentina), and as it’s along with the first words in this dictionary, it took only one second to crack it. For you it may take over an hour or two, depending on your processing power and if the passphrase is near the beginning or the end of the list.

Wifite Succeded but Failed!

If it failed, you still get the ‘.cap’ file (hopefully not empty).

You can use that file with the same dictionary (or others) with aircrack-ng, using this command:

aircrack-ng -w <location of dictionary> <location of your .cap file>

In Kali live, ‘.cap’ files get saved into a folder named ‘hs’ of the folder you’re standing.

After Wifite has ended, type:

ls ./hs

To see you ‘.cap’ files and other files for cracking.


4] How to Hack Wifi Password: Choose AP in airodump.

Now we have to emphasize on one AP and one channel so now open a new terminal and type the following command :-

  • airodump-ng –bssid 08:86:30:74:22:76 -c 6 –write WPA2 mon0
  • 08:86:30:74:22:76 is the BSSID of AP
  • -c 6 is the channel
  • WPA2 is the file where you want to write
  • mon0 is the Wireless card in monitor mode

Now our prime target for cracking is the Belkin because the users who leave the default names on their APs usually don’t spend too much time in securing it.


These are tricks for hacking WiFi.

Like this article? We’d appreciate if you could pass it along to your friends and support folk and give us a shoutout on social media.

Leave a Reply

Your email address will not be published. Required fields are marked *