For this tutorial you need external WiFi adapter or have Kali installed in your Hard Drive, not a virtual machine. Otherwise, look for the method using normal windows OS in the intermediate section
Start up Kali, Login and then follow the below steps
Step 1: Open console and type the following to start up network connections.
Step 2: Now we are going to put the network card into moniter mode by typing the following.
(You will find your Interface here)
Step 3: So first start up the scan
(this command depends on what it reads on your router or networking card as, replace as needed)
Step 4: Lets spoof your MAC address first by typing this next command.
This will change the MAC address being used to the computer we are connecting to.
Step 5: Time to start finding our victim’s router, type the following in console.
This will show the entire list of all the WiFi connections your adapter can catch and once you find one that suits your interest, and continue:
Step 6: Once found press CTRL + C to copy the BSSID and then get out of airodump and then type into a new console: (Read carefully!)
(*IMPORTANT- You have to fill in everything between [ ] yourself, since it is different for every case. You will get the BSSID, channel number from the previois steps, ‘mon0’ or ‘mon1’ based on your adapter, and for name of cap file you can type in any file name like ‘MyCapFile’)
Step 7: Lets start the passphrapse cracking. We need to get around 30,000-50,000 IVs(packets). We start by sending fake authentication requests. To do this open a new console and type:
Step 8: Almost done, we just need to contune the capturing process, open another console and type:
Now it will start replaying ARPs. (ARP = Address Resolution protocol, it is needed to find the device address from the IP address)
Collect a good amount of IVs like around 30,000-50,000(the more the better).(Depending on the network strength, this step can take anywhere from 15 minutes to about 3 hours). It should be stored in the .cap file Once you’ve captured enough packets, type CTRL + C to stop the process and continue to step 9.
Step 9: Time to start cracking that cap file 😀 You can think of it like every single packet contains a bit of leaked password. So we’ve captured a large number of packets, compiled them in the .cap file and now we’re going to try and find out tiny bits of information from each packet and piece it together to give us the PassPhrase. Open a new console and type:
Step 10: Wait a few seconds and we should now be presented with the key to log in to the router.