WPA/WPA2 supports many types of authentication beyond pre-shared keys. aircrack-ng can ONLY crack pre-shared keys. So make sure airodump-ng shows the network as having the authentication type of PSK, otherwise, it’s simply uncrackable (yet). But most Networks do use PSK only, so your chances are good. Before continuing on just take a look at what type of protection the network has.

The only time you can crack the pre-shared key is if it is a dictionary word or relatively short in length. Conversely, if you want to have an unbreakable wireless network at home, use WPA/WPA2 and a 63 character password composed of random characters including special symbols. This is because in this Hack our only option is to use a Dictionary attack, that means literally test each and every word in a text file and checking whether it is the password. A simple google : “Dictionary attack list” will give you a text file containing all the known words, Pick the one that’s the biggest.

There is another important difference between cracking WPA/WPA2 and WEP which is the approach used to crack the WPA/WPA2 pre-shared key. Unlike WEP, where statistical methods can be used to speed up the cracking process, only plain brute force techniques can be used against WPA/WPA2. That is, because the key is not static, so collecting IVs(more packets) like when cracking WEP encryption, does not speed up the attack. The only thing that does give the information to start an attack is the handshake between client and AP. Handshaking is done when the client connects to the network and attempts to authorize. Since the pre-shared key can be from 8 to 63 characters in length, it effectively becomes impossible to crack if the password is set to anything unusual, since even an 8 character password is almost impossible to brute-force.

This means that the passphrase must be contained in the dictionary you are using to break WPA/WPA2. If it is not in the dictionary then aircrack-ng will be unable to determine the key.

Also, there is no difference between cracking WPA or WPA2 networks. The authentication methodology is basically the same between them. So the techniques you use are identical.

There’s pretty much no steps in this tutorial. All you need is the .cap file and a dictionary list.

Check out the WEP cracking tutorial, complete till step 10. Then you’ll have your .cap file which contains information about handshakes that aircrack uses to crack the key.

After you get the .cap file open up Aircrack -ng, just on the first screen find and select your .cap file, select WPA Encryption option and find and select your dictionary list. If the password is in the dictionary list, you’ll see the magic happen and the key will appear.

You can simply try googling for a Dictionary WordList, there are tons out there .Try as many as you can, and if possible compile several into one and let aircrack do it’s thing overnight. Again, cracking WPA/WPA2 is much harder so you need probability on your side to have a real chance at getting the password.

I’ve noticed that in many cases, the WPA key is simply the mobile number of our naive victim. It’s usually 10 characters, easy to remember/type and luckily for us, relatively easy to crack.

(A tutorial on creating your own wordlists easily with ‘Crunch’ can be found in the Expert category)

If you would like to see more content like this, please consider supporting me on Patreon.

go to top