Wifi Penetration Using Kali Linux.

Introduction: Wifi Penetration Using Kali Linux.

Kali Linux can be used
for many things, but it probably is best known for its ability to penetration test, or “hack,” WPA and WPA2 networks. There are hundreds of Windows applications that claim they can hack WPA; don’t get them! They’re just scams, used by professional hackers, to lure newbie or wannabe hackers into getting hacked themselves. There is only one way that hackers get into your network, and that is with a Linux-based OS, a wireless card capable of monitor mode, and aircrack-ng or similar. Also note that, even with these tools, Wi-Fi cracking is not for beginners. Playing with it requires basic knowledge of how WPA authentication works, and moderate familiarity with Kali Linux and its tools, so any hacker who gains access to your network probably is no beginner.




First we need to download Kali from http://kali.org/downloads/.
If you have a 64-bit capable computer (like me), then you probably will want the 64-bit version of Kali for performance reasons. Expand the drop down menu’s to find the version you need. Select the 64-bit version ONLY if you have a 64-bit computer.

Step 2:

If you don’t have a torrent program, then click on “ISO” next to the appropriate version of Kali and select “Save” when the download notification appears in your browser and save it to a easy to remember location.If you do have a torrent program, then I highly recommend using the torrent option, as it is much faster. Click on “Torrent” next to the appropriate version of Kali and Save the “.torrent” file to an easy to remember/access location.Now open your Torrent program (I use uTorrent), click “Add new torrent,” select the “.torrent” file, and select the appropriate options to download it.Now wait for Kali to download, this might take several hours, depending on your internet speed.

Step 3:

When Kali has finished downloading, open VMware Player and click Create a new virtual MACHINE.

Step 4:

In the window that opens, select Installer disc image file (iso), browse to the location of and select the Kali Linux ISO file that you just downloaded.

Step 5:

In the next step, select a name for the virtual machine. I’m going to name it Tutorial Kali
for this tutorial. You also need to select a location for it, I recommend creating a folder called “Virtual machines” in My Documents. Then click Next.

Step 6:

step, you need to select a maximum size for Kali. I recommend doing at least 30 GB’s as Kali tends to expand over time. After you’ve entered your desired value (no less than 20 GB) change the next option to Store virtual disk as a single file and click Next.

Step 7:

In the next window, we need to customize some hardware settings, so click on the Customize Hardware… button.

Step 8:

You will now be presented with a Hardware window. Select Memory
in the left pane of the window, and slide the slider on the right side to at least 512 MB*. Since I have 8 GB of RAM on my computer, I’m going to put it at 2 GB’s (2000 Mb’s). *Note, you should give a virtual machine a maximum of half the RAM installed on your computer. If your computer has 4 GB of RAM, then the max you want to slide it to is 2 GB. If your computer has 8 GB, then you can go to a max of 4 GB, etc

Now highlight Processors in
the left pane. This option really depends on your computer, if you have multiple processors, then you can select two or more. If you have a regular computer, with two or less, then I suggest leaving this number at one.

Moving on, click on Network Adapter in the left pane. On the right side, move the dot to the Bridged (top) option. Now click on the Configure Adapters button.

In the small window that pops up, uncheck all the boxes except for the one next to your regular network adapter and hit OK.

You can now click on Close at the bottom of the Hardware window and then click on Finish in the Wizard

Step 9:

After you click Finish
the window will close and the new virtual machine file will be added to the VM library. Now all we have to do is start Kali and install it! To do this, highlight the name of the newly created virtual machine by clicking on it, and click Play virtual machine in the right pane

Step 10:

At the boot menu, use the arrow keys to scroll down to Graphical install and hit enter.

Step 11:

The next screen will ask you to select your preferred language, you can use the mouse to select this, then click Continue.

Step 12:

On the next screen, select your location and hit Continue.

It’ll now ask you for your standard keymap. If you use the standard American English keyboard, then just click Continue.

Step 13:

Wait until Kali finishes detecting the hardware on your computer. During this, you might be presented with this screen:

Step 14:

Just hit Continue and select Do not configure the network at this time on the next screen.

Step 15:

will now be asked to supply a hostname, which is kind of like a computer name. You can enter anything you want, or you can just leave it as kali. When you’re done, hit Continue.

Step 16:

Kali will now ask you to enter a password for the root (main) account. Make sure you can easily remember this password, if you forget it, you’ll have to reinstall Kali. Hit Continue after you’ve enter and re-entered the password of your choice.

Step 17:

The next step will ask you for your time zone, select it and click Continue.

Step 18:

Wait until Kali detects the disk partitions. When you are presented with the next step, select Guided – use entire disk. (this is usually the top option) then click Continue.

Step 19:

The installer will now confirm that you want to use this partition. Hit Continue

One more question about the partition will appear. Select the option that says All files in one partition and hit Continue.

Step 20:

Confirm that you want to make these changes by selecting Finish partitioning and write changes to disk. Then hit Continue.

Step 21:

The last question! Confirm that you really want to make these changes by moving the dot to Yes and hitting Continue.

Step 22:

Kali has finished installing and now you are presented with a window that asks you about a network mirror. You can just select No and hit Continue.

Step 23:

After a few minutes, the installer will ask you if you want to install GRUB boot loader. Click Yes and Continue.

Step 24:

After it restarts, and you’re shown with the “login” screen, click on “Other…

Step 25:

Type the username root in the box and press Enter or click “Log In,”

Step 26:

On the next screen, type the password that you created earlier, and press Enter or click “Log In” again.

Step 27:

If you type the password/username incorrectly, you’ll get this message

Step 28:

Just try again, and remember to use the password that you created earlier.

Step 29:


Step 30: STARTING HACKING!!!!!!!!!

Start Kali Linux and login, preferably as root.

Step 31:

Plugin your injection-capable wireless adapter, (Unless
your computer card supports it). If you’re using Kali in VMware, then you might have to connect the card via the icon in the device menu.

Step 32:

Disconnect from all wireless networks, open a Terminal, and type airmon-ng

This will list all of the wireless cards that support
monitor (not injection) mode. If no cards are listed, try disconnecting and reconnecting the card and check that it supports monitor mode. You can check if the card supports monitor mode by typing ifconfig in another terminal, if the card is listed in ifconfig, but doesn’t show up in airmon-ng, then the card doesn’t support it. You can see here that my card supports monitor mode and that it’s listed as wlan0.

Step 33:

Type airmon-ng start followed by the interface of your wireless card. mine is wlan0, so my command would be: airmon-ng start wlan0

The “(monitor mode enabled)” message means that the card
has successfully been put into monitor mode. Note the name of the new monitor interface, mon0.

A bug recently discovered in Kali Linux makes airmon-ng set the channel as a fixed “-1” when you first enable mon0. If you receive this error, or simply do not want to take the chance, follow these steps after enabling mon0: Type: ifconfig [interface of wireless card] down and hit Enter. Replace [interface of wireless card] with the name of the interface that you enabled mon0 on; probably called wlan0. This disables the wireless card from connecting to the internet, allowing it to focus on monitor mode instead. After you have disabled mon0 (completed the wireless section of the tutorial), you’ll need to enable wlan0 (or name of wireless interface), by typing: ifconfig [interface of wireless card] up and pressing Enter.

Step 34:

Type airodump-ng followed by the name of the new monitor interface, which is probably mon0

If you receive a “fixed channel –1” error, see the Edit above.

Step 35:

Airodump will now list all of the wireless networks in
your area, and lots of useful information about them. Locate your network or the network that you have permission to penetration test. Once you’ve spotted your network on the ever-populating list, hit Ctrl + C on your keyboard to stop the process. Note the channel of your target network.

Step 36:

Copy the BSSID of the target network

Now type this command:
airodump-ng -c [channel] --bssid [bssid] -w /root/Desktop/ [monitor interface] Replace [channel] with the channel of your target network. Paste the network BSSID where [bssid] is, and replace [monitor interface] with the name of your monitor-enabled interface, (mon0).

A complete command should look like this: airodump-ng -c 10 --bssid 00:14:BF:E0:E8:D5 -w /root/Desktop/ mon0

Now press enter.

Step 37:

Airodump with now monitor only the target
network, allowing us to capture more specific information about it. What we’re really doing now is waiting for a device to connect or reconnect to the network, forcing the router to send out the four-way handshake that we need to capture in order to crack the password. Also, four files should show up on your desktop, this is where the handshake will be saved when captured, so don’t delete them! But we’re not really going to wait for a device to connect, no, that’s not what impatient hackers do. We’re actually going to use another cool-tool that belongs to the aircrack suite called aireplay-ng, to speed up the process. Instead of waiting for a device to connect, hackers use this tool to force a device to reconnect by sending deauthentication (deauth) packets to the device, making it think that it has to reconnect with the router. Of course, in order for this tool to work, there has to be someone else connected to the network first, so watch the airodump-ng and wait for a client to show up. It might take a long time, or it might only take a second before the first one shows. If none show up after a lengthy wait, then the network might be empty right now, or you’re to far away from the network.

You can see in this picture, that a client has appeared on our network, allowing us to start the next step.

Step 38:

leave airodump-ng running and open a second terminal. In this terminal, type this command:
aireplay-ng –0 2 –a [router bssid] –c [client bssid] mon0 The –0 is a short cut for the deauth mode and the 2 is the number of deauth packets to send. -a indicates the access point (router)’s bssid, replace [router bssid] with the BSSID of the target network, which in my case, is 00:14:BF:E0:E8:D5. -c indicates the clients BSSID, noted in the previous picture. Replace the [client bssid] with the BSSID of the connected client, this will be listed under “STATION.” And of course, mon0 merely means the monitor interface, change it if yours is different. My complete command looks like this: aireplay-ng –0 2 –a 00:14:BF:E0:E8:D5 –c 4C:EB:42:59:DE:31 mon0

Step 39:

Upon hitting Enter, you’ll see aireplay-ng send the
packets, and within moments, you should see this message appear on the airodump-ng screen!

Step 40:

This means that the handshake has been captured, the
password is in the hacker’s hands, in some form or another. You can close the aireplay-ng terminal and hit Ctrl + C on the airodump-ng terminal to stop monitoring the network, but don’t close it yet just incase you need some of the information later.

Step 41:

This concludes the external part of this tutorial.
From now on, the process is entirely between your computer, and those four files on your Desktop. Actually, the .cap one, that is important. Open a new Terminal, and type in this command: aircrack-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap -a is the method aircrack will use to crack the handshake, 2=WPA method. -b stands for bssid, replace [router bssid] with the BSSID of the target router, mine is 00:14:BF:E0:E8:D5. -w stands for wordlist, replace [path to wordlist] with the path to a wordlist that you have downloaded. I have a wordlist called “wpa.txt” in the root folder. /root/Desktop/*.cap is the path to the .cap file containing the password, the * means wild card in Linux, and since I’m assuming that there are no other .cap files on your Desktop, this should work fine the way it is. My complete command looks like this: aircrack-ng –a2 –b 00:14:BF:E0:E8:D5 –w /root/wpa.txt /root/Desktop/*.cap

Now press Enter

Step 42:

Aircrack-ng will now launch into the process of
cracking the password. However, it will only crack it if the password happens to be in the wordlist that you’ve selected. Sometimes, it’s not. If this is the case, then you can congratulate the owner on being “Impenetrable,” of course, only after you’ve tried every wordlist that a hacker might use or make! Cracking the password might take a long time depending on the size of the wordlist. Mine went very quickly.

Step 43:

The passphrase to our test-network was “notsecure,” and you can see here that aircrack found it.
If you find the password without a decent struggle, then change your password, if it’s your network. If you’re penetration testing for someone, then tell them to change their password as soon as possible.

Step 44:

If you want to skip all these steps and wanna hack in one click! Download my AutoWifiPassRetriever tool from here - geekofrandom.blogspot.com

Coded Creations

Participated in the
Coded Creations

Be the First to Share


    • Microcontroller Contest

      Microcontroller Contest
    • Back to School: Student Design Challenge

      Back to School: Student Design Challenge
    • Fandom Contest

      Fandom Contest



    5 years ago

    I'll vote if you use fewer exclamation points ;)


    I am liking this instructable a lot! Just a few questions though because I am a hacker noob who only knows how to type sudo poweroff or reboot into a terminal.

    Can this process take place on a different Linux based system like Pentoo (that's the one I have) or ubunto? Or is Kali just the best one to do it with?

    Second, where on earth can a complete newbie like me learn how to code? the internet does a bad job of helping me with that. Im trying to find out how to do things with Linux for a start.

    Last, would you happen to know anything about RF hacking? I recently bought a HackRF One in hopes I could learn to use it.

    Thanks, and I voted for you.


    Reply 7 years ago on Introduction




    NO ITS BAD ONE TRY THIS!!!!!!!!!:)



    Reply 5 years ago

    1. Wrong. They are Linux programs, therefore they can be used on any Linux version.

    2. Great site!


    Reply 7 years ago on Introduction

    Kali is a flavor of Linux. it is just a collection off tools on a type of Linux. the tools themselves can be installed on any Linux distro that is compatable with Kali, such as FreeBSD or redhat. I am unsure at this moment which Linux they use so you would have to find out. then it is a matter of using the software install functions in that Linux to install the specific tools Kali comes with by default. I believe Kali even have links to their install hubs that you can add to your Linux to get said tools.


    Reply 5 years ago

    FreeBSD is not a Linux distro. It's pure Unix. More specifically, it's the current incarnation of the BSD branch, the only surviving one.


    Reply 7 years ago on Introduction

    Oh, I also have a raspberry pi if you know where I could learn to use one of them. If you don't know that's alright because there is a lot of stuff on the internet about those.


    7 years ago on Introduction

    i want to vote but does this work on windows vista


    7 years ago

    Very concise, learned more from this than from a dozen articles, instructionals etcetera. Thank you for your time and effort.


    Reply 7 years ago on Introduction

    Thanks for the compliment !!!!!!!!!!!!!!!!!

    Made me happy!!!


    7 years ago on Introduction

    there is a tool called "crunch" which generates bunch of "words" for aircrack to try. with the predefined options, it can be set to make aaz aba abb abc and so on. options can be including symbols, spaces and numbers. with the WPA minimum digits 8 - 24 , it can take FOREVER.


    7 years ago on Introduction

    this is a very helpful and thought out how-to. I would like to point out that when you talk about Wi-Fi it is never "secure" only more secure than someone else's. there is a big difference. all it takes is time and someone can or will get into the Wi-Fi. you have many tips in the comments on how to get more secure and they are great tips.

    one of the tips for passwords you say make it complex. this is not exactly correct. you should make it LONG. for every bit you add to the length of a password you double the amount of time it takes to brute force break the password. i.e. hack takes less than a second but hacks would take about a second. and when you get to 15+ characters your into years to break. so everyone make your passwords very long but easily remembered and your more secure than something with special characters and numbers.


    Reply 7 years ago on Introduction

    also you should tell people that any Wi-Fi they wish to "hack" with these methods they should have permission to access said Wi-Fi. to do so without permission is against the law and can carry many years in federal prison and high fines. the U.S. alone is making as many examples of people as it can with cyber crimes.


    Reply 7 years ago on Introduction

    THANK YOU !!!!!


    PLEASE VOTE!!!!!


    7 years ago

    I will vote for you if you could answer one question... What's the best way to keep from getting hacked? Is not broadcasting your WiFi identifier a good solution?


    Reply 7 years ago on Introduction

    The good news is that it is not very hard to make your wireless
    network secure, which will both prevent others from stealing your
    internet and will also prevent hackers from taking control of your
    computers through your own wireless network.

    Here a few simple things that you should to secure your wireless network:

    Step 1. Open your router settings page

    you need to know how to access your wireless router’s settings. Usually
    you can do this by typing in “” into your web browser, and
    then enter the correct user name and password for the router. This is
    different for each router, so first check your router’s user manual.

    can also use Google to find the manuals for most routers online in case
    you lost the printed manual that came with your router purchase. For
    your reference, here are direct links to the manufacturer’s site of some
    popular router brands – Linksys, Cisco, Netgear, Apple AirPort, SMC, D-Link, Buffalo, TP-LINK, 3Com, Belkin.

    Step 2. Create a unique password on your router

    you have logged into your router, the first thing you should do to
    secure your network is to change the default password* of the router to
    something more secure.

    This will prevent others from accessing
    the router and you can easily maintain the security settings that you
    want. You can change the password from the Administration settings on
    your router’s settings page. The default values are generally admin /

    [*] What do the bad guys use –This is a public database
    of default usernames and passwords of wireless routers, modems,
    switches and other networking equipment. For instance, anyone can easily
    make out from the database that the factory-default settings for
    Linksys equipment can be accessed by using admin for both username and
    password fields.

    Step 3. Change your Network’s SSID name

    SSID (or Wireless Network Name) of your Wireless Router is usually
    pre-defined as “default” or is set as the brand name of the router
    (e.g., linksys). Although this will not make your network inherently*
    more secure, changing the SSID name of your network is a good idea as it
    will make it more obvious for others to know which network they are
    connecting to.

    This setting is usually under the basic wireless
    settings in your router’s settings page. Once this is set, you will
    always be sure that you are connecting to the correct Wireless network
    even if there are multiple wireless networks in your area. Don’t use
    your name, home address or other personal information in the SSID name.

    Also see: Change Network Name to Prevent Wi-Fi Theft

    [*] What do the bad guys use –Wi-Fi scanning tools like inSSIDer (Windows) and Kismet
    (Mac, Linux) are free and they will allow anyone to find all the
    available Wireless Networks in an area even if the routers are not
    broadcasting their SSID name.

    Step 4. Enable Network Encryption

    In order to prevent other computers in the area from using your internet connection, you need to encrypt your wireless signals.

    There are several encryption methods for wireless settings, including WEP, WPA (WPA-Personal), and WPA2
    (Wi-Fi Protected Access version 2). WEP is basic encryption and
    therefore least secure (i.e., it can be easily cracked*, but is
    compatible with a wide range of devices including older hardware,
    whereas WPA2 is the most secure but is only compatible with hardware
    manufactured since 2006.

    enable encryption on your Wireless network, open the wireless security
    settings on your router’s configuration page. This will usually let you
    select which security method you wish to choose; if you have older
    devices, choose WEP, otherwise go with WPA2. Enter a passphrase to
    access the network; make sure to set this to something that would be
    difficult for others to guess, and consider using a combination of
    letters, numbers, and special characters in the passphrase.

    [*] What do the bad guys use AirCrack and coWPAtty
    are some free tools that allow even non-hackers to crack the WEP / WPA
    (PSK) keys using dictionary or brute force techniques. A video on YouTube suggests that AirCrack may be easily used to break WiFi encryption using a jail-broken iPhone or an iPod Touch.

    Step 5. Filter MAC addresses

    Whether you have a laptop or a Wi-Fi enabled mobile phone, all your wireless devices have a unique MAC address
    (this has nothing to do with an Apple Mac) just like every computer
    connected to the Internet has a unique IP address. For an added layer of
    protection, you can add the MAC addresses of all your devices to your
    wireless router’s settings so that only the specified devices can
    connect to your Wi-Fi network.

    MAC addresses are hard-coded into
    your networking equipment, so one address will only let that one device
    on the network. It is, unfortunately, possible to spoof a MAC address*,
    but an attacker must first know one of the MAC addresses of the
    computers that are connected to your Wireless network before he can
    attempt spoofing.

    To enable MAC address filtering, first make a
    list of all your hardware devices that you want to connect to your
    wireless network**. Find their MAC addresses, and then add them to the
    MAC address filtering in your router’s administrative settings. You can
    find the MAC address for your computers by opening Command Prompt and
    typing in “ipconfig /all”, which will show your MAC address beside the
    name “Physical Address”. You can find the MAC addresses of Wireless
    mobile phones and other portable devices under their network settings,
    though this will vary for each device.

    [*] What do the bad guys use
    Someone can change the MAC address of his or her own computer and can
    easily connect to your network since your network allows connection from
    devices that have that particular MAC address. Anyone can determine the
    MAC address of your device wireless using a sniffing tool like Nmap and he can then change the MAC address of his own computer using another free tool like MAC Shift.

    Step 6. Reduce the Range of the Wireless Signal

    your wireless router has a high range but you are staying in a small
    studio apartment, you can consider decreasing the signal range by either
    changing the mode of your router to 802.11g (instead of 802.11n or
    802.11b) or use a different wireless channel.

    You can also try placing the router under the bed, inside a shoe box or wrap a foil around the router antennas so that you can somewhat restrict the direction of signals.

    Apply the Anti-Wi-Fi Paint – Researchers have developed
    a special Wi-Fi blocking paint that can help you stop neighbors from
    accessing your home network without you having to set up encryption at
    the router level. The paint contains chemicals that blocks radio signals
    by absorbing them. “By coating an entire room, Wi-Fi signals can’t get
    in and, crucially, can’t get out.”

    Step 7. Upgrade your Router’s firmware

    should check the manufacturer’s site occasionally to make sure that
    your router is running the latest firmware. You can find the existing
    firmware version of your router using from the router’s dashboard at

    Connect to your Secure Wireless Network

    conclude, MAC Address filtering with WPA2 (AES) encryption (and a really
    complex passphrase) is probably the best way to secure your wireless

    Once you have enabled the various security settings in
    your wireless router, you need to add the new settings to your computers
    and other wireless devices so that they all can connect to the Wi-Fi
    network. You can select to have your computer automatically connect to
    this network, so you won’t have to enter the SSID, passphrase and
    other information every time you connect to the Internet.

    Your wireless network will now be a lot more secure and intruders may have a tough time intercepting your Wi-Fi signals.