Introduction: Wifi Penetration Using Kali Linux.

Kali Linux can be used
for many things, but it probably is best known for its ability to penetration test, or “hack,” WPA and WPA2 networks. There are hundreds of Windows applications that claim they can hack WPA; don’t get them! They’re just scams, used by professional hackers, to lure newbie or wannabe hackers into getting hacked themselves. There is only one way that hackers get into your network, and that is with a Linux-based OS, a wireless card capable of monitor mode, and aircrack-ng or similar. Also note that, even with these tools, Wi-Fi cracking is not for beginners. Playing with it requires basic knowledge of how WPA authentication works, and moderate familiarity with Kali Linux and its tools, so any hacker who gains access to your network probably is no beginner.




First we need to download Kali from
If you have a 64-bit capable computer (like me), then you probably will want the 64-bit version of Kali for performance reasons. Expand the drop down menu’s to find the version you need. Select the 64-bit version ONLY if you have a 64-bit computer.

Step 2:

If you don’t have a torrent program, then click on “ISO” next to the appropriate version of Kali and select “Save” when the download notification appears in your browser and save it to a easy to remember location.If you do have a torrent program, then I highly recommend using the torrent option, as it is much faster. Click on “Torrent” next to the appropriate version of Kali and Save the “.torrent” file to an easy to remember/access location.Now open your Torrent program (I use uTorrent), click “Add new torrent,” select the “.torrent” file, and select the appropriate options to download it.Now wait for Kali to download, this might take several hours, depending on your internet speed.

Step 3:

When Kali has finished downloading, open VMware Player and click Create a new virtual MACHINE.

Step 4:

In the window that opens, select Installer disc image file (iso), browse to the location of and select the Kali Linux ISO file that you just downloaded.

Step 5:

In the next step, select a name for the virtual machine. I’m going to name it Tutorial Kali
for this tutorial. You also need to select a location for it, I recommend creating a folder called “Virtual machines” in My Documents. Then click Next.

Step 6:

step, you need to select a maximum size for Kali. I recommend doing at least 30 GB’s as Kali tends to expand over time. After you’ve entered your desired value (no less than 20 GB) change the next option to Store virtual disk as a single file and click Next.

Step 7:

In the next window, we need to customize some hardware settings, so click on the Customize Hardware… button.

Step 8:

You will now be presented with a Hardware window. Select Memory
in the left pane of the window, and slide the slider on the right side to at least 512 MB*. Since I have 8 GB of RAM on my computer, I’m going to put it at 2 GB’s (2000 Mb’s). *Note, you should give a virtual machine a maximum of half the RAM installed on your computer. If your computer has 4 GB of RAM, then the max you want to slide it to is 2 GB. If your computer has 8 GB, then you can go to a max of 4 GB, etc

Now highlight Processors in
the left pane. This option really depends on your computer, if you have multiple processors, then you can select two or more. If you have a regular computer, with two or less, then I suggest leaving this number at one.

Moving on, click on Network Adapter in the left pane. On the right side, move the dot to the Bridged (top) option. Now click on the Configure Adapters button.

In the small window that pops up, uncheck all the boxes except for the one next to your regular network adapter and hit OK.

You can now click on Close at the bottom of the Hardware window and then click on Finish in the Wizard

Step 9:

After you click Finish
the window will close and the new virtual machine file will be added to the VM library. Now all we have to do is start Kali and install it! To do this, highlight the name of the newly created virtual machine by clicking on it, and click Play virtual machine in the right pane

Step 10:

At the boot menu, use the arrow keys to scroll down to Graphical install and hit enter.

Step 11:

The next screen will ask you to select your preferred language, you can use the mouse to select this, then click Continue.

Step 12:

On the next screen, select your location and hit Continue.

It’ll now ask you for your standard keymap. If you use the standard American English keyboard, then just click Continue.

Step 13:

Wait until Kali finishes detecting the hardware on your computer. During this, you might be presented with this screen:

Step 14:

Just hit Continue and select Do not configure the network at this time on the next screen.

Step 15:

will now be asked to supply a hostname, which is kind of like a computer name. You can enter anything you want, or you can just leave it as kali. When you’re done, hit Continue.

Step 16:

Kali will now ask you to enter a password for the root (main) account. Make sure you can easily remember this password, if you forget it, you’ll have to reinstall Kali. Hit Continue after you’ve enter and re-entered the password of your choice.

Step 17:

The next step will ask you for your time zone, select it and click Continue.

Step 18:

Wait until Kali detects the disk partitions. When you are presented with the next step, select Guided – use entire disk. (this is usually the top option) then click Continue.

Step 19:

The installer will now confirm that you want to use this partition. Hit Continue

One more question about the partition will appear. Select the option that says All files in one partition and hit Continue.

Step 20:

Confirm that you want to make these changes by selecting Finish partitioning and write changes to disk. Then hit Continue.

Step 21:

The last question! Confirm that you really want to make these changes by moving the dot to Yes and hitting Continue.

Step 22:

Kali has finished installing and now you are presented with a window that asks you about a network mirror. You can just select No and hit Continue.

Step 23:

After a few minutes, the installer will ask you if you want to install GRUB boot loader. Click Yes and Continue.

Step 24:

After it restarts, and you’re shown with the “login” screen, click on “Other…

Step 25:

Type the username root in the box and press Enter or click “Log In,”

Step 26:

On the next screen, type the password that you created earlier, and press Enter or click “Log In” again.

Step 27:

If you type the password/username incorrectly, you’ll get this message

Step 28:

Just try again, and remember to use the password that you created earlier.

Step 29:


Step 30: STARTING HACKING!!!!!!!!!

Start Kali Linux and login, preferably as root.

Step 31:

Plugin your injection-capable wireless adapter, (Unless
your computer card supports it). If you’re using Kali in VMware, then you might have to connect the card via the icon in the device menu.

Step 32:

Disconnect from all wireless networks, open a Terminal, and type airmon-ng

This will list all of the wireless cards that support
monitor (not injection) mode. If no cards are listed, try disconnecting and reconnecting the card and check that it supports monitor mode. You can check if the card supports monitor mode by typing ifconfig in another terminal, if the card is listed in ifconfig, but doesn’t show up in airmon-ng, then the card doesn’t support it. You can see here that my card supports monitor mode and that it’s listed as wlan0.

Step 33:

Type airmon-ng start followed by the interface of your wireless card. mine is wlan0, so my command would be: airmon-ng start wlan0

The “(monitor mode enabled)” message means that the card
has successfully been put into monitor mode. Note the name of the new monitor interface, mon0.

A bug recently discovered in Kali Linux makes airmon-ng set the channel as a fixed “-1” when you first enable mon0. If you receive this error, or simply do not want to take the chance, follow these steps after enabling mon0: Type: ifconfig [interface of wireless card] down and hit Enter. Replace [interface of wireless card] with the name of the interface that you enabled mon0 on; probably called wlan0. This disables the wireless card from connecting to the internet, allowing it to focus on monitor mode instead. After you have disabled mon0 (completed the wireless section of the tutorial), you’ll need to enable wlan0 (or name of wireless interface), by typing: ifconfig [interface of wireless card] up and pressing Enter.

Step 34:

Type airodump-ng followed by the name of the new monitor interface, which is probably mon0

If you receive a “fixed channel –1” error, see the Edit above.

Step 35:

Airodump will now list all of the wireless networks in
your area, and lots of useful information about them. Locate your network or the network that you have permission to penetration test. Once you’ve spotted your network on the ever-populating list, hit Ctrl + C on your keyboard to stop the process. Note the channel of your target network.

Step 36:

Copy the BSSID of the target network

Now type this command:
airodump-ng -c [channel] --bssid [bssid] -w /root/Desktop/ [monitor interface] Replace [channel] with the channel of your target network. Paste the network BSSID where [bssid] is, and replace [monitor interface] with the name of your monitor-enabled interface, (mon0).

A complete command should look like this: airodump-ng -c 10 --bssid 00:14:BF:E0:E8:D5 -w /root/Desktop/ mon0

Now press enter.

Step 37:

Airodump with now monitor only the target
network, allowing us to capture more specific information about it. What we’re really doing now is waiting for a device to connect or reconnect to the network, forcing the router to send out the four-way handshake that we need to capture in order to crack the password. Also, four files should show up on your desktop, this is where the handshake will be saved when captured, so don’t delete them! But we’re not really going to wait for a device to connect, no, that’s not what impatient hackers do. We’re actually going to use another cool-tool that belongs to the aircrack suite called aireplay-ng, to speed up the process. Instead of waiting for a device to connect, hackers use this tool to force a device to reconnect by sending deauthentication (deauth) packets to the device, making it think that it has to reconnect with the router. Of course, in order for this tool to work, there has to be someone else connected to the network first, so watch the airodump-ng and wait for a client to show up. It might take a long time, or it might only take a second before the first one shows. If none show up after a lengthy wait, then the network might be empty right now, or you’re to far away from the network.

You can see in this picture, that a client has appeared on our network, allowing us to start the next step.

Step 38:

leave airodump-ng running and open a second terminal. In this terminal, type this command:
aireplay-ng –0 2 –a [router bssid] –c [client bssid] mon0 The –0 is a short cut for the deauth mode and the 2 is the number of deauth packets to send. -a indicates the access point (router)’s bssid, replace [router bssid] with the BSSID of the target network, which in my case, is 00:14:BF:E0:E8:D5. -c indicates the clients BSSID, noted in the previous picture. Replace the [client bssid] with the BSSID of the connected client, this will be listed under “STATION.” And of course, mon0 merely means the monitor interface, change it if yours is different. My complete command looks like this: aireplay-ng –0 2 –a 00:14:BF:E0:E8:D5 –c 4C:EB:42:59:DE:31 mon0

Step 39:

Upon hitting Enter, you’ll see aireplay-ng send the
packets, and within moments, you should see this message appear on the airodump-ng screen!

Step 40:

This means that the handshake has been captured, the
password is in the hacker’s hands, in some form or another. You can close the aireplay-ng terminal and hit Ctrl + C on the airodump-ng terminal to stop monitoring the network, but don’t close it yet just incase you need some of the information later.

Step 41:

This concludes the external part of this tutorial.
From now on, the process is entirely between your computer, and those four files on your Desktop. Actually, the .cap one, that is important. Open a new Terminal, and type in this command: aircrack-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap -a is the method aircrack will use to crack the handshake, 2=WPA method. -b stands for bssid, replace [router bssid] with the BSSID of the target router, mine is 00:14:BF:E0:E8:D5. -w stands for wordlist, replace [path to wordlist] with the path to a wordlist that you have downloaded. I have a wordlist called “wpa.txt” in the root folder. /root/Desktop/*.cap is the path to the .cap file containing the password, the * means wild card in Linux, and since I’m assuming that there are no other .cap files on your Desktop, this should work fine the way it is. My complete command looks like this: aircrack-ng –a2 –b 00:14:BF:E0:E8:D5 –w /root/wpa.txt /root/Desktop/*.cap

Now press Enter

Step 42:

Aircrack-ng will now launch into the process of
cracking the password. However, it will only crack it if the password happens to be in the wordlist that you’ve selected. Sometimes, it’s not. If this is the case, then you can congratulate the owner on being “Impenetrable,” of course, only after you’ve tried every wordlist that a hacker might use or make! Cracking the password might take a long time depending on the size of the wordlist. Mine went very quickly.

Step 43:

The passphrase to our test-network was “notsecure,” and you can see here that aircrack found it.
If you find the password without a decent struggle, then change your password, if it’s your network. If you’re penetration testing for someone, then tell them to change their password as soon as possible.

Step 44:

If you want to skip all these steps and wanna hack in one click! Download my AutoWifiPassRetriever tool from here -

Coded Creations

Participated in the
Coded Creations