Today we have an amazing tutorial, Cracking WPA/WPA2 with Kali Linux using Crunch before that you have to capture handshake which will be .cap file extension. The capture file contains encrypted password in the form of hashes.

Don’t miss: Making a Perfect Custom Wordlist Using Crunch

Before reading this tutorial you guys might be trying to Bruteforce handshake or dictionary attack. but most of the time you’ve failed because the wordlist which you have didn’t contains that password and Bruteforce is not recommended because it will take ages to crack a common password.

Also Read: What is Crunch? How to Create Wordlist Using it!

But today I’ll be teaching you how to use Crunch and Aircrack-ng together to accomplish the same task.

What is crunch?

Crunch can be used to build custom wordlist, hackers use that tool to create targeted wordlist for there victims and brute force their passwords. You can create custom wordlist using crunch to break into someone’s wifi password if you have collected some information using social engineering.

What specifications computer do you need?

The most recommended will be core i7 with 16GB ram OR more and it can also use GPU power to speed up password cracking with aircrack-ng. But what if you have old laptop or computer? the answer to this is: Crunch will be slower and aircrack-ng will be cracking fewer passwords per sec.

Stuff you need:

If you’re using Kali Linux then you don’t have to download anything. But if you’re using MacOS, Windows or other versions of Linux then you probably have to install these tools.

Cracking WPA/WPA2 With Kali Linux Using Crunch – Part 1

Cracking WPA/WPA2 With Kali Linux Using Crunch – Part 2

Cracking WPA/WPA2 With Kali Linux Using Crunch Cheatsheet

For Kali Linux cheat sheet Download here: https://github.com/NoorQureshi/kali-linux-cheatsheet

Change the following arguments as mentioned below with your information

  • Words ( abcdefg…..xyz ) are alphabets
  • -b refers to BSSID number replace it with your target BSSID no
  • ( 8 10 ) means numbers of alphabets in range from 8 to 10 you can increase them if your number of characters are more than 10
  • after -w- the root path where your handshake file is located
If you want to try only numbers from 0 to 10 you can customize the command.

Keep in mind that it will take more time if you will increase the characters and less the characters less the time is required.You can also try a combination of alphabets and numbers but it will take more time so to avoid long time i will suggest you to read the mind of the victim and guess what type of password he can use for example many types of people use the date of birth and name as a password and many a phone number or mobile number for this you can try only numeric based test which will save your time and more characters means more time. Try to guess the password as mentioned above which will likely increase the key,s per second and

You can also try a combination of alphabets and numbers but it will take more time so to avoid long time i will suggest you to read the mind of the victim and guess what type of password he can use for example many types of people use the date of birth and name as a password and many a phone number or mobile number for this you can try only numeric based test which will save your time and more characters means more time. Try to guess the password as mentioned above which will likely increase the key,s per second andCrunch will generate a wordlist very fast in a nano second from the given alphabets or numbers in series like after 0 there will be 1 and after 1 there will be 2 example is given below

Crunch will generate a wordlist very fast in a nanosecond from the given alphabets or numbers in series like after 0 there will be 1 and after 1 there will be 2 example is given below

0
01
012
0123
01234
012345
0123456
01234567
012345678
0123456789

Now crunch will generate wordlist in this way after the wordlist is generated aircrack-ng will generate its encryption and will match it with the encryption of handshake once it is matched password will be decrypted.