Using Aircrack and a Dictionary to Crack a WPA Data Capture Part 6

By | May 23, 2015


This is a multiple part series for someone new to wireless hacking, with pictures and videos.
Introduction To Kali and WiFi Pen Testing
How to Install Kali Linux
WEP Hacking
Kali Linux and Reaver
Getting a Handshake and a Data Capture, WPA Dictionary Attack
Using Aircrack and a Dictionary to Crack a WPA Data Capture
Cracking a WPA Capture with the GPU using HashCat
Next Creating a Dictionary / Wordlist with Crunch Part 8
 
Using Aircrack and a Dictionary to Crack a WPA Data Capture
 
If you have a WPA handshake capture and cannot crack it yourself then there are services online that for a price will crack it for you.
 
To get started you should already have a WPA handshake file and Kali Linux running.
 
Getting a good dictionary can be hard but finding good ones, or creating them yourself with Crunch, is necessary to try and use this method. I have setup a download section HERE with a WPA wordlist/Dictionaries that can be used if needed.
 
Keep in mind the dictionary file is only a simple text file that can be edited with any text editing program, such as notepad. Don’t use Microsoft Word or Open Office as they make changes that render a wordlist unusable.
 
If you know a person well enough you can try and type as many guesses as you can think of in a text file then use that as your dictionary.
Using Aircrack and a Dictionary to Crack a WPA Data Capture
 
The default storage for a WPA handshake is under /root and will be there under the name it was given when captured. Open a terminal window and type the command “ls” the data capture should be there. The file type we want to use is the .CAP file
 
The dictionary that we will use for this example is called dict.txt.
word list brute force attack Kali Linux
 
We will be using Aircrack to do the cracking and the command to do this is:
 
aircrack-ng (file name) -w (dictionary location)
 
Where the file name is the handshake file that was captured and the dictionary location is the path to the dictionary. The location of where these two files are and their names will be up to you.
 
The usual default location of the handshake file is under /root and is whatever name it was called when captured. We will be using a dictionary called dict.txt for this example that I copied to /root.
 
So the command for me to do this would be:
 
“aircrack-ng dlink.cap -w dict.txt”
tutorial Aircrack and a Dictionary to Crack a WPA Data Capture
 
If done right Aircrack should start and begin to try to crack the WPA handshake capture with the dictionary.
using a dictionary wordlist to crack wpa or wpa 2 wifi wireless
If the dictionary finds it, it will show as above with the “KEY FOUND” if not, then another dictionary will need to be used. For this example, I edited the text dictionary file and put the password in to show what it looks like when it is found.

 
Next Cracking a WPA Capture with the GPU using HashCat

13 thoughts on “Using Aircrack and a Dictionary to Crack a WPA Data Capture Part 6

  1. asad

    I want wordlists files which I used directly instead of making wordlists.

    Reply
  2. Chattha

    i want to specify dictionary file range.
    i.e dictionary file have 100 passwords but i want to try only first 50 passwords.
    how could i do this??? help needed

    Reply
  3. Liam

    When I try this, it says my dictionary is in the wrong format.
    This is the command I put in: aircrack-ng InsideProFull.txt -w . -b 02:18:4A:4B:DB:C0
    And this is what it spits out: Unsupported file format (not a pcap or IVs file).

    Reply
    1. WirelessHack

      Which attack are you using? The command line is wrong for a aircrack / dictionary to crack a WPA Data Capture.

      Reply
        1. WirelessHack

          A data capture of the password needs to be done first with WPA/WPA2. The old WEP was crack-able in real time, but WPA needs the capture.

          A data capture is a the password that is copied when it is transmitted. It is encrypted but will be a in a file on your computer after it is captured.

          Once you have the data capture a dictionary is used to try and brute force the password.

          Reply
          1. Liam

            Im very new to this, how do I do this or is there a video or forum that explains how to do this

            Reply
        2. Liam

          Im very new to this, how do I do this or is there a video or forum that explains how to do this

          Reply
    2. Jeremy Drahos

      Your context should be aircrack-ng -w InsideProFull.txt [capture file]
      given InsideProFull.txt is your dicttionary file….

      Reply
    3. yomama

      Supposed to be -w InsideProFull.txt and that isn’t a .cap file looks like a mac address…

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *