Hey Everyone, before getting started i would like to tell this maybe this method is old but it still work for many WIFI moreover this is a BASIC hacking tutorial, Stick with us and i will surely be posting some advanced tutorial in our other category i.e. - https://www.skylinegeek.com/forums/advanced-hacking-guide.14/ today i will be showing you how to Crack a WPA2 password, this is for educational purposes only and i'm in no way responsible for how you use this information. Well to start i'm going to show you how i Crack my own WiFi password and ill show you the soft ware and tools i use i will post links below. First i would Highly recommend buying a Alfa AWUSO36H Network adapter the reason being most network adapters be it prebuilt into a laptop or some such as netgear network adapters do not work well with the software and will not let you crack any wifi passwords. now some network adapters do work, i do not have a list of which ones do so i would recommend trying yours (if you have one already). but if worst comes to worst Get the Alfa AWUSO36H Network adapter it works great its the one i use and i bought it on eBay for 12 bucks so not to bad. Next your going to need to download a program called oracle VM virtualbox which you can download at ( http://download.cnet.com/VirtualBox/3000...2624.html) Next your going to need to download Kali Linux (http://www.kali.org/downloads/) and download according to your operating system (32bit or 64bit) Now you will have to open up virtual box and install Kali Linux to it. Once installed if you have the Alfa Network adapter that i was recommending you will have to make 3 easy quick changes in the setting options. First, click on the settings option in virtual box, go to system, then click on the processor tab, and put a check mark on Enable PAE/NX. Second, click on settings once again, put a check mark next to "Enable Network Adapter", then for the "attached to" option select "Bridged Adapter" and then select the name of the adapter. and under "advanced" make sure "cable connected" has a check mark. Third, go to settings once again, go to the "USB Tab" and make sure the 2 boxes have check marks and add the network adapter NOW were ready to begin!! now that everything is all installed and your settings are in tact go ahead and fire up Kali Linux and log on. Note: if you have trouble logging on the default user name is "root" and then the password that you created. Next, open up the root box. TIP: in order to open up the Root box, you will notice something that looks like a laptop screen it is to the right of "applications and places" click it and a window will open. Now we will have to type in a series of codes ill try to be as detailed as possible. First Code (do not use my quotation marks at the beginning and end of codes) "airmon-ng start wlan0" your computer will now enter monitor mode. you will see a couple of things that pop up with it, one should say "network manager" and a code to the left of it next code will be "kill Network manager" (use the code to the left instead of typing network manager) example, "kill 4356" Next code "airodump-ng mon0" the card will start listen to networks, wait 'till your essid appear which has to be WPA or WPA2 encoded the one in this tutoral is INFINITUMCBA277 so select yours now that you have the MAC address and the ch# Now this is how the next basic code should look just so you get a little understanting airodump-ng -c CH# --bssid 'YOURMACADDRESS' -w ESSID mon0 <<<<<. not actual code) Now this is how the same code will look with your proper information in it. "airodump-ng -c 6 --bssid 58:98:35:CB:A2:77 -w INFINITUMCBA277 mon0" Note! the -c stands for channel, your channel may be different so change accordingly. and obviously your bssid will be different from this one as well, Essid is the name of your internet connection "Netgear, century link etc...". so now we wait forever for a handshake or we can deauthenticate a client to obtain a handshake in order to do that we must have the MAC of the client: For your understanding this is the basics of the code "aireplay-ng -0 20 -a 'YOURMACADDRESS' -c 'CLIENTSMACADDRESS' mon0" How it should actually look "aireplay-ng -0 20 -a 58:98:35:CB:A2:77 -c 70: D4:F2:91:AE:67 mon0" Note! The mac of the client i circled in red will always be to the right of your BSSID (again yours will look different) once the user is deauthenticated and reconnect we'll obtain the handshake if the command didn't work, well... try again (if after u did the deauthenticate command noting seems to happend... maybe you are too far from the client 'cause this command goes directly to the client's connection.) :frown: you will see something like: WPA handshake 58:98:35:CB:A2:77 so now we use crunch we wil use the *.cap file were the handshake was saved In order to get to the .cap file you will have to click the computer icon in kali Linux and click on the home tab, there you should see a .cap file in some cases it may say .cap1 .cap2 etc.. drag and drop it to the kali linux desktop. For your understanding this is how your next code is broken down "crunch 8 8 0123456789 | aircrack-ng -a 2 'HOME-TC-FILE-CAP' -e 'ESSID' -b 'HANDSHAKE' -w -" this will be the actual code "crunch 8 8 0123456789 | aircrack-ng -a 2 /home/tc/INFINITUMCBA277-02.cap -e INFINITUMCBA277 -b 58:98:35:CB:A2:77 -w -" Note! after typing "-a 2 " just drag and drop the . cap file in there and then continue with the rest of the code. Then you just have to wait for crunch and aircrack-ng to verify each combination. Now depending on how long and complicated the password is, it can take anywhere from 1 minute to 3 days. (i know, kind of a long time to wait) but thats only if the password is 64 characters long. but if for some reason your locked out of your internet or other reasons it may very well be worth the wait.. Now im going to go over the last code so you can adjust it to your needs this part is important. Code: "crunch 8 8 0123456789 | aircrack-ng -a 2 /home/tc/INFINITUMCBA277-02.cap -e INFINITUMCBA277 -b 58:98:35:CB:A2:77 -w -" So we start with the first instruction: crunch is the wordlist generator :tongue:crunch 8 8 crunch 8 8 Second: the '8 8' is for the length of the word in characters, the first '8' indicates starting length and the second '8' the ending length. So if you want to test your security with 16 characters password you can change to '16 16,' or '8 16.' crunch 8 8 0123456789 Third: '0123456789' this is the list of characters to include in the wordlist for a numeric password. note: 75 % of users use numeric passwords. but you can also try something like: '01234567890abcdefghijklf' by using an alphanumeric wordlist the time will increase as this is a brute force method. Note: some passwords have Capital letters so your code could look like this as well [email protected]#$%^&*(). pretty much anything you can use in a password you would want to add to the list. BUT the longer the list, the longer it takes to complete. 0123456789 | aircrack-ng Fourth: this symbol is very important --> | <-- as it indicates the end of instructions for crunch and the new instructions for aircrack-ng. Last but not least: the place were the .cap file is has to be accurate :idea Well there's a lot of program that do things like this, i just like it better to do it by myself :biggrin:. Well this is it, let me know if you find this post useful. Thanks again everyone for sticking with me this far haha this will be my first official tutorial so i know the post doesn't look that great, ill try to come back and edit it to pretty it up a bit. Credit too mrmanuelmtz for practicality teaching me how to do this and helping with this tut.