Hey Guys, In this article I’ll teach you how to Hack nearby WiFi routers using Kali Linux.

In the first part of WiFi hacking we will use two tools

Stack utilities of aircrack tool.

In this we’ll use 2 tools which are used under Wireless Hacking. For this I’m using AWUS036NHA Alpha Wifi Adapter. If you want to see the configuration process then click here.

Part 1 is finding nearby Devices.

Step 1: Open your terminal and type the following command

sudo airmon-ng start wlan0

Step 2(optional): then Type the following commands in terminal:



Step 3: Now type the following command to search nearby list of routers in your range.

sudo airodump-ng wlan0mon

BSSID: Mac Address of router

PWR: How near is the frequency

Beacons: Record all beacons in the dump file.

#Data: How much data is passed out.

CH: On which channel it is running

ENC: What encryption does router have mostly have WPA2

CIPHER: Encryption format

AUTH: PSK(Pre Shared Key)

ESSID: Name of WiFi router.

Now that we know how to see nearby devices Next thing will be to choose the target for executing our hacking skills on them.

Step 5: Ctrl +C to stop the process of finding and searching and Choose your target mine is with ESSID E12.

Step 6: sudo airodump-ng — bssid <bssid> — channel <ch> wlan0mon

This will show the devices connected to a particular bssid.

As you can see three devices are connected

Step 7: Next write the following command:

aireplay-ng — deauth 0 -a <bssid> wlan0mon

Step 8: type this command:

sudo aireplay-ng — deauth 25 -a <bssid> wlan0mon

This will send 25 deauth packets and after disconnecting when he will try to connect this will catch the password.

This is to disconnect all the devices. If you want to particularly disconnect 1,2 then you can use -c <station or client id> after -a in above command.

Note: Prefer disconnecting all just because sometimes it get in problem with WPA handshake. That’s why we hackers prefer disconnecting all

It’ll send exactly 25 packets.

Step 9: sudo airodump-ng — bssid <bssid> — channel <ch> — write <anyname> wlan0mon

This is how files will be stored.
Result when you try to open the .cap file.

Note: Try store this files in a folder so that it will look nice and also easy because you know where you saved it.

Now after this WPA Handshake should be written on top. If this is not showing you cannot connect or attack the wifi.

Because I’m working with adapter it will show me PKID found in place of “interface wlan0mon down”. It is showing me because I stopped the process and shutdowned the wlan0mon

If you’re not using adapter then in your case it will show WPA handshake.

Now the packet is been captured we’ll now bruteforce it.

Step 10: sudo aircrack-ng -w <password list file path> <.cap file>

Note: If you will get the password it will show PASSWORD FOUND !! just above the master Key.

If you want to shutdown wlan0mon then just type

sudo airmon-ng stop wlan0mon

Congratulations you have learned how to hack WiFi. Thanks and GOOD BYE !!!! hackers.

CyberSecurity Expert | Hacker | Trainer and mentor | CTF Player | Writeups writer