There are four main ways of obtaining a wifi password:
- WEP cracking.
- WPA/WPA2 wordlist/bruteforce attack.
- WPS bruteforce / Pixie Dust.
- Evil Twin Access Point. This involves social engineering.
What you should know before getting started
- There are many compatibility issues between drivers, wifi chipsets, etc. You will need to choose a wifi card carefully if you want it to work.
- Distance matters. The farther away a target is, the harder it is to successfully attack it. A more powerful wireless card with a high gain antenna is always helpful. Some wireless cards allow you to set their transmission power. Video Demo here.
- Each target is different. You can’t expect something that works on a particular brand/model/firmware to work on any other brand/model/firmware. This is true for both access points and wifi cards.
- A password is not always enough to gain access. For example, MAC filtering may still prevent you from connecting, even though you have the correct password. MAC spoofing can usually bypass that.
- There are many, many tools available. Some will do everything for you automatically and may even have a nice graphical interface, others will require more skill and command-line knowledge. The latter group is more effective and flexible when employed successfully. The same goal can always be achieved using different tools.
Tutorials for Noobs
I will only list here popular methods using popular tools. If you’re familiar with the usual methods, skip this part.
Choose the one that suits you best.
- Using the aircrack-ng suite. (CLI)
- Using besside-ng. This tool automates a few steps. (CLI)
- Using Fern. (GUI)