Before going into the commands of what you need to type you need to understand the basics of what you need to do. Here is what you need to do in order (roughly):

Create a monitoring device on your computer. Presuming you have a wireless adapter on your computer you should be able to create a monitoring device. Not all devices can inject packets however which is very important.
Search for wireless access points to crack into. Although you might be able to see an AP you might not necessarily be able to sit between the router and a user, but running the following commands will determine that.
Hone in on the specific AP. You need to get some specific information about the access point and who is connected to it. You need to do this to enable you to know who to listen in on. You’re looking for the requests sent from the user to the router.
Start logging the requests hashes. Specifically the password hashes!
Start a brute force attack. You need a password list file(s) to do this. Get one!

Don’t worry if you don’t understand all of the above, all will become apparent soon.


Providing you get a result that says you have a wlan0,1,2 etc you should be ok! If you have one that says mon0,1,2 etc that skip the next step.

airmon-ng start wlan0

This will create a monitoring device. Take note of what it’s called. Should be something like mon0, mon1 etc.

airodump-ng -c 6 mon0

This will start a scan of everything you can see around you. Note that it’s using mon0 as the monitoring device and it’s on channel 6. Change these options as you see fit.

Now this is the time to do some watching. You’re looking for a wireless connection that is WPA/WPA2 enabled. Note which channel it’s on and take a note of the MAC address.

airodump-ng -c 6 --bssid 00:14:6C:7E:40:80 -w psk mon0

Use the string above to start listening in on to a specific AP. Again change the channel the MAC address and monitoring device as you see fit.

Now, this bit gets a bit complicated and cool at the same time. What you may (or may not) need to do is force users to send login requests to the router. You can do this by entering the AP MAC address and another users MAC address into the following string.
HINT: You can obtain a users MAC address from the window we last used.

aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:FD:FB:C2 mon0

Now, see the number 1 near the start? That isn’t enough i don’t believe force a users computer to send a login request to the router. However, i’ve been told it is. The truth is, if you change the ’1′ to ’9999999′ or some other ridiculous number then it’s sure to work. However, you will completely block that users connection to the internet… So, yeah. Do what you will with that command, and don’t hold me responsible!!

Anyway, by now you should have sufficient hashes for you to crack.

aircrack-ng -w password.lst -b 00:14:6C:7E:40:80 psk*.cap

This will start a brute force password file attack and eventually produce a password you can use to connect to the router.

I have not gone into great detail about what each little bit does and there is so much more you can do. This tutorial is just to get you started. If you want to know even more then go here to the lovely people who made this great product and check out their tutorials.

Have fun! Oh, and only crack into wireless devices you manage or get permission from the owner! cough cough