Wi-Fi Hacking: From Handshake Capture to Password Cracking (WPA2)

Tim — Tue, 10 Mar 2026 06:32:38 +0000

This article describes step by step the process of hacking a Wi-Fi network using Kali Linux and tools such as aircrack-ng and hashcat.

The main stages include enabling monitor mode, capturing a handshake using a deauthentication attack, converting the capture file using hashcat.net/cap2hashcat, and brute-forcing the password using wordlists.

The method works mainly against weak passwords and should only be tested on networks you own.

Preparation
Step 1: Monitoring the Air
Step 2: Capturing the Handshake
Step 3: Converting the Capture File
Step 4: Brute Force with Hashcat
Wordlists
Conclusion

Preparation

First update the repositories and obtain superuser privileges:

sudo su
apt update && apt upgrade

Step 1: Monitoring the Air

Switch the network adapter to monitor mode so it can capture all packets within range.

Check your wireless interface:

iwconfig

Look for the name of your Wi-Fi adapter (usually wlan0).

Enable monitor mode:

airmon-ng start wlan0

The interface name will usually change to wlan0mon.

Now scan for nearby networks:

airodump-ng wlan0mon

Look for the following information:

BSSID — router MAC address
CH — channel

Step 2: Capturing the Handshake

To recover the password we must capture a WPA handshake, which happens when a client connects to the router.

Start packet capture:

airodump-ng --bssid {MAC} -c {CH} --write WPAcrack wlan0mon

Speeding up the process (Deauth attack)

To avoid waiting for a client to reconnect, we can force a temporary disconnection:

aireplay-ng --deauth 20 -a {MAC} wlan0mon

When the message WPA Handshake appears in the top corner of airodump-ng, the capture is successful.

Step 3: Converting the Capture File

The .cap file captured by airodump-ng contains a lot of additional network traffic.

Hashcat cannot use it directly, so it must be converted.

Official converter:

https://hashcat.net/cap2hashcat/

Steps:

Upload the file WPAcrack-01.cap
The service analyzes the capture
It generates a file with extension .hc22000

This file contains the cleaned hash ready for password cracking.

If the .cap file contains several handshakes, the service may detect multiple networks.

Step 4: Brute Force (Hashcat)

Now we move to the most resource-intensive step — password cracking using GPU acceleration.

Use hash mode 22000, which is the modern WPA standard.

Example command:

hashcat.exe -m 22000 WPAcrack.hc22000 -a0 ../rockyou.txt ../3WiFi_cnt_WiFiKey.txt

To display the cracked password:

hashcat.exe -m 22000 WPAcrack.hc22000 --show

Wordlists

Password recovery depends heavily on the quality of the wordlist.

Common sources include:

rockyou.txt
custom generated dictionaries
community wordlists

Wordlist Collection

Conclusion

This method works mainly against simple passwords that exist in wordlists such as rockyou.

Strong passwords with random characters are significantly harder to crack.

⚠️ Important

Perform tests only on networks you own.

Unauthorized access to other networks may violate the law.

Kali Linux Live USB with Persistence — Complete Guide

Tim — Tue, 10 Mar 2026 06:09:02 +0000

Kali Linux Live with persistence allows you to run the system directly from a USB drive while saving changes such as files, installed programs, and system settings.

This method is useful if you want a portable penetration testing environment without installing Kali Linux on your computer.

What You Need
Creating the Bootable USB in Rufus
Secure Boot
Booting Kali Linux
Testing Persistence
Conclusion

What You Need

Before starting, prepare the following:

USB flash drive 16–32 GB (32 GB recommended)
Official Kali Linux ISO
Rufus

Creating the Bootable USB in Rufus

Open Rufus and configure the following settings:

Boot selection — Kali Linux ISO
Partition scheme
- GPT — for UEFI systems
- MBR — for compatibility
File system — NTFS (default)
Persistence partition size — 8–20 GB

Click Start and select:

ISO Image mode (Recommended)

If Rufus asks about installing GRUB, click Yes.

![Rufus settings for creating a Kali Linux Live USB with persistence]

Secure Boot

Secure Boot can usually remain enabled since Kali often runs without issues.

However, for better compatibility with Wi-Fi adapters and drivers it is recommended to disable it.

Example BIOS path to disable Secure Boot

BIOS → Security → Secure Boot → Disable

Booting Kali Linux

When booting from the USB drive, select:

Live system with persistence

This mode ensures that all system changes will be saved.

Testing Persistence

To verify that persistence works:

Create a file on the desktop
Reboot the computer
Select Live system with persistence again

If the file remains after reboot — persistence works correctly.

Conclusion

Kali Linux Live with persistence is a portable cybersecurity laboratory that allows you to use Kali without installing it on your hard drive while keeping all system changes.

If you found this guide helpful, consider following my profile for more cybersecurity tutorials.

Future guides will include:

Wi-Fi security testing
Kali Linux tools
Network scanning with Nmap

DEV Community: Tim

Wi-Fi Hacking: From Handshake Capture to Password Cracking (WPA2)

Table of Contents

Preparation

Step 1: Monitoring the Air

Step 2: Capturing the Handshake

Speeding up the process (Deauth attack)

Step 3: Converting the Capture File

Step 4: Brute Force (Hashcat)

Wordlists

Conclusion

Kali Linux Live USB with Persistence — Complete Guide

Table of Contents

What You Need

Creating the Bootable USB in Rufus

Secure Boot

Booting Kali Linux

Testing Persistence

Conclusion