0Pricing
Cyber Security Academy · Lesson

WPA2 Handshake Capture and Cracking

Capture a 4-way handshake with aircrack-ng and attempt dictionary attacks with Hashcat.

The 4-Way Handshake

When a client connects to a WPA2 network, the 4-way handshake derives the Pairwise Transient Key (PTK) from the PMK (derived from the PSK) and random nonces. Capturing this handshake enables offline password cracking.

Setting Up Monitor Mode

Monitor mode allows the wireless card to capture all frames regardless of destination — necessary for passive handshake capture. Only works with cards supporting monitor mode.

# Check wireless interface
iwconfig

# Enable monitor mode
sudo airmon-ng start wlan0
# Creates: wlan0mon

# Kill interfering processes first:
sudo airmon-ng check kill

All lessons in this course

  1. 802.11 Security Protocols: WEP, WPA2, WPA3
  2. WPA2 Handshake Capture and Cracking
  3. Evil Twin and Captive Portal Attacks
  4. Enterprise Wi-Fi: EAP and RADIUS
← Back to Cyber Security Academy