Decrypt handshake using crunch - Kali Linux

Handshake Decryption 

Today you will learn How to decrypt WEP / WPA / WPA2 handshake which you captured in a .cap file indeed the best part of cracking WiFi Network security. The Captured file contain encrypted password in the form of hashes and all you need is to capture a valid Handshake of the WiFi & for this you can also read our article : How to capture WiFi Handshake

Before starting please note that you must have valid handshake because in most of the cases people fail to decrypt the password because their captured handshake is not a valid handshake so please verify that your handshake is valid. Almost 80% handshakes which are captured are valid. we will soon write an article on how to verify if the handshake is valid or not.

One of the most common way people prefer is bruteforcing handshake encryption with a wordlist or dictionary which contain all the upper case and lower case words of dictionary but today we will teach you a method for the decryption of handshake using CRUNCH and Aircrack-ng.

What is Aircrack-ng Crunch ? 

Crunch is a type of program which comes pre-loaded and ready to use in Kali Linux which is usually created for generating a wordlist with given alphabets and numbers and aircrack-ng is a famous for penetrating Wireless Networks usually used for cracking WiFi networks and combination of Crunch and Aircrack-ng will decrypt the captured handshake to crack the WiFi Password.

Success Percentage of decryption is below using different methods

  • Dictionary Attack - 65%
  • Wordlist Attack - 76%
  • Crunch Based Decryption - 100% 

Yes , Success rate with crunch based attack is 100% which means you can crack the wifi password on 100% success rate but what you will need ? can you perform this on your old lazy computer ? Answer is NO ! , you will need a High Killer machine to decrypt password using Crunch. likely the computer which have i7 processor with 8 GB RAM is enough to carry out the attack but if you will try to perform this attack on a normal or a machine who,s specifications are low is justified but it will take more time. All you need is time and patience. Higher the specifications of your machine less the time is required for decryption and Lower the specifications more time is needed.

TIP:  As this type of attack can take even days depends on the password , even it can take 8 hours or even 1 hour. Aircrack-ng and Crunch is available in Windows 0S , so if you have Windows RDP you can easily perform this attack on RDP which will help you much and will work even if your pc is switched off no need to worry about decryption its on RDP.


1- Aircrack-ng :

2- Crunch :

Lets Start 

1- Once you have captured the handshake Now open your terminal in Kali Linux 

2- Now Type the first and final command which will start its decryption
crunch 8 10 abcdefghijklmnopqrstuvwxyz | aircrack-ng -b 00:00:00:00:00:00 -w- /root/hs/handshake_file.cap

 Change the following arguments as mentioned below with your information

  • Words ( ) are alphabets 
  • -b refers to BSSID number replace it with your target BSSID no 
  • ( 8 10 ) means numbers of alphabets in range from 8 to 10 you can increase them if your number of characters are more than 10 
  • after -w- the root path where your handshake file is located 

If you want to try only numbers from 0 to 10 you can customize the command.

crunch 8 10 0123456789 | aircrack-ng -b 00:00:00:00:00:00 -w- /root/hs/handshake_file.cap

Keep in mind that it will take more time if you will increase the characters and less the characters less the time is required.

You can also try a combination of alphabets and numbers but it will take more time so to avoid long time i will suggest you to read the mind of the victim and guess what type of password he can use for example many types of people use the date of birth and name as a password and many a phone number or mobile number for this you can try only numeric based test which will save your time and more characters means more time. Try to guess the password as mentioned above which will likely increase the key,s per second and

Crunch will generate a wordlist very fast in a nano second from the given alphabets or numbers in series like after 0 there will be 1 and after 1 there will be 2 example is given below


Now crunch will generate wordlist in this way after the wordlist is generated aircrack-ng will generate its encryption and will match it with the encryption of handshake once it is matched password will be decrypted.

I hope you you liked it , also share to educate.

Visitors must follow the terms and conditions and The content provided on this page is the authority of Security Fuse and the content provided is only for educational purpose. Security Fuse is not responsible for any of the act caused by viewers after reading the content from * our aim is to provide a quality information on Cyber Security and exploitation and the knowledge is only for peace and educational purpose.
Share on Google Plus

About Ahmed Mehtab

Ahmed Mehtab is a white hat cyber security researcher , speaker , trainer and blogger at security fuse. He loves to research on cyber security issues , cyber crime and hacktivism. Quote " Being a hacker without having knowledge of programming is just like a knife without sharpness ~ Ahmed Mehtab "


  1. what if the password is consist in both form alphabat or number?

    1. simply include both abcdef012345... all numbers and alphabets and you can also include special characters too after check how many words are there and increase the number 10 to how many words which you have there. and done

  2. hmmm... main smja tah koi new method aya ha.. jo without dictionary ya brute force se ho... :(
    so if my victim password is "9@rSlAn€ArSHaD9"
    like this .. so how many days ll be requred for cracking..

    1. For this use RDP , RDP 24 ghantay mahino taq on rehta ha RDP pe kero

  3. I think you are a???????????????????????????????????????????????


  4. how dow i know how many charachters i can use?i mean i have the handshake right?so how can i know haw many chacacters it have?

    1. you can add all the alphabets and numbers including special characters but it will take more time as you will increase number of characters

  5. How to use RDP?Write detais about RDP and its using process to crack handshake...

  6. This comment has been removed by the author.

  7. Ahmed bhai what is RDP and how to use it

  8. this is no decryption, this remains just a wordlist created by crunch and piped to aircrack and success rate is not 100%, it depends on the length and the complexity of the password.
    if for example the password contains special chars,uppercase,lowercase and digit and length is more than 30 then you need years to crack it


Hi , Please take a minute to say somthing about this post