> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-18/802.11/wpa-cracking/trick-0195.md).

# WPA PSK Cracking from PCAP

***

Crack a WPA/WPA2 Pre-Shared Key offline if you have captured a 4-way handshake in a PCAP file. Use `aircrack-ng` with a dictionary file. The input file must contain the complete handshake between a client and the AP for `aircrack-ng` to attempt the crack.

To perform a dictionary attack against WPA/WPA2, you typically specify the capture file containing the handshake and the wordlist file.

One common command format is:

```bash
aircrack-ng -w <wordlist> <capture file>
```

In this format, the dictionary file is specified using the `-w` flag. The capture file containing the packets and the WPA handshake is provided as the final argument.

Another way to specify the attack, often including the BSSID and attack type, is:

```bash
aircrack-ng -a 2 -b <bssid> -w <wordlist> <capture file>
```

Here, `-a <type>` specifies the attack type. Use `2` for WPA/WPA2 dictionary attack. The `-b <bssid>` flag is used to specify the BSSID (MAC address) of the target access point. The `-w <wordlist>` flag points to the dictionary file. The capture file is the file containing the packets and the WPA handshake.
