Aircrack-ng is a popular suite of tools used for wireless network auditing, particularly for cracking WEP and WPA/WPA2-PSK encryption keys. It allows security professionals to assess the security of wireless networks and identify vulnerabilities. Here's a step-by-step tutorial to help you get started with Aircrack-ng
Note: Please ensure you have proper authorization and permission before attempting any wireless network auditing.
Wireless Card Compatibility:
- Aircrack-ng requires a wireless network adapter capable of packet injection and monitoring. Ensure your wireless card supports these features. You can check compatibility on the Aircrack-ng website or community forums.
Installation:
- Start by installing Aircrack-ng on your system. It is available for various operating systems, including Linux, macOS, and Windows.
- Refer to the Aircrack-ng documentation or the installation instructions specific to your operating system for detailed steps.
Capture Packets:
- Put your wireless card into monitor mode to capture packets. Use the following command in Linux:
airmon-ng start <interface>
, where<interface>
is the name of your wireless card interface. - Confirm that your wireless card is in monitor mode by running
iwconfig
orifconfig
and verifying the presence of a monitor mode interface (e.g.,mon0
).
- Put your wireless card into monitor mode to capture packets. Use the following command in Linux:
Scan for Networks:
- Use the
airodump-ng
tool to scan for nearby wireless networks. Run the following command:airodump-ng <monitor_interface>
. - A list of available wireless networks, along with their details, will be displayed. Take note of the target network's BSSID (MAC address) and channel.
- Use the
Capture Handshake:
- Once you've identified the target network, use the
airodump-ng
tool to capture the handshake necessary for cracking the WPA/WPA2-PSK encryption key. - Run the command:
airodump-ng --bssid <BSSID> --channel <channel> --write <output_file> <monitor_interface>
. - Replace
<BSSID>
with the target network's BSSID,<channel>
with the network's channel,<output_file>
with the desired name for the output file, and<monitor_interface>
with your monitor mode interface.
- Once you've identified the target network, use the
Deauthenticate Clients:
- To capture the handshake, you may need to deauthenticate connected clients from the target network.
- Open a new terminal and use the
aireplay-ng
tool with the deauthentication attack:aireplay-ng --deauth <number_of_packets> -a <BSSID> -c <client_MAC> <monitor_interface>
. - Replace
<number_of_packets>
with the desired number of deauthentication packets,<BSSID>
with the target network's BSSID,<client_MAC>
with the MAC address of a connected client, and<monitor_interface>
with your monitor mode interface.
Crack the Encryption Key:
- Once you have captured the handshake, you can proceed to crack the WPA/WPA2-PSK encryption key using Aircrack-ng.
- Run the following command:
aircrack-ng -w <wordlist_file> -b <BSSID> <capture_file>
. - Replace
<wordlist_file>
with the path to a wordlist containing potential passwords,<BSSID>
with the target network's BSSID, and<capture_file>
with the name of the captured file.
Wordlist Selection:
- The success of the cracking process depends on the quality of the wordlist. Ensure you use a comprehensive and updated wordlist to increase your chances of success.
- There are numerous wordlists available online, or you can create your own based on common passwords, dictionary words, and variations.
Optimizing Cracking Speed:
- Aircrack-ng provides options to optimize the cracking process, such as using multiple CPUs or GPUs if available. Refer to the Aircrack-ng documentation for advanced options and configurations.