HomeHackingAircrack-ng Tutorial to Crack WPA/WPA2 Wifi networks
- Crack Wpa With Kali
- Aircrack-ng Wpa2 Psk
- Aircrack-ng Wpa2 Crack Windows
- Aircrack Ng Wpa2 Crack
- Aircrack-ng Wpa2 Crack
In this Aircrack-ng tutorial, you will learn how to use Aircrack-ng to crack WPA/WPA2 wifi networks. With Aircrack-ng you can perform Monitoring, Attacking, Testing, and Cracking on wifi networks.
# -a2 specifies WPA2, -b is the BSSID, -w is the wordfile aircrack-ng -a2 -b 9C:5C:8E:C9:AB:C0 -w rockyou.txt hackme.cap If the password is cracked you will see a KEY FOUND! Message in the terminal followed by the plain text version of the network password. Aircrack-ng is a complete suite of tools to assess WiFi network security.It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools.
Before you start to crack WPA/WPA2 networks using this Aircrack-ng tutorial, let’s see a brief intro about it. Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security like Monitoring, Attacking, Testing, and Cracking. All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily with Linux but also supports Windows and other operating systems.
As Aircrack-ng has been created primarily for Linux you can install and use it with any version of Linux. If you are using kali Linux then you don’t need to install it as it comes as a pre-installed with it. Also, you can install and use it with Windows.
Also Read:How to install Kali Linux on Virtual box
Also Read:How to dual boot windows 10 and Kali Linux
Disclaimer: This tutorial has been made for educational purposes only, Geekviews don’t promote malicious practices and will not be responsible for any illegal activities. Use it at your own risk.
Remember aircrack-ng can ONLY crack pre-shared keys. Use airodump-ng to make sure the network has the authentication type of PSK. Otherwise, don’t waste your time
Aircrack-ng Tutorial to Crack WPA/WPA2 Wifi networks
For this Aircrack-ng tutorial, I am using Kali Linux as it is one of the best operating System for hacking and pentesting. Let’s get started:
Step 1: iwconfig
Type iwconfig on the terminal and press Enter to know the Wifi Adapter Name. In my case, the wifi card is wlan0 your one can be different.
Step 2: airmon-ng check kill
To make sure not to get error messages while enabling monitor Mode, use airmon-ng check kill command.
Step 3: airmon-ng start wlan0
Use airmon-ng start wlan0 to enable monitor Mode
From now on you have to use wlan0mon as moniter mode has been enabled.
Step 4: airodump-ng wlan0mon
Use airodump-ng wlan0mon to see all the access points and the clients connected to the access points in your surroundings .
Minimize this terminal. Don’t close it as This will be used to know WPA has been captured or not.
Step 5: airodump-ng -c channel –bssid [bssid of wifi] -w [path to write the data of packets] wlan0mon[interface].
In this step, you have to write the captured data to a specified path as in my case it is the Desktop. The above command in my case will be airodump-ng -c 11 –bssid 00:07:26:47:B0:35 -w /root/Desktop/hack wlan0mon.
After the execution of the command you will see the following files on your desktop:
And your terminal will look like this:
Step 6: aireplay-ng –deauth 11 -a [router bssid] interface
You need to de-authenticate the connected clients to the target WiFi network. Use aireplay-ng –deauth 11 -a [router bssid] interface
In my case the command will be aireplay-ng –deauth 11 -a 00:07:26:47:B0:35 wlan0mon
Now you will get WPA handshake as the client tries to connect to the WiFi again.
Step 7: aircrack-ng -b [bssid of router] [path to capture packets] -w [path to word list]
Last step in this Aircrack-ng tutorial: Start Cracking the target Wi-fi you need bssid, path to captured packets and path to wordlist. You will find plenty of wordlists to crack wifi networks online or generate your own Wordlist.
Adobe flash cs3 free download full version, Adobe Flash Player 8, Adobe Reader 10.1.0/10.0.1, Adobe Fireworks CS4 20100706. Adobe Flash CS3 is the most advanced and accurate software for creating rich, interactive content for web platforms. It offers a flexible and advanced authoring environment for creating extraordinary online experiences with the latest technical innovations. In addition, Adobe Flash CS3 is an outstanding software that produces brilliant animations. Adobe Flash CS3 free download Adobe Flash Download Adobe Flash software is the most advanced authoring environment for creating rich, interactive content for digital, Web, and mobile platforms. Getintopc Adobe Flash CS3 Free Download Full Version for PC/Mac/Windows Xp,7,8,8.1,10. Its offline installer and Standalone Setup of Adobe Flash CS3 Free Download for 32 and 64 Bit. We can also download Adobe Flash CS3 Professional Free Download Full Version For Windows 32-64 Bit. Flash cs3 download free full.
In my case the above command will be aircrack-ng -b 00:07:26:47:B0:35 /root/Desktop/hack’-01.cap -w /root/Desktop/wordlist
Finally, after following every single step accordingly in this Aircrack-ng Tutorial you will get the wifi Password.
If this Aircrack-ng tutorial helps you in cracking wifi networks then share it with your friends. Else if there are any problems then do let us know by commenting below to make this Aircrack-ng tutorial better.
Also Read:How to hack Android Phone
Also Read:How to make a C++ Keylogger
Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat.
This is a brief walk-through tutorial that illustrates how to crack Wi-Fi networks that are secured using weak passwords. It is not exhaustive, but it should be enough information for you to test your own network's security or break into one nearby. The attack outlined below is entirely passive (listening only, nothing is broadcast from your computer) and it is impossible to detect provided that you don't actually use the password that you crack. An optional active deauthentication attack can be used to speed up the reconnaissance process and is described at the end of this document.
If you are familiar with this process, you can skip the descriptions and jump to a list of the commands used at the bottom. For a variety of suggestions and alternative methods, see the appendix. neal1991 and tiiime have also graciously provided translations to this document and the appendix in Chinese if you prefer those versions.
DISCLAIMER: This software/tutorial is for educational purposes only. It should not be used for illegal activity. The author is not responsible for its use. Don't be a dick.
Getting Started
This tutorial assumes that you:
- Have a general comfortability using the command-line
- Are running a debian-based linux distro, preferably Kali linux (OSX users see the appendix)
- Have Aircrack-ng installed
sudo apt-get install aircrack-ng
- Have a wireless card that supports monitor mode (see here for a list of supported devices)
Cracking a Wi-Fi Network
Monitor Mode
Begin by listing wireless interfaces that support monitor mode with:
If you do not see an interface listed then your wireless card does not support monitor mode ?
We will assume your wireless interface name is
wlan0
but be sure to use the correct name if it differs from this. Next, we will place the interface into monitor mode:Run
iwconfig
. You should now see a new monitor mode interface listed (likely mon0
or wlan0mon
).Find Your Target
Start listening to 802.11 Beacon frames broadcast by nearby wireless routers using your monitor interface:
You should see output similar to what is below.
For the purposes of this demo, we will choose to crack the password of my network, 'hackme'. Remember the BSSID MAC address and channel (
CH
) number as displayed by airodump-ng
, as we will need them both for the next step.Capture a 4-way Handshake
WPA/WPA2 uses a 4-way handshake to authenticate devices to the network. You don't have to know anything about what that means, but you do have to capture one of these handshakes in order to crack the network password. These handshakes occur whenever a device connects to the network, for instance, when your neighbor returns home from work. We capture this handshake by directing
airmon-ng
to monitor traffic on the target network using the channel and bssid values discovered from the previous command.Now we wait.. Once you've captured a handshake, you should see something like
[ WPA handshake: bc:d3:c9:ef:d2:67
at the top right of the screen, just right of the current time.If you are feeling impatient, and are comfortable using an active attack, you can force devices connected to the target network to reconnect, be sending malicious deauthentication packets at them. This often results in the capture of a 4-way handshake. See the deauth attack section below for info on this.
Once you've captured a handshake, press
ctrl-c
to quit airodump-ng
. You should see a .cap
file wherever you told airodump-ng
to save the capture (likely called -01.cap
). We will use this capture file to crack the network password. I like to rename this file to reflect the network name we are trying to crack:Crack the Network Password
The final step is to crack the password using the captured handshake. If you have access to a GPU, I highly recommend using
hashcat
for password cracking. I've created a simple tool that makes hashcat super easy to use called naive-hashcat
. If you don't have access to a GPU, there are various online GPU cracking services that you can use, like GPUHASH.me or OnlineHashCrack. You can also try your hand at CPU cracking with Aircrack-ng.Note that both attack methods below assume a relatively weak user generated password. Most WPA/WPA2 routers come with strong 12 character random passwords that many users (rightly) leave unchanged. If you are attempting to crack one of these passwords, I recommend using the Probable-Wordlists WPA-length dictionary files.
Cracking With naive-hashcat
(recommended)
Before we can crack the password using naive-hashcat, we need to convert our
.cap
file to the equivalent hashcat file format .hccapx
. You can do this easily by either uploading the .cap
file to https://hashcat.net/cap2hccapx/ or using the cap2hccapx
tool directly.Next, download and run
naive-hashcat
:Crack Wpa With Kali
Naive-hashcat uses various dictionary, rule, combination, and mask (smart brute-force) attacks and it can take days or even months to run against mid-strength passwords. The cracked password will be saved to hackme.pot, so check this file periodically. Once you've cracked the password, you should see something like this as the contents of your
POT_FILE
:Where the last two fields separated by
:
are the network name and password respectively.If you would like to use
hashcat
without naive-hashcat
see this page for info.Aircrack-ng Wpa2 Psk
Cracking With Aircrack-ng
Aircrack-ng can be used for very basic dictionary attacks running on your CPU. Before you run the attack you need a wordlist. I recommend using the infamous rockyou dictionary file:
Aircrack-ng Wpa2 Crack Windows
Note, that if the network password is not in the wordfile you will not crack the password.
If the password is cracked you will see a
KEY FOUND!
message in the terminal followed by the plain text version of the network password.Aircrack Ng Wpa2 Crack
Deauth Attack
A deauth attack sends forged deauthentication packets from your machine to a client connected to the network you are trying to crack. These packets include fake 'sender' addresses that make them appear to the client as if they were sent from the access point themselves. Upon receipt of such packets, most clients disconnect from the network and immediately reconnect, providing you with a 4-way handshake if you are listening with
airodump-ng
.Use
airodump-ng
to monitor a specific access point (using -c channel --bssid MAC
) until you see a client (STATION
) connected. A connected client look something like this, where is 64:BC:0C:48:97:F7
the client MAC.Now, leave
airodump-ng
running and open a new terminal. We will use the aireplay-ng
command to send fake deauth packets to our victim client, forcing it to reconnect to the network and hopefully grabbing a handshake in the process.You can optionally broadcast deauth packets to all connected clients with:
Once you've sent the deauth packets, head back over to your
airodump-ng
process, and with any luck you should now see something like this at the top right: [ WPA handshake: 9C:5C:8E:C9:AB:C0
. Now that you've captured a handshake you should be ready to crack the network password.List of Commands
Aircrack-ng Wpa2 Crack
Below is a list of all of the commands needed to crack a WPA/WPA2 network, in order, with minimal explanation.
Appendix
The response to this tutorial was so great that I've added suggestions and additional material from community members as an appendix. Check it out to learn how to:
- Capture handshakes and crack WPA passwords on MacOS/OSX
- Capture handshakes from every network around you with
wlandump-ng
- Use
crunch
to generate 100+GB wordlists on-the-fly - Spoof your MAC address with
macchanger
A Chinese version of the appendix is also available.
Attribution
Much of the information presented here was gleaned from Lewis Encarnacion's awesome tutorial. Thanks also to the awesome authors and maintainers who work on Aircrack-ng and Hashcat.
Overwhelming thanks to neal1991 and tiiime for translating this tutorial into Chinese. Further shout outs to yizhiheng, hiteshnayak305, enilfodne, DrinkMoreCodeMore, hivie7510, cprogrammer1994, 0XE4, hartzell, zeeshanu, flennic, bhusang, tversteeg, gpetrousov, crowchirp and Shark0der who also provided suggestions and typo fixes on Reddit and GitHub. If you are interested in hearing some proposed alternatives to WPA2, check out some of the great discussion on this Hacker News post.