This blog is NOT OFFICIAL website of Kali Linux. We just share Tutorials to learn Cybersecurity.

AirCrack -- Crack Wi-Fi Networks

Aircrack is software suit for networks, Aircrack can perform network detection, packet sniffing and cracking WEP/WPA2.

aircrack tutorial
Image Source - Wikipedia

Aircrack is open source and build for 802.11 wireless LANs.

Aircrack consists of many tools, such as aircrack-ng, airdecap-ng, airplay-ng, packetforge-ng, airodump and many others to crack the passwords of Wi-Fi networks around us.
Here we need to have a Wi-Fi hardware that supports packet injection and monitor mode. List of  some Wi-Fi we can use
  • Alfa card by Alfa Networks
  • TP-Link TL-WN821N
  • Edimax EW-7811 UTC AC600
and so on.

In this tutorial we are going to use Alfa cards, usually Alfa cards doesn't need to install drivers on Kali Linux distro. Just plug and play.

Lets start by checking whether our card has been detected by Kali Linux. To do that type following command in terminal window:

The screenshot of the command is following:


Next, we need to set our Wi-Fi adapter (Alfa card in our case) to the monitor mode by applying following command:

airmon-ng start wlan0mon
The screenshot of the above command is following:

airmon-ng start wlan0mon

Now we will check for Wi-Fi networks around us by using this command:

airodump-ng wlan0mon
The screenshot of preceding command is following:

airodump-ng wlan0mon

Then, we note the BSSID of the network we want to crack and the channel number. ESSId (name of Wi-Fi networks) will help us to do that.
 In our case we choose the BSSID B8:C1:A2:07:BC:F1 and the channel number is 9.
Then we stop the process by pressing Ctrl+C and leave the terminal window open.

Then we open another terminal window and capture the packets with -w switch to write these packets in a file by using following command:

airodump-ng -w packets -c 9 --bssid B8:C1:A2:07:BC:F1 wlan0mon
The screenshot is following:


Now we need to watch becons and data column, those numbers start from 0 and increase as the packets are passed between router and other connected devices. We need minimum 20,000 to crack the WEP (Wired Equivalent Privacy) password.

To become fast, we open another terminal window and run following command to perform a fake authentication:

airpaly-ng -1 0 -e MGMNT -a BB:C1:A2:07:BC:F1 -h 00:c0:ca:57:cd:fc wlan0mon
After -e we nned to type the AP ESSID and after -a we put AP MAC and after -h we have typed our MAC in above command.

The screenshot is following:

Now we need to do the ARP packet replay using the following command:

airpaly-ng -3 -b BSSID wlan0mon

The following screenshot is showing an example of the applied command:


Once we have enough packets saved in a cap file, we start aircrack-ng and give it the file name where we saved the packets(.cap file):

aircrack-ng filename.cap

The following screenshot shows output of the preceding command:


After cracked, we can see the password on the screen.

key found

We need to capture as many packets as possible. Each data packets have an Initialization Vector (IV), which is 3 bytes in size, so we need to simply capture as many IV's we can and then use Aircrack on them to crack the Password.

Kali Linux


Post a Comment
  • Ban photo
    BanNovember 14, 2020 at 8:09 PM

    Hey i'm get suck on "airpaly-ng -1 0 -e MGMNT -a BB:C1:A2:07:BC:F1 -h 00:c0:ca:57:cd:fc wlan0mon"
    "after -h we have typed our MAC" what is MAC prefer to?

    Delete Comment
    • Kali Linux photo
      Kali LinuxNovember 15, 2020 at 8:58 AM

      MAC is unique identification for every device that can connect to a network. To know more check wiki and to spoof MAC read our this article.

      Delete Comment