Aircrack is software suit for networks, Aircrack can perform network detection, packet sniffing and cracking WEP/WPA2.
Aircrack is open source and build for 802.11 wireless LANs.
Aircrack consists of many tools, such as aircrack-ng, airdecap-ng, airplay-ng, packetforge-ng, airodump and many others to crack the passwords of Wi-Fi networks around us.
Here we need to have a Wi-Fi hardware that supports packet injection and monitor mode. List of some Wi-Fi we can use
and so on. |
| Image Source - Wikipedia |
Aircrack is open source and build for 802.11 wireless LANs.
Aircrack consists of many tools, such as aircrack-ng, airdecap-ng, airplay-ng, packetforge-ng, airodump and many others to crack the passwords of Wi-Fi networks around us.
Here we need to have a Wi-Fi hardware that supports packet injection and monitor mode. List of some Wi-Fi we can use
- Alfa card by Alfa Networks
- TP-Link TL-WN821N
- Edimax EW-7811 UTC AC600
In this tutorial we are going to use Alfa cards, usually Alfa cards doesn't need to install drivers on Kali Linux distro. Just plug and play.
Lets start by checking whether our card has been detected by Kali Linux. To do that type following command in terminal window:
The screenshot of the command is following:
Next, we need to set our Wi-Fi adapter (Alfa card in our case) to the monitor mode by applying following command:
The screenshot of the above command is following:
Now we will check for Wi-Fi networks around us by using this command:
The screenshot of preceding command is following:
Then, we note the BSSID of the network we want to crack and the channel number. ESSId (name of Wi-Fi networks) will help us to do that.
In our case we choose the BSSID B8:C1:A2:07:BC:F1 and the channel number is 9.
Then we stop the process by pressing Ctrl+C and leave the terminal window open.
Then we open another terminal window and capture the packets with -w switch to write these packets in a file by using following command:
The screenshot is following:
Now we need to watch becons and data column, those numbers start from 0 and increase as the packets are passed between router and other connected devices. We need minimum 20,000 to crack the WEP (Wired Equivalent Privacy) password.
To become fast, we open another terminal window and run following command to perform a fake authentication:
After -e we nned to type the AP ESSID and after -a we put AP MAC and after -h we have typed our MAC in above command.
The screenshot is following:
Now we need to do the ARP packet replay using the following command:
The following screenshot is showing an example of the applied command:
Once we have enough packets saved in a cap file, we start aircrack-ng and give it the file name where we saved the packets(.cap file):
The following screenshot shows output of the preceding command:
After cracked, we can see the password on the screen.
We need to capture as many packets as possible. Each data packets have an Initialization Vector (IV), which is 3 bytes in size, so we need to simply capture as many IV's we can and then use Aircrack on them to crack the Password.