Introduction
Aircrack-ng is a powerful suite of tools designed for auditing wireless networks. It’s widely used for testing the security of Wi-Fi networks by recovering WEP and WPA/WPA2 keys from captured packets. This guide covers everything from installation to executing attacks for educational and authorized penetration testing purposes.
Table of Contents
- Prerequisites
- Installation
- Enabling Monitor Mode
- Packet Capturing with Airodump-ng
- Deauthentication Attacks with Aireplay-ng
- Cracking WPA/WPA2 Handshakes with Aircrack-ng
- Cracking WEP Networks
- Additional Tools and Techniques
- Best Practices & Troubleshooting
- Additional Resources
Prerequisites
- Operating System: A Linux distribution (Kali Linux is highly recommended).
- Hardware: A wireless adapter that supports monitor mode and packet injection.
- Knowledge: Familiarity with Linux terminal commands.
- Permissions: Legal authorization to test the target network.
Installation
On Kali Linux (Pre-installed)
Kali Linux comes with Aircrack-ng pre-installed. To update or reinstall:
sudo apt update
sudo apt install aircrack-ng
On Debian/Ubuntu
sudo apt update
sudo apt install aircrack-ng
Enabling Monitor Mode
Monitor mode allows the wireless card to capture all the traffic on a given channel, not just the traffic addressed to it. Here’s how you enable monitor mode using airmon-ng.
- Identify your wireless interface:
iwconfig
Your wireless interface will likely be named wlan0 or wlan1.
- Enable monitor mode:
sudo ip link set wlan0 down
sudo iw dev wlan0 set type monitor
sudo ip link set wlan0 up
If using airmon-ng:
sudo airmon-ng start wlan0
- Verify monitor mode:
iwconfig
You should see your interface listed as monitor.
Packet Capturing with Airodump-ng
Airodump-ng is used for capturing packets on a network. Here’s how to use it to capture the packets needed for further analysis.
- Start packet capture:
sudo airodump-ng wlan0mon
Replace wlan0mon with your interface in monitor mode. This will display a list of available networks.
- Target a specific network:
sudo airodump-ng --bssid [BSSID] -c [Channel] -w [File Name] wlan0mon
Replace [BSSID] with the target network’s MAC address, [Channel] with the network’s channel, and [File Name] with the name of the file to store the capture.
Deauthentication Attacks with Aireplay-ng
Aireplay-ng can be used for various attacks, including deauthentication attacks to capture handshakes.
- Perform a deauthentication attack:
sudo aireplay-ng --deauth 10 -a [BSSID] wlan0mon
This sends 10 deauthentication packets to disconnect clients from the network, which can help capture the WPA/WPA2 handshake.
Cracking WPA/WPA2 Handshakes with Aircrack-ng
After capturing the WPA/WPA2 handshake, you can use aircrack-ng to attempt to crack the key.
- Crack the handshake:
aircrack-ng -w [Wordlist] -b [BSSID] [Capture File].cap
Replace [Wordlist] with the path to your dictionary file, [BSSID] with the target network’s MAC address, and [Capture File].cap with the file that contains the captured handshake.
- Using a wordlist for the attack:
You can use popular wordlists like
rockyou.txtor create your own for the attack.
Cracking WEP Networks
WEP is an older and less secure protocol compared to WPA/WPA2, but it is still sometimes encountered in older networks.
- Capture packets:
sudo airodump-ng -c [Channel] --bssid [BSSID] -w [File Name] wlan0mon
- Crack WEP key:
aircrack-ng [Capture File].cap
aircrack-ng will attempt to crack the WEP key using the packets collected in the .cap file.
Additional Tools and Techniques
Airbase-ng
Airbase-ng is a tool that can be used to create a fake access point. This is useful for social engineering attacks like evil twin attacks.
Aircrack-ng (For Other Protocols)
You can also use aircrack-ng to crack WPS, and perform various other wireless network security assessments.
Best Practices & Troubleshooting
- Use a powerful wordlist for cracking WPA/WPA2 handshakes (e.g.,
rockyou.txt). - Monitor your signal strength and use a high-quality wireless card that supports packet injection.
- Avoid frequent packet sniffing on networks as it can be detected by security systems.
- Ensure you’re legally authorized to perform penetration tests on the network you’re auditing.