Continuing to look back at the famous tools belonging to their category password crackers, we meet Aircrack-ng. Aircrack-ng is not just a password finder but one of the best tools for wifi hacking. To be more precise, this is a suite of tools that help manipulate and infiltrate wireless networks:
- Airmon-ng: Used to manage all different modes of wireless cards and to eliminate processes when using aircrack-ng. To be able to track a wireless traffic, you need to change the wireless card mode from managed to a monitor.
- Airodump-ng: Can capture wireless information from one or more wireless Access Points. It is essentially used for the analysis of contigs Access Points (eg WiFi routers) and recording handshakes. The handshake is a preparatory step for data transfer.
- Aireplay-ng: Used for replay attacks and as a packet injector. It can also disconnect users connected to Access Points.
- Airdecap-ng: Aircap-ng Used to decrypt WEP, WPA / WPA2 wireless packets in cases where the encryption key is known.
- Aircrack-ng: It is used to attack WPA / WEP wireless protocols to retrieve the encryption key.
The letters ng are derived from the words "new generation" as Aircrack-ng replaced the older aircrack suite that is no longer supported. The tool is offered for Windows and Linux platforms.
How to install it
Windows
There are two driver solutions available for Windows operating systems and only Airpcap currently supports Aircrack-ng 0.9.X:
- The Airpcap is a device that supports monitor mode and injection.
- That's itNPcap is one packet sniffing library for Windows based on WinPcap / Libpcap libraries.
The Github repos and downloads above are available here.
You can find the latest version of Aircrack-ng from official site of. Download the zip compressed folder there.
You should then unzip the folder to the "C: \" location. This will create a new folder named "aircrcrack-ng - *. *. * - win" - depending on the version of the tool you download. The folder should contain 3 subfolders named "bin", "src" and "test". Look for the file "Aircrack-ng GUI.exe" in the "bin" subfolder and run it.
Linux
Aircrack is preinstalled in the well known operating system version for penetration testers, Kali Linux.
Install the tool by running, in a terminal, the following:
$ sudo apt-get update $ sudo apt-get install -y aircrack-ng |
How to use it
Below, we will see how we can use aircrack-ng to break into an encrypted wireless network and find his password. The red letters refer to the information that each user should modify according to the names on their network.
First of all, we can see all available wireless cards which are connected to our computer using the iwconfig command.
Now, we have to choose which of the available wireless cards to use for the attack. Using the tool airmon-ng we will terminate all process actions and then change the card mode to monitor. Monitor mode will allow us to capture all packets on the network, even those not intended for our computer:
$ sudo airmon-ng check kill $ sudo airmon-ng start wireless_card_name |
After our card entered monitor mode, it will now appear with a different name "wlan0mon". You can check it by running the command we saw earlier, iwconfig.
Now we have to use the tool airodumb-ng to see all the nearby wireless access points and their available information:
$ sudo airodump-ng wlan0mon |
You can customize your search by hardware address or otherwise mac address (-bssid) of the access point, or based on the WiFi channel (-c).
To capture a "handshake" containing the encrypted password we need to save the packages we capture using the parameter -write. Example:
$ sudo airodump-ng –bssid 6C: B7: 49: FC: 62: E4 -c 11 wlan0mon –write /tmp/handshake.cap |
We will now disconnect all devices connected to that access point using its function aireplay-ng:
$ sudo aireplay-ng -0 100 -a 6C: B7: 49: FC: 62: E4 wlan0mon |
After a while the devices will be disconnected and when they try to reconnect to the access point, we will capture the handshake using the airodump-ng. What you see on your screen should look like the following image:
The handshake data, including the encrypted password, is stored in the directory /tmp/. Now, we can find the password using Aircrack-ng and dictionary attack:
$ sudo aircrack-ng /tmp/handshake.cap-01.cap -w /usr/share/wordlists/rockyou.txt |
That's it aircrack-ng will display the password after finding it in the terminal.
In the example we see, aircrack-ng found that the password is '123456789'.
After completing the attack, we can stop the monitor mode of the card and restart it. network manager:
$ sudo airmon-ng stop wlan0mon Restart $ sudo service network-manager |
How did the Aircrack-ng tool suite look to you? Waiting for your comment ...