How to Use Aircrack-Ng in Kali Linux

How to Use Aircrack-Ng in Kali Linux


3 min read

Aircrack-ng is one of the most popular wireless security auditing tools included in Kali Linux. It allows you to assess Wi-Fi network security by cracking WEP and WPA/WPA2 PSK authentication passwords.

In this beginner's guide, we will walk through the basic steps of using aircrack-ng to hack Wi-Fi passwords on Kali Linux.

Introduction to Aircrack-Ng

Aircrack-ng is an 802.11 wireless auditing suite of tools. The "ng" stands for next-generation implying that it is an improved version of the original aircrack tool. Aircrack-ng uses captured Wi-Fi frames and encryption weaknesses to recover WEP/WPA/WPA2 passwords.

Some of the prominent features of aircrack-ng-include:

  • Cracking WEP and WPA/WPA2 PSK keys -Replay attacks

  • Wi-Fi packet capture and export

  • Wireless network scanning

Installing Aircrack-Ng on Kali Linux

Aircrack-ng comes pre-installed on Kali Linux. To confirm, open the terminal and type:

aircrack-ng --help

If you get an output showing common aircrack-ng commands, then it is already installed and ready to use.

If not installed for any reason, use the following apt commands:

sudo apt update
sudo apt install aircrack-ng

Once the installation completes, verify it by typing the help command above.

Capturing Wi-Fi Handshake Using Airodump-ng

Before attempting to crack Wi-Fi passwords, we need to capture wireless network traffic. This traffic is used to obtain the all-important Wi-Fi handshake that verifies clients to the network.

To capture packets, we will use the airodump-ng tool that ships with the aircrack-ng suite.

Step 1: Open the terminal and type airodump-ng to list available wireless interfaces on your system. Note down the interface name for your wireless adapter, it will look like wlan0 or wlan1.

Step 2: Start the packet capture process on your wireless adapter (set to monitor mode) targeting the access point channel:

airodump-ng -c [channel] --bssid [router BSSID] -w output [interface name]

For example:

airodump-ng -c 6 --bssid A4:5E:60:EB:C6 --write capture wlan0

This will create a dump file capture-01.cap and lock your adapter to channel 6 listening for the target router traffic.

Step 3: Wait for wireless clients to connect to the target access point. When you see a successful authentication, airodump will capture and store the all-important WPA handshake.

Once the handshake is captured, press Ctrl + C to stop the process. We can now attempt to crack the Wi-Fi password.

Cracking Wi-Fi Password Using Aircrack-Ng

With the handshake captured, we can leverage the power of GPUs to rapidly test password combinations using airtcrack-ng tools.

Here are the basic steps:

Step 1: Open the terminal and run aircrack-ng against the captured packet file:

aircrack-ng [packet capture file] -w [password dictionary file]

For example, with our capture file called capture-01.cap, we would use:

aircrack-ng capture-01.cap -w /usr/share/wordlist/passwords.txt

This uses the default password wordlist on Kali Linux trying each one against the Wi-Fi network PSK.

Step 2: If the password is weak and present in the dictionary, aircrack will successfully crack it by displaying the plain text Wi-Fi password.

It may take a few hours to several days depending on the wireless encryption (WEP is quicker than WPA2), password complexity, and GPU compute power.

Tips for Effectively Using Aircrack-Ng

Here are some handy tips when using the aircrack-ng tools:

  • Use GPU acceleration for faster key cracking with tools like Hashcat

  • Capture handshakes from crowded public Wi-Fi for better results

  • Create custom wordlists from target profile information for improved accuracy

  • Regularly update Kali Linux to have the latest aircrack-ng features and stability improvements

So there you have it! With some basic command line usage, you can leverage aircrack-ng to audit and crack wireless networks. Be sure to only use it for legal security assessments and educational purposes.