Aircrack-ng is one of the most popular wireless security auditing tools included in Kali Linux. It allows you to assess Wi-Fi network security by cracking WEP and WPA/WPA2 PSK authentication passwords.
In this beginner's guide, we will walk through the basic steps of using aircrack-ng to hack Wi-Fi passwords on Kali Linux.
Introduction to Aircrack-Ng
Aircrack-ng is an 802.11 wireless auditing suite of tools. The "ng" stands for next-generation implying that it is an improved version of the original aircrack tool. Aircrack-ng uses captured Wi-Fi frames and encryption weaknesses to recover WEP/WPA/WPA2 passwords.
Some of the prominent features of aircrack-ng-include:
Cracking WEP and WPA/WPA2 PSK keys -Replay attacks
Wi-Fi packet capture and export
Wireless network scanning
Installing Aircrack-Ng on Kali Linux
Aircrack-ng comes pre-installed on Kali Linux. To confirm, open the terminal and type:
aircrack-ng --help
If you get an output showing common aircrack-ng commands, then it is already installed and ready to use.
If not installed for any reason, use the following apt commands:
sudo apt update
sudo apt install aircrack-ng
Once the installation completes, verify it by typing the help command above.
Capturing Wi-Fi Handshake Using Airodump-ng
Before attempting to crack Wi-Fi passwords, we need to capture wireless network traffic. This traffic is used to obtain the all-important Wi-Fi handshake that verifies clients to the network.
To capture packets, we will use the airodump-ng tool that ships with the aircrack-ng suite.
Step 1: Open the terminal and type airodump-ng
to list available wireless interfaces on your system. Note down the interface name for your wireless adapter, it will look like wlan0
or wlan1
Step 2: Start the packet capture process on your wireless adapter (set to monitor mode) targeting the access point channel:
airodump-ng -c [channel] --bssid [router BSSID] -w output [interface name]
For example:
airodump-ng -c 6 --bssid A4:5E:60:EB:C6 --write capture wlan0
This will create a dump file capture-01.cap
and lock your adapter to channel 6 listening for the target router traffic.
Step 3: Wait for wireless clients to connect to the target access point. When you see a successful authentication, airodump will capture and store the all-important WPA handshake.
Once the handshake is captured, press Ctrl + C to stop the process. We can now attempt to crack the Wi-Fi password.
Cracking Wi-Fi Password Using Aircrack-Ng
With the handshake captured, we can leverage the power of GPUs to rapidly test password combinations using airtcrack-ng tools.
Here are the basic steps:
Step 1: Open the terminal and run aircrack-ng
against the captured packet file:
aircrack-ng [packet capture file] -w [password dictionary file]
For example, with our capture file called capture-01.cap
, we would use:
aircrack-ng capture-01.cap -w /usr/share/wordlist/passwords.txt
This uses the default password wordlist on Kali Linux trying each one against the Wi-Fi network PSK.
Step 2: If the password is weak and present in the dictionary, aircrack will successfully crack it by displaying the plain text Wi-Fi password.
It may take a few hours to several days depending on the wireless encryption (WEP is quicker than WPA2), password complexity, and GPU compute power.
Tips for Effectively Using Aircrack-Ng
Here are some handy tips when using the aircrack-ng tools:
Use GPU acceleration for faster key cracking with tools like Hashcat
Capture handshakes from crowded public Wi-Fi for better results
Create custom wordlists from target profile information for improved accuracy
Regularly update Kali Linux to have the latest aircrack-ng features and stability improvements
So there you have it! With some basic command line usage, you can leverage aircrack-ng to audit and crack wireless networks. Be sure to only use it for legal security assessments and educational purposes.