How Hackers access Wi-Fi Networks: AirCrack

Posted by
Aircrack is a software suite for networks, Aircrack can perform network detection, packet-sniffing and cracking WEP/WPA2.

Aircrack consists of many tools, such as aircrack-ng, airdecap-ng, airplay-ng, packetforge-ng, airodump and many others to crack the passwords of Wi-Fi networks around us.
Here we need to have Wi-Fi hardware that supports packet injection and monitor mode. List of  some Wi-Fi we can use

  • Alfa card by Alfa Networks
  • TP-Link TL-WN821N
  • Edimax EW-7811 UTC AC600

and so on.

In this tutorial we are going to use Alfa cards, usually, Alfa cards don’t need to install drivers on Kali Linux distro. Just plug and play.

Let’s start by checking whether our card has been detected by Kali Linux. To do that type following command in the terminal window:


The screenshot of the command is the following:


Next, we need to set our Wi-Fi adapter (Alfa card in our case) to the monitor mode by applying the following command:

airmon-ng start wlan0mon

The screenshot of the above command is the following:

airmon-ng start wlan0mon
Now we will check for Wi-Fi networks around us by using this command:

airodump-ng wlan0mon

The screenshot of the preceding command is the following:

airodump-ng wlan0mon

Then, we note the BSSID of the network we want to crack and the channel number. ESSId (name of Wi-Fi networks) will help us to do that.
In our case, we choose the BSSID B8:C1:A2:07:BC:F1 and the channel number is 9.

Then we stop the process by pressing Ctrl+C and leave the terminal window open.

Then we open another terminal window and capture the packets with -w switch to write these packets in a file by using the following command:

airodump-ng -w packets -c 9 --bssid B8:C1:A2:07:BC:F1 wlan0mon

The screenshot is following:


Now we need to watch becons and data column, those numbers start from 0 and increase as the packets are passed between the router and other connected devices. We need a minimum 20,000 to crack the WEP (Wired Equivalent Privacy) password.

To become fast, we open another terminal window and run the following command to perform a fake authentication:

airpaly-ng -1 0 -e MGMNT -a BB:C1:A2:07:BC:F1 -h 00:c0:ca:57:cd:fc wlan0mon

After -e we need to type the AP ESSID and after -a we put AP MAC and after -h we have typed our MAC in the above command.

The screenshot is following:

Now we need to do the ARP packet replay using the following command:

airpaly-ng -3 -b BSSID wlan0mon

The following screenshot is showing an example of the applied command:


Once we have enough packets saved in a cap file, we start aircrack-ng and give it the file name where we saved the packets(.cap file):

aircrack-ng filename.cap

The following screenshot shows the output of the preceding command:


After cracked, we can see the password on the screen.

key found

We need to capture as many packets as possible. Each data packets have an Initialization Vector (IV), which is 3 bytes in size, so we need to simply capture as many IV’s we can and then use Aircrack on them to crack the Password.

Feel free to leave a comment below or reach me on Instagram @iamshubhamkumar__.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.