The topic for today is: Hacking WPA2 Wi-Fi Networks With Aircrack-Ng Suite
Tools that we will be using:
- Airmon-Ng (Place the wireless card in moniter mode)
- Airodump-Ng (Start sniffing for packets on Wi-Fi networks)
- Aireplay-Ng (Send the de-authentication packets to de-authenticate the users on the Wi-Fi)
- Aircrack-Ng (Crack the handshake with the password)
Let's get started.
Firstly, we check if the Linux system recognises our wireless card that we will be using for hacking. I am using the built-in wireless card in my system to hack. My wireless card is capable of monitor mode and packet injection.
To check if the system recognises out wireless card, we type:
To check what state the wireless card is in, we type:
It will be stated in the results that the wireless card is in managed mode. Once we have confirmed that, we can proceed with our task.
Now, we want to place the wireless card in monitor mode to sniff for packets, but before that, we will use Airmon-Ng to kill processes that may disrupt our Wi-Fi hacking. So we kill all processes with:
airmon-ng check kill
This command has to be runned before placing the wireless card in monitor mode.
And then we place it in monitor mode with the command:
airmon-ng start <Name Of Wireless Card That You Are Using>
We now check if the wireless card is in monitor mode:
Now, we can see that my wireless card is in monitor mode and it is ready to be used.
With the wireless card now in monitor mode, we can now proceed to start dumping connections with Airodump-Ng.
airodump-ng <Name Of Your Wireless Card That You Are Using>
To find networks running on 5Ghz, you can run the command with an additional add-on:
airodump-ng <Name Of Your Wireless Card That You Are Using> --band a
The additional --band a command tells Airodump-Ng to scan 5Ghz networks only, as 5Ghz networks use 802.11a, while 2.4Ghz networks use 802.11b. Airodump-Ng scans 2.4Ghz networks by default. However
After recognising the Wi-Fi network you are attacking, you can stop this general scan and start running Airodump-Ng on a particular network. However, I am unable to make Aireplay-Ng send de-authentication signals to a 5Ghz network: Any Suggestions On This?
Now that we have most of the 2Ghz networks on our list, we will run Airodump-Ng on a particular network. The command to do that is:
airodump-ng --write <Directory To Save Handshake To> --bssid <Bssid Of Wi-Fi Network You Are Targeting> --channel <Channel Number That Wi-Fi Is Running On> wlan0mon <Wireless Card That You Are Using To Hack>
Once Airodump-Ng is sniffing on that network, we will run Aireplay-Ng to de-authenticate the users on the network to force them to reconnect again. We will then be able to capture a 4-Way-Handshake that we will be cracking. The --write command has to be used or else the handshake will not be saved and you will not be able to crack it. To run Aireplay-Ng, the command is:
aireplay-ng -a <Bssid Of Wi-Fi Network You Are Targeting> --deauth <Number Of De-Authentication Packets You Want To Send> <Wireless Card That You Are Using>
This command will then start to send de-authentication packets to the Wi-Fi network. If you want to keep on sending de-authentication packets to the Wi-Fi network, you can put the number "0" after the --deauth command.
Once we have captured the handshake, we can stop Airodump-Ng and Aireplay-Ng. You can then use a wordlist which you have created to brute-force the handshake. To brute-force that handshake with Aircrack-Ng, use this command:
aircrack-ng <Route To Handshake To Be Cracked> -w <Route To Wordlist To Use>
The -w command for Aircrack-Ng tells Aircrack-Ng what wordlist to use. However, suffice to say, if the password for the Wi-Fi network is not in your wordlist, you will not be able to crack the handshake. If you need a more targeted wordlist, you can consider using a tool called C.U.P.P which I will be covering in the next How-To.
I hope that this article has helped to simplify matters for you on Wi-Fi hacking. If you have any other questions, you can ask them in the comments section and I will try my best to answer them. If there are any mistakes in the article, please feel free to point them out to me. Till next time guys! Keep hacking ethically and never ever give up.