Introduction to Aircrack-ng Suite of Tools
In Chapter 2, We will cover:
- Introduction to Aircrack-ng Suite of tools
- Introduction to Wireshark
- WEP cracking using Aircrack-ng
- WPA/WPA2 Personal cracking using Aircrack-ng
- WPS cracking
As every topic above is crucial to understand, This chapter will have a dedicated post on each topic. Hence, the first part(out of 5) will cover the “Introduction to Aircrack-ng Suite of tools“
When we begin and expertise in wireless hacking, some helpful tools are always with the Hacker, Aircrack-ng suite of tools
What is Aircrack-ng ?
Aircrack-ng is a suite of tools use by beginners and experts for Wireless sniffing, cracking and creating rogue AP’s.
Conventional definition goes like :
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured
Aircrack-ng suite include tools like:
- and lots more
We will discuss about the tools above, as they are most frequently used tools and used in almost every Wireless Pentest.
Aircrack-ng comes for Linux, Mac, and Windows and comes pre-installed in Kali Linux. We can manually install Aircrack-ng on Linux, Mac or Windows.
Latest version of Aircrack-ng can be downloaded from its official site, Aircrack-ng.org
For Linux and Mac, it can be installed from source code, and
For Windows, Aircrack-ng provides pre-compiled binaries. You can download the zip here
In Windows, Aircrack-ng comes in a download-and-execute pre-compiled binary package.
Installing on Windows:
- Unzip aircrack-ng*.zip (aircrack-ng-1.2-rc2-win.zip, as latest version)
- Start using
Here is complete tutorial on installing on windows
There are 2 ways of installing Aircrack-ng in Linux:
- Using terminal
- Using source-code
We will take an example of
Installing Aircrack-ng on Ubuntu
sudo apt-get install aircrack-ng -y
apt-get is the package installer in Ubuntu.
different distributions have different package installers.
For Red Hat: yum
Arch Linux: pacman
Debian(Kali Linux): apt-get, or aptitude
to install in your distribution type the above command just replace apt-get with your package installer.
From Source code:
Installing aircrack-ng from source code on any distribution is quite the same, because the code is written in C language and the C compiler on the system automatically compiles the code for the installed operating system.
Lets see how to install from source code,
Open Terminal and type:
cd Desktop wget http://download.aircrack-ng.org/aircrack-ng-1.2-rc2.tar.gz
Here, we changed the directory to Desktop. and downloaded the source code using wget command.
tar zxvf aircrack-ng*.tar.gz
Extracted the downloaded tar.gz file using tar command
make sqlite=true make sqlite=true install
Why we are using sqlite=true is to add Airolib-ng support in the Aircrack-ng. We well see the use of Airolib-ng for Boosting WPA2 cracking speed in upcoming chapters.
For installing on Mac OS X you can click here
Now lets start using the aircrack-ng suite of tools
1. Make sure your wireless card is connected. Then open Terminal.
2. Type ifconfig and check your wireless interface, wlan3 in my case and we will be using wlan3 in the tutorial
root@rs:~# ifconfig wlan3 wlan3 Link encap:Ethernet HWaddr 00:c0:ca:3b:34:b6 inet addr:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::2c0:caff:fe5a:34b6/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:37 errors:0 dropped:0 overruns:0 frame:0 TX packets:33 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4437 (4.3 KiB) TX bytes:3506 (3.4 KiB) root@rs:~#
If you type iwconfig wlan3 you should get something like this:
root@rs:~# iwconfig wlan3 wlan3 IEEE 802.11bgn ESSID:"rootsh3ll" Mode:Managed Frequency:2.462 GHz Access Point: FF:DD:32:08:6D:C2 <--------------------------SNIP-------------------------->
You can see Mode:Managed, now
What is managed mode ?
By default our wireless card works on Managed mode i.e it will only accept the traffic from the Access point it is associated(connected) to.
And for Wireless sniffing our card has to be in monitor mode so that it can receive traffic from any Wireless network without associating with it.
Here comes the first tool of Aircrack-ng suite of tools.
This tools is used to put the wireless card from Managed to Monitor mode and Vice-versa. Lets see how to put wireless card into monitor mode.
Put card into Monitor mode:
root@rs:~# airmon-ng start wlan3
It will create an interface with name mon0, check using ifconfig.
Put card into Managed mode:
root@rs:~# airmon-ng stop mon0
Here mon0 can be replaced by mon1, mon2, etc if multiple monitor interfaces are running..
Now we need to start sniffing the air. It can be done using
Airodump-ng allows us to
- Sniff the air using mon0 interface
- Dumping the captured packets into a “.cap” file, and
- Lots of INFORMATION !!!
Lets start airodump-ng
root@rs:~# airodump-ng mon0
This is the basic command to run airodump-ng on mon0 interface.
It will show an out put screen like this:
CH 4 ][ Elapsed: 24 s ][ 2015-08-08 00:45 BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID D8:55:A3:B1:8B:FF -40 11 18 0 6 54e WPA2 CCMP PSK akku FC:DD:32:08:6D:C2 -67 13 80 0 11 54e WPA2 CCMP PSK rootsh3ll 80:D0:9B:DE:15:EE -74 2 0 0 1 54e WPA2 CCMP PSK You have been warned BSSID STATION PWR Rate Lost Frames Probe D8:55:A3:B1:8B:FF 34:31:11:63:CE:96 -74 5e- 5e 0 19 FC:DD:32:08:6D:C2 00:C0:CA:3b:34:B6 0 0e- 1 0 272 rootsh3ll FC:DD:55:08:6D:C2 30:A8:DB:C6:88:13 -127 0e- 0e 10 81 root@rs:~#
We will cover the important information from the above output.
CH 4: Channel on which our card is currently scanning.
NOTE: As Wireless card is a type of radio, it can work on one channel at a time. You will see the Channel no. changing very frequently, this is called Time Division Multiplexing.
others are time elapsed and current Date-Time.
BSSID(Basic Service Set IDentifier) : MAC address of the Access point.
PWR: Signal strength of the incoming network, SI unit is dBm, greater the value in negative, weaker the signal strength.
ENC: Encryption type. can be Open, WEP, WPA/WPA2
ESSID: Access point name
Station: Client that is associated with the corresponding BSSID
Probe: Request sent by the Client for the Access point it was previously connected to. “rootsh3ll” in this case, see Line 13.
Press CTRL-C to stop scanning.
Data packets can be captured and saved into file using -w option with airodump-ng. Example
root@rs:~# airodump-ng mon0 -w test_data_capture
Press ^C to quit and Type ls test_data_capture*
root@rs:~# ls test_data_capture-01.* test_data_capture-01.cap test_data_capture-01.csv test_data_capture-01.kismet.csv test_data_capture-01.kismet.netxml
Here airodump-ng has saved the output in .cap, .csv and .netxml format for different use.
We will use .cap file for our cracking process in this series.
Above steps has to be followed in every Pentest we will do. We will see the use of remaining tools
in upcoming chapters accordingly.
We learned to install aircrack-ng on Linux and windows systems. Putting wireless card on monitor mode and scanning the air and saving the information to a file for future use. as it will be used in WEP and WPA/WPA2 cracking.
High Gain Antenna:
USB Drive (32 GB):
SanDisk Ultra Fit USB 3.0 32GB Pen Drive (International)
SanDisk Ultra USB 3.0 32 GB Pen Drive (India Only)
Any question ? Let me know, I will be glad to know and answer all your queries in the comments.
Don’t forget to share the post with all of your friends!