Select Page

Introduction-to-aircrack-ng-rootsh3ll

 

Introduction to Aircrack-ng Suite of Tools

Hello friends,

This is the First part of Chapter 3 from the “Rootsh3ll WiFi Security and Pentesting Series”. In case you missed the series you can start following here.

In Chapter 2, We will cover:

  • Introduction to Aircrack-ng Suite of tools
  • Introduction to Wireshark
  • WEP cracking using Aircrack-ng
  • WPA/WPA2 Personal cracking using Aircrack-ng
  • WPS cracking

As every topic above is crucial to understand, This chapter will have a dedicated post on each topic. Hence, the first part(out of 5) will cover the “Introduction to Aircrack-ng Suite of tools

This article is an excerpt from my WiFi Penetration testing and Security eBook for aspiring WiFi hackers and Wireless security enthusiasts. Click here to learn more

Lets begin!

When we begin and expertise in wireless hacking, some helpful tools are always with the Hacker, Aircrack-ng suite of tools

What is Aircrack-ng ?

Aircrack-ng is a suite of tools use by beginners and experts for Wireless sniffing, cracking and creating rogue AP’s.

Conventional definition goes like :

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured

Aircrack-ng suite include tools like:

  • Airmon-ng
  • Airodump-ng
  • Airbase-ng
  • Aireplay-ng
  • Airolib-ng
  • Aircrack-ng
  • and lots more

We will discuss about the tools above, as they are most frequently used tools and used in almost every Wireless Pentest.

Aircrack-ng comes for Linux, Mac, and Windows and comes pre-installed in Kali Linux. We can manually install Aircrack-ng on Linux, Mac or Windows.

Download Aircrack-ng

Latest version of Aircrack-ng can be downloaded from its official site, Aircrack-ng.org

For Linux and Mac, it can be installed from source code, and

For Windows, Aircrack-ng provides pre-compiled binaries. You can download the zip here

Install Aircrack-ng

In Windows, Aircrack-ng comes in a download-and-execute pre-compiled binary package.

Installing on Windows:

  • Unzip aircrack-ng*.zip (aircrack-ng-1.2-rc2-win.zip, as latest version)
  • Start using

Here is complete tutorial on installing on windows

There are 2 ways of installing Aircrack-ng in Linux:

  1. Using terminal
  2. Using source-code

We will take an example of

Installing Aircrack-ng on Ubuntu

From Terminal:

sudo apt-get install aircrack-ng -y

apt-get is the package installer in Ubuntu.

different distributions have different package installers.

example,

For Red Hat: yum

Arch Linux: pacman

Debian(Kali Linux): apt-get, or aptitude

to install in your distribution type the above command just replace apt-get with your package installer.

 

From Source code:

Installing aircrack-ng from source code on any distribution is quite the same, because the code is written in C language and the C compiler on the system automatically compiles the code for the installed operating system.

Lets see how to install from source code,

Open Terminal and type:

cd Desktop
wget http://download.aircrack-ng.org/aircrack-ng-1.2-rc2.tar.gz

Here, we changed the directory to Desktop. and downloaded the source code using wget command.

tar zxvf aircrack-ng*.tar.gz

Extracted the downloaded tar.gz file using tar command

make sqlite=true
make sqlite=true install

Why we are using sqlite=true is to add Airolib-ng support in the Aircrack-ng. We well see the use of Airolib-ng for Boosting WPA2 cracking speed in upcoming chapters.

For installing on Mac OS X you can click here

 

Now lets start using the aircrack-ng suite of tools

1. Make sure your wireless card is connected. Then open Terminal.

2. Type ifconfig and check your wireless interface, wlan3 in my case and we will be using wlan3 in the tutorial

root@rs:~# ifconfig wlan3
wlan3     Link encap:Ethernet  HWaddr 00:c0:ca:3b:34:b6  
          inet addr:192.168.1.101  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::2c0:caff:fe5a:34b6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:37 errors:0 dropped:0 overruns:0 frame:0
          TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4437 (4.3 KiB)  TX bytes:3506 (3.4 KiB)
root@rs:~#

 

If you type iwconfig wlan3 you should get something like this:

root@rs:~# iwconfig wlan3
wlan3     IEEE 802.11bgn  ESSID:"rootsh3ll"  
          Mode:Managed  Frequency:2.462 GHz  Access Point: FF:DD:32:08:6D:C2   

<--------------------------SNIP-------------------------->

You can see Mode:Managed,  now

What is managed mode ?

By default our wireless card works on Managed mode i.e it will only accept the traffic from the Access point it is associated(connected) to.

And for Wireless sniffing our card has to be in monitor mode so that it can receive traffic from any Wireless network without associating with it.

Here comes the first tool of Aircrack-ng suite of tools.

Airmon-ng

This tools is used to put the wireless card from Managed to Monitor mode and Vice-versa. Lets see how to put wireless card into monitor mode.

Put card into Monitor mode:

root@rs:~# airmon-ng start wlan3

It will create an interface with name mon0, check using ifconfig.

Put card into Managed mode:

root@rs:~# airmon-ng stop mon0

Here mon0 can be replaced by mon1, mon2, etc if multiple monitor interfaces are running..

Now we need to start sniffing the air. It can be done using

Airodump-ng

Airodump-ng allows us to

  • Sniff the air using mon0 interface
  • Dumping the captured packets into a “.cap” file, and
  • Lots of INFORMATION !!!

Lets start airodump-ng

root@rs:~# airodump-ng mon0

This is the basic command to run airodump-ng on mon0 interface.

It will show an out put screen like this:

CH  4 ][ Elapsed: 24 s ][ 2015-08-08 00:45                                         
                                                                                                                          
 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
                                                                                                                          
 D8:55:A3:B1:8B:FF  -40       11       18    0   6  54e  WPA2 CCMP   PSK  akku                                            
 FC:DD:32:08:6D:C2  -67       13       80    0  11  54e  WPA2 CCMP   PSK  rootsh3ll                                        
 80:D0:9B:DE:15:EE  -74        2        0    0   1  54e  WPA2 CCMP   PSK  You have been warned                            
                                                                                                                          
 BSSID              STATION            PWR   Rate    Lost    Frames  Probe                                                
                                                                                                                           
 D8:55:A3:B1:8B:FF  34:31:11:63:CE:96  -74    5e- 5e     0       19                                                        
 FC:DD:32:08:6D:C2  00:C0:CA:3b:34:B6    0    0e- 1      0      272  rootsh3ll                                             
 FC:DD:55:08:6D:C2  30:A8:DB:C6:88:13  -127    0e- 0e    10       81                                                        

root@rs:~# 

We will cover the important information from the above output.

Line 1:

CH 4: Channel on which our card is currently scanning.

NOTE: As Wireless card is a type of radio, it can work on one channel at a time. You will see the Channel no. changing very frequently, this is called Time Division Multiplexing.

others are time elapsed and current Date-Time.

Line 3:

BSSID(Basic Service Set IDentifier) : MAC address of the Access point.

PWR: Signal strength of the incoming network, SI unit is dBm, greater the value in negative, weaker the signal strength.

ENC: Encryption type. can be Open, WEP, WPA/WPA2

ESSID: Access point name

Line 10:

Station: Client that is associated with the corresponding BSSID

Probe: Request sent by the Client for the Access point it was previously connected to. “rootsh3ll” in this case, see Line 13.

Press CTRL-C to stop scanning.

Data packets can be captured and saved into file using -w option with airodump-ng. Example

root@rs:~# airodump-ng mon0 -w test_data_capture

Press ^C to quit and Type ls test_data_capture*

root@rs:~# ls test_data_capture-01.*
test_data_capture-01.cap  test_data_capture-01.csv  test_data_capture-01.kismet.csv  test_data_capture-01.kismet.netxml

Here airodump-ng has saved the output in .cap, .csv and .netxml format for different use.
We will use .cap file for our cracking process in this series.

Above steps has to be followed in every Pentest we will do. We will see the use of remaining tools

 

  • Airbase-ng
  • Aireplay-ng
  • Airolib-ng
  • Aircrack-ng

 

in upcoming chapters accordingly.

Conclusion

We learned to install aircrack-ng on Linux and windows systems. Putting wireless card on monitor mode and scanning the air and saving the information to a file for future use. as it will be used in WEP and WPA/WPA2 cracking.

Useful Links:

Router:

TP-LINK TL-MR3420 300 MB/s Wireless Router 2x 5dBi antennas

Network Adapters:

Alfa AWUSO36NH High Gain B/G/N USB / Alfa AWUS036NHA B/G/N USB

High Gain Antenna:

Alfa 9dBi WiFi Omni-Directional High-Gain Antenna

USB Drive (32 GB):

SanDisk Ultra Fit  USB 3.0  32GB Pen Drive (International)

SanDisk Ultra USB 3.0 32 GB Pen Drive (India Only)

 

Any question ? Let me know, I will be glad to know and answer all your queries in the comments.

Don’t forget to share the post with all of your friends!