How to use the command aircrack-ng (with examples)
Aircrack-ng is a command-line tool that is part of the Aircrack-ng network software suite. It is used to crack WEP and WPA/WPA2 keys from captured packets in order to test the security of wireless networks. The command allows you to provide a wordlist to try different passwords and also gives you the option to specify the access point’s ESSID or MAC address.
Use case 1: Crack key from capture file using wordlist
Code:
aircrack-ng -w path/to/wordlist.txt path/to/capture.cap
Motivation: This use case is helpful when you have captured packets from a wireless network and want to crack the key using a wordlist. By providing the path to the wordlist file and the path to the capture file, Aircrack-ng will attempt to find the correct key.
Explanation:
-w path/to/wordlist.txt
: This argument specifies the path to the wordlist file. The wordlist is a file that contains a list of possible passwords that will be used to try to crack the key.path/to/capture.cap
: This argument specifies the path to the capture file. The capture file contains the captured packets from the wireless network, including the handshake that is needed to crack the key.
Example output:
Opening path/to/capture.cap
Read 5000 packets.
# BSSID ESSID Encryption
1 00:11:22:33:44:55 MyNetwork WPA (1 handshake)
Choosing first network as target.
Opening path/to/wordlist.txt
Read 5000 passwords from path/to/wordlist.txt
KEY FOUND! [ password123 ]
Time left: 00:01:23 100% (3.32 k/s)
Current Target
ssid: MyNetwork
bssid: 00:11:22:33:44:55
key ascii: [ password123 ]
Use case 2: Crack key from capture file using wordlist and the access point’s ESSID
Code:
aircrack-ng -w path/to/wordlist.txt -e essid path/to/capture.cap
Motivation: Sometimes, there might be multiple wireless networks in the capture file, and you may want to crack the key for a specific network. By specifying the access point’s ESSID, Aircrack-ng can focus on cracking the key for that particular network.
Explanation:
-w path/to/wordlist.txt
: Same as in the previous use case, this argument specifies the path to the wordlist file.-e essid
: This argument specifies the access point’s ESSID (Extended Service Set Identifier), which is the name of the wireless network you want to crack the key for.path/to/capture.cap
: Same as in the previous use case, this argument specifies the path to the capture file.
Example output:
Opening path/to/capture.cap
Read 5000 packets.
# BSSID ESSID Encryption
1 00:11:22:33:44:55 MyNetwork WPA (1 handshake)
2 AA:BB:CC:DD:EE:FF AnotherNetwork WPA (1 handshake)
Choosing first network as target.
Opening path/to/wordlist.txt
Read 5000 passwords from path/to/wordlist.txt
KEY FOUND! [ password123 ]
Time left: 00:01:23 100% (3.32 k/s)
Current Target
ssid: MyNetwork
bssid: 00:11:22:33:44:55
key ascii: [ password123 ]
Use case 3: Crack key from capture file using wordlist and the access point’s MAC address
Code:
aircrack-ng -w path/to/wordlist.txt --bssid mac path/to/capture.cap
Motivation: Similar to the previous use case, if there are multiple networks in the capture file, you can specify the access point’s MAC address to crack the key for a particular network. This can be useful when the ESSID may not be unique or if you want to target a specific network by its MAC address.
Explanation:
-w path/to/wordlist.txt
: Same as in the previous use cases, this argument specifies the path to the wordlist file.--bssid mac
: This argument specifies the access point’s MAC address. MAC address (Media Access Control address) is a unique identifier assigned to network interfaces.path/to/capture.cap
: Same as in the previous use cases, this argument specifies the path to the capture file.
Example output:
Opening path/to/capture.cap
Read 5000 packets.
# BSSID ESSID Encryption
1 00:11:22:33:44:55 MyNetwork WPA (1 handshake)
2 AA:BB:CC:DD:EE:FF AnotherNetwork WPA (1 handshake)
Choosing second network as target.
Opening path/to/wordlist.txt
Read 5000 passwords from path/to/wordlist.txt
KEY FOUND! [ password123 ]
Time left: 00:01:23 100% (3.32 k/s)
Current Target
ssid: AnotherNetwork
bssid: AA:BB:CC:DD:EE:FF
key ascii: [ password123 ]
Conclusion:
The command aircrack-ng
is a versatile tool for cracking WEP and WPA/WPA2 keys from captured packets. By providing a wordlist and optionally specifying the access point’s ESSID or MAC address, you can target specific networks and increase the chances of successfully cracking the key. This command is essential for network security professionals and enthusiasts who want to test the security of wireless networks.