How to use the command aircrack-ng (with examples)

How to use the command aircrack-ng (with examples)

Aircrack-ng is a command-line tool that is part of the Aircrack-ng network software suite. It is used to crack WEP and WPA/WPA2 keys from captured packets in order to test the security of wireless networks. The command allows you to provide a wordlist to try different passwords and also gives you the option to specify the access point’s ESSID or MAC address.

Use case 1: Crack key from capture file using wordlist

Code:

aircrack-ng -w path/to/wordlist.txt path/to/capture.cap

Motivation: This use case is helpful when you have captured packets from a wireless network and want to crack the key using a wordlist. By providing the path to the wordlist file and the path to the capture file, Aircrack-ng will attempt to find the correct key.

Explanation:

  • -w path/to/wordlist.txt: This argument specifies the path to the wordlist file. The wordlist is a file that contains a list of possible passwords that will be used to try to crack the key.
  • path/to/capture.cap: This argument specifies the path to the capture file. The capture file contains the captured packets from the wireless network, including the handshake that is needed to crack the key.

Example output:

Opening path/to/capture.cap
Read 5000 packets.

   #  BSSID             ESSID                     Encryption

   1  00:11:22:33:44:55  MyNetwork                 WPA (1 handshake)

Choosing first network as target.

Opening path/to/wordlist.txt

Read 5000 passwords from path/to/wordlist.txt

     KEY FOUND! [ password123 ]

Time left: 00:01:23 100%                       (3.32 k/s)  
      
           Current             Target

             ssid:  MyNetwork
             bssid:  00:11:22:33:44:55
  key ascii: [ password123 ]  

Use case 2: Crack key from capture file using wordlist and the access point’s ESSID

Code:

aircrack-ng -w path/to/wordlist.txt -e essid path/to/capture.cap

Motivation: Sometimes, there might be multiple wireless networks in the capture file, and you may want to crack the key for a specific network. By specifying the access point’s ESSID, Aircrack-ng can focus on cracking the key for that particular network.

Explanation:

  • -w path/to/wordlist.txt: Same as in the previous use case, this argument specifies the path to the wordlist file.
  • -e essid: This argument specifies the access point’s ESSID (Extended Service Set Identifier), which is the name of the wireless network you want to crack the key for.
  • path/to/capture.cap: Same as in the previous use case, this argument specifies the path to the capture file.

Example output:

Opening path/to/capture.cap
Read 5000 packets.

   #  BSSID             ESSID                     Encryption

   1  00:11:22:33:44:55  MyNetwork                 WPA (1 handshake)
   2  AA:BB:CC:DD:EE:FF  AnotherNetwork            WPA (1 handshake)

Choosing first network as target.

Opening path/to/wordlist.txt

Read 5000 passwords from path/to/wordlist.txt

     KEY FOUND! [ password123 ]

Time left: 00:01:23 100%                       (3.32 k/s)  
      
           Current             Target

             ssid:  MyNetwork
             bssid:  00:11:22:33:44:55
  key ascii: [ password123 ]  

Use case 3: Crack key from capture file using wordlist and the access point’s MAC address

Code:

aircrack-ng -w path/to/wordlist.txt --bssid mac path/to/capture.cap

Motivation: Similar to the previous use case, if there are multiple networks in the capture file, you can specify the access point’s MAC address to crack the key for a particular network. This can be useful when the ESSID may not be unique or if you want to target a specific network by its MAC address.

Explanation:

  • -w path/to/wordlist.txt: Same as in the previous use cases, this argument specifies the path to the wordlist file.
  • --bssid mac: This argument specifies the access point’s MAC address. MAC address (Media Access Control address) is a unique identifier assigned to network interfaces.
  • path/to/capture.cap: Same as in the previous use cases, this argument specifies the path to the capture file.

Example output:

Opening path/to/capture.cap
Read 5000 packets.

   #  BSSID             ESSID                     Encryption

   1  00:11:22:33:44:55  MyNetwork                 WPA (1 handshake)
   2  AA:BB:CC:DD:EE:FF  AnotherNetwork            WPA (1 handshake)

Choosing second network as target.

Opening path/to/wordlist.txt

Read 5000 passwords from path/to/wordlist.txt

     KEY FOUND! [ password123 ]

Time left: 00:01:23 100%                       (3.32 k/s)  
      
           Current             Target

             ssid:  AnotherNetwork
             bssid:  AA:BB:CC:DD:EE:FF
  key ascii: [ password123 ]  

Conclusion:

The command aircrack-ng is a versatile tool for cracking WEP and WPA/WPA2 keys from captured packets. By providing a wordlist and optionally specifying the access point’s ESSID or MAC address, you can target specific networks and increase the chances of successfully cracking the key. This command is essential for network security professionals and enthusiasts who want to test the security of wireless networks.

Related Posts

How to use the command 'git ls-remote' (with examples)

How to use the command 'git ls-remote' (with examples)

Git command for listing references in a remote repository based on name or URL.

Read More
How to use the command caffeinate (with examples)

How to use the command caffeinate (with examples)

Caffeinate is a command-line utility on macOS that can be used to prevent the desktop from sleeping.

Read More
How to use the command nim (with examples)

How to use the command nim (with examples)

The Nim compiler is a powerful tool used for processing, compiling, and linking Nim language source files.

Read More