Hack WiFi

Using The Aircrack-ng Suite

Aircrack-ng Suite

The Aircrack-ng suite is a collection of wireless network security tools designed for auditing and testing the security of Wi-Fi networks.

It is widely used by security professionals and network administrators to assess the vulnerability of wireless networks and to perform penetration testing.

The suite includes several individual tools that serve different purposes:

  1. Airodump-ng: Airodump-ng is a packet capture tool used for capturing and analyzing wireless network packets. It allows you to monitor nearby Wi-Fi networks, capture packets, and obtain important information such as MAC addresses, signal strength, channel, and encryption type.
  2. Aireplay-ng: Aireplay-ng is a tool used for injecting and replaying network packets. It supports various types of attacks, such as deauthentication attacks, ARP request replay attacks, and fragmentation attacks. These attacks can be used to test the security of wireless networks and to perform various exploits.
  3. Airmon-ng: Airmon-ng is a script used for managing wireless network interfaces. It allows you to enable and disable monitor mode on wireless interfaces, which is essential for capturing and analyzing network packets.
  4. Aircrack-ng: Aircrack-ng is the primary tool in the suite used for cracking WEP and WPA/WPA2 encryption keys. It uses captured packets and various techniques to recover the encryption keys, allowing authorized access to a Wi-Fi network.

Aircrack-ng Commands


Option Description
--channel, -c Specify the channel to capture packets from.
--bssid, -b Filter results based on the BSSID (MAC address) of the target network.
--output-format, -o Specify the output file format for captured data (e.g., pcap, csv).
--write, -w Write captured packets to a file.
--encrypt, -e Filter results based on the encryption type of the target network.
--manufacturer, -M Display manufacturer information of connected clients.


Option Description
--deauth, -0 Send deauthentication packets to a client or access point.
--fakeauth, -1 Perform fake authentication with an access point.
--arpreplay, -3 Perform an ARP request replay attack.
--fragment, -5 Perform a fragmentation attack on WEP encryption.
--interactive, -I Run in interactive mode, allowing manual selection of attacks.
--ignore-negative-one, -O Ignore the use of negative one (-1) as a special value.


Option Description
--b, -b Specify the BSSID (MAC address) of the target network.
--w, -w Specify the wordlist file for password cracking.
--e, -e Specify the ESSID (name) of the target network.
--k, -k Specify the key index for WEP cracking.
--split, -s Split output files based on ESSID for WPA cracking.
--ignore-negative-one, -O Ignore the use of negative one (-1) as a special value.

This tutorial covers wifi hacking by obtaining a WPA handshake.

The 4-way WPA handshake is a crucial step in establishing a secure connection between a client device and a wireless access point (AP).

It is used in WPA and WPA2 (Wi-Fi Protected Access) security protocols to authenticate and encrypt communication between the client and the AP.

The handshake involves four messages exchanged between the client and the AP:

  1. Message 1: The AP sends a nonce (random number) to the client.
  2. Message 2: The client combines the AP's nonce with its own nonce, generates an encryption key, and sends it back to the AP in an encrypted form.
  3. Message 3: The AP confirms the encryption key and sends its own nonce to the client to verify the connection.
  4. Message 4: The client acknowledges the AP's nonce, establishing a secure connection with the AP.

Starting The Attack

Aircrack-ng is a security auditing tool for Wifi. Aircrack-ng comes pre-installed on Kali Linux. On linux systems you can install it by using this command:

To begin the attack you have to check if there are any processes that may interfere with the process.

This command is done to check for any running processes that may interfere and shuts them down

Now you must put your wifi adapter into monitor mode

This can be done in two ways, here we will just cover the Aircrack-ng suite method

To put you adapter into monitor mode:

You wireless interface may be called something else like wlan1

Now that you are in monitor mode you are ready to scan the airwaves and find the wifi network that you want to hack!

To scan the air type this command:

There are other options that you can use with airodump-ng. You can get manufacturer information, WPS details, target a specific network, even GPS location. The most important option is the '-w' option. This option is to write details to a file such as the WPA handshake that we will use to crack the password later. Other options include

Now you should be looking at a list of wifi networks available. It is possible to capture a WPA handshake by monitoring all the networks but that will take a lot of time. Targeting a specific network is the best way, to do this:

You are now monitoring one network. You can wait until somebody authenticates themselves into the network, but that could take a while. De-authenticating a device is the most efficient way to do this. When a device authenticates into the network is when the WPA handshake can be obtained. Devices on the network will be shown under the 'stations' column, if none show you can do a fake authentication into the network to be able to get more data, do that by doing this:

Now pick a device and de-authenticate them:

Now when the device re-authenticates into the network we should have the WPA handshake

We can now use aircrack-ng to crack the password by comparing a list of passwords against the handshake to find the correct password

Wait and watch for results. The password has to be in your wordlist for this to work. results depend on the password complexity

Watch Our YouTube Video On How To Hack WiFi

We use cookies to improve your experience. By using our site, you agree to our Privacy Policy.