Welcome to HBH V2 ! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

WiFi - Part 3, Aircrack-ng

WiFi - Part 3, Aircrack-ng

By tuXthEhxR avatartuXthEhxR | 14443 Reads |
0     0

WiFi – Part 3, Aircrack-ng

written by TuXtheHxR

Aircrack-ng Suite

This is the suite of tools that we will be using throughout this tutorial. It is important that you familiarize yourself with which tools do what. These tools allow a user to analyze WiFi in just about any way. Below is the name of each tool we will use, and a summary of what they are used for.

I was going to write the syntax and popular options for each, but I felt that should wait until later; to prevent people from running off and attempting to destroy their neighbor’s computer. If you learn to ‘hack’ in 30 minutes, you will have no respect for what you are doing; but if you combine hard work and patience, you will have a new found respect for it. A hacker with no respect, is a hacker that will soon implode.

Another thing that you should realize is that Aircrack-ng is just a group of BASH scripts. They are located in the /usr/sbin directory, and I would suggest looking at the source code to really understand what they do, and how they do it.


Airmon-ng This is the tool that allows you to enable monitor mode on a particular wireless interface. It can also deactivate the monitor mode on a particular wireless card. Another nice option is that it can list, and kill, any process that may interfere with it.

Airodump-ng This is the tool that does all the packet capturing. When you first start it up, it will display a screen of all found wireless devices around you. The top portion displays the wireless access points it has found, and the bottom portion displays the wireless clients it has found. It will not display any of the packets that it has captured, but it will give indicators to what has been captured and what hasn’t.

Aircrack-ng This is the name of the suite, and it is also a tool in the suite. This is the tool that will crack different types of keys. There are also a variety of different ways that it will crack keys. It uses different algorithmic attack for WEP keys, based off of the PTW method and the FMS/KoreK method. For WPA and WPA2 keys, it offers a dictionary based attack; this attack is only as good as your dictionary.

Airbase-ng This is a tool used for most of the advanced attacks. It aims to target the client, rather then the AP. It allows you to spoof a soft AP, and let the clients come to you to be attacked. It should be noted that this tool creates an interface, at#, that can be used to encrypt or decrypt packets. It can also be bridged to relay packets, to perform a man in the middle attack.

Airdecap-ng This is a tool that is used to decrypt captured packets, once the key has been identified. It is also used to strip the header off of wireless packets, creating a file called [name]dec.cap, that contains these packets.

Airdecloak-ng This is a tool that can prevent WEP cracking. It is used to strip out wireless headers, and replace them with other text. When this is done prior to distributing WEP packets, none of the Aircrack-ng suite of tools will be able to decipher the WEP key; besides a brute-force or dictionary based attack. Doubt that we will cover the use of this tool, but it should be acknowledged that it’s there.

Aireplay-ng This is a tool that is mainly used as a packet injector. Although the main use it to cause an escalation in WiFi traffic, it can also be used to shut down someone’s WiFi. It is able to send mass de-authentication packets, mainly for the purpose of obtaining a WPA or WPA2 handshake; but can also be used as a type of WiFi jammer. It can send a ton of different types of packets, and is a very powerful tool.

Airserv-ng This is a tool that basically creates a type of server for you wireless card. The only real use for this is so that each wireless application will not need to load up your wireless card themselves; instead just go through the server.

Airtun-ng This tool is basically used to create a type of intrusion detection system on your wireless network. It creates a virtual tunnel, and allows all traffic to be monitored and passed to a system like SNORT. It also has the ability to inject packets itself.

Easside-ng This is a tool that is able to circumvent WEP encryption without ever deciphering the key itself. It is used along side of a tool called Buddy-ng. This utilizes a server on the Internet, and takes advantage of the fact that the router decrypts data before sending it out on the Internet; where Buddy-ng will intercept it.

Wesside-ng This tool is the ultimate WEP cracking tool. It pretty much automates the entire process, from channel hopping, to locating an AP, to injecting packets, to sniffing ARP requests, and finally to cracking the WEP key itself. It almost takes the fun out of WiFi hacking…


Debian Based System (Ubuntu) apt-get install aircrack-ng

Fedora Based System yum install aircrack-ng

That’s all I got, or want to write, on Aircrack-ng, much more to come. Please leave behind comments on these tutorials. That way I can improve them as I go.

TuX out

oJAIMEo's avatar
oJAIMEo 10 years ago

when we the next segment be up?

P.S. I love this stuff, all the other stuff you find around the web is just " HOW TO CRACK WEP KEY IN 5MINUETS" this is understanding what you are doing and what is happening.:D

ellipsis's avatar
ellipsis 10 years ago

I'm the 666th reader.

Firebolt's avatar
Firebolt 10 years ago


hc1984's avatar
hc1984 10 years ago

:p very well written More please :D

gunniz's avatar
gunniz 10 years ago

Big fan of this guide :ninja:

This article is well written.

maxgonemad's avatar
maxgonemad 10 years ago

Just a heads up for everyone with ubuntu: they took aircrack-ng out of their repositories so you can't apt-get install aircrack-ng anymore. Here's a good guide on how to install it: