The following steps demonstrate the Aircrack:
- We type the airmon-ng command to check whether our card has been detected by Kali:
- Next, we need to set our adapter to the monitor mode by using the following command:
airmon-ng start wlan0mon
The following screenshot shows the output of the preceding command:
- Now in order to see what routers are running in the neighborhood, we use the following command:
airodump-ng wlan0mon
The following screenshot shows the output of the preceding command:
- Here, we note the BSSID of the network we want to crack; in our case, it's B8:C1:A2:07:BC:F1 and the channel number is 9. We stop the process by pressing Ctrl + C and leave the window open.
- Now we capture the packets using airodump-ng with the -w switch to write these packets to a file:
airodump-ng -w packets -c 9 --bssid B8:C1:A2:07:BC:F1 wlan0mon
The following screenshot shows the output of the preceding command:
- Now we need to watch the beacons and data column; these numbers start from 0 and increase as the packets are passed between the router and other devices. We need at least 20,000 initialization vectors to successfully crack the Wired Equivalent Privacy (WEP) password:
- To speed the process, we open another Terminal window and run aireplay-ng and perform a fake authentication using this command:
aireplay-ng -1 0 -e <AP ESSID> -a <AP MAC> -h <OUR MAC> wlan0mon
{fake authentication}
The following screenshot shows an example of the preceding command:
- Now let's do the ARP packet replay using the following command:
aireplay-ng -3 -b BSSID wlan0mon
The following screenshot shows an example of the preceding command:
- Once we have enough packets, we start aircrack-ng and provide the filename where we saved the packets:
aircrack-ng filename.cap
The following screenshot shows an example of the preceding command:
- Once cracked, we should see the password on screen:
