Monday, August 5, 2013

Wifi Hacking - WEP - Kali Linux Aircrack-ng suite

Alright, this post is written assuming you have Kali Linux up and running on your computer. If not, here is a post on hacking with kali linux. It will tell you about what Kali Linux is, and how to use it. It will guide you through installation process.
So if you are still following, then just follow these simple steps-

Firstly, create a wireless network to crack. Don't use this method on others. It is illegal. Then proceed with the steps below.


1. Find out the name of your wireless adapter.

Alright, now, your computer has many network adapters, so to scan one, you need to know its name. So there are basically the following things that you need to know-
  • lo - loopback. Not important currently.
  • eth - ethernet
  • wlan - This is what we want. Note the suffix associated.
Now, to see all the adapters, type ifconfig on a terminal. See the result. Note down the wlan(0/1/2) adapter.




2. Enable Monitor mode

Now, we use a tool called airmon-ng to  create a virtual interface called mon. Just type 
airmon-ng start wlan0
 Your monitoring interface will be created - mon0 in case of Kali 1.x, wlan0mon in all other cases. 



3. Start capturing packets

Now, we'll use airodump-ng to capture the packets in the air. This tool gathers data from the wireless packets in the air. You'll see the name of the wifi you want to hack. For kali 2.0 or rolling, replace mon0 with wlan0mon
airodump-ng mon0


4. Store the captured packets in a file 

This can be achieved by giving some more parameters with the airodump command. For Kali 2.0 or rolling, replace mon0 with wlan0mon.
airodump-ng mon0 --write name_of_file

Now the captured packets will be stored in name_of_file.cap

You will have to wait till you have enough data (10000 minimum)
PS: Don't wait too long for this step though. Just understand how the procedure works (including the next sections), and once you are convinced you know what you are doing, proceed to the next tutorial where we use ARP replay to speed up the rate at which we gets packets. Using ARP request replay, we can get 10k packets in a few minutes.



5. Crack the wifi

If all goes well ,then you'll be sitting in front of your pc, grinning, finally you've got 10000 packets (don't stop the packet capture yet). Now, you can use aircrack-ng to crack the password. (in a new terminal)
aircrack-ng name_of_file-01.cap 
The program will ask which wifi to crack, if there are multiple available. Choose the wifi. It'll do its job. If the password is weak enough, then you'll get it in front of you. If not, the program will tell you to get more packets. The program will retry again when there are 15000 packets, and so on.

You'll get the key, probably in this format-
xx:xx:xx:xx:xx
Remove the colons
xxxxxxxxxx is the password of the wireless network

Issues?

Try this-
ifconfig wlan0 up
ifconfig wlan0 down
airmon-ng check kill
rfkill unblock all
Or this- (from Sebastian's comment below)

With the new version, the monitor is wlan0mon, and the monitor isn't working.
A solution is the commands:
ifconfig wlan0mon down
iwconfig wlan0mon mode monitor
ifconfig wlan0mon up

Source: http://stackoverflow.com/questions/32025472/airodump-ng-wlan0mon-doesnt-work

Disconnected from internet (wifi)?

Again, replace mon0 with wlan0mon for Kali 2.0 or rolling.
airmon-ng stop mon0
This is usually sufficient. If wlan0 is not up (check ifconfig or iwconfig), then do this (if you don't know what to do, then do this anyway)-
ifconfig wlan0 up
 If wifi still doesn't start, try this too
service network-manager restart

Want to try an easier method?

Use wifite, just one command required

For WPA/WPA-2

Hacking wpa/wpa-2 wps with reaver on kali linux

For Troubleshooting

The missing ingredient

This attack taking too long? Ready to go further?

Speed up WEP hacking with ARP replay attack

WPA hacking sucks? There's an alternate way to go about it

Hacking WPA/WPA-2 without dictionary/bruteforce : Fluxion

93 comments:

  1. "Alright, this post is written assuming you have Kali Linux up and running on your computer. If this is the case, then you are going to kiss some ass". Kiss some ass? Really?

    ReplyDelete
    Replies
    1. Thanks for the heads up Marshall. Mistake found and corrected.

      Delete
    2. i need help buying an external wireless card for vm. i have a mac and its on yosemite 10.10. i cant find any that will work with my operating system do you have any suggestions on what external card to get.

      Delete
    3. just dual boot faster, better stronger!!!

      be warnend if you use a virtual machine you have a fail safe if you mess up.
      if you dual boot and you mess up, you can destroy your computer.
      But don't be afraid, this olmost never happens if you don't start to type random shit
      in the terminal.

      Delete
    4. bagus skali, semuanya di jabarkan dengan gambar, saya juga punya tutorial tentang aircrack, tapi untuk memotong koneksi semua user, coba lihat di sini http://linkshrink.net/7i25cC

      Delete
    5. How do you create a wireless network to crack?

      Delete
    6. When I execute that command: airmon-ng check kill my internet crashes and I have to reboot the system. How to fix that problem?

      Delete
  2. i couldn't find any wlan when i write ifconfig in terminal

    ReplyDelete
    Replies
    1. I had the same problem when I did ifconfig. I know I disconnected from my home wifi so I can test it's security. I have SSID broadcasting turned off, but I figured that wouldn't matter since it is looking for any wireless signal. Maybe I am wrong. Am I missing something or is my SSID the issue?

      Delete
    2. Are you on virtual machine? Are you using external wireless adapter or laptop's internal wireless adapter? There can be many reasons why wlan doesn't show up.

      Delete
    3. I am both using Kali on virtualbox and i'm on my laptop using it's wireless adapter. So, if that is the issue, maybe I should partition my hard drive and install Kali on the partition? Or would that be unnecessary?

      Delete
    4. This worked for me:
      https://www.youtube.com/watch?v=tkDaK8589KY

      I had the same problem, I have a virtual machine using vmware, where I'm using my laptops internal network adapter and no wlan0 og wlan1 showed up in ifconfig and nothing showed up when I did airmon-ng. But following this video fixed it immediately for me.... good luck

      Delete
    5. Don't listen to those above, i spent hours finding a solution online.
      But it's so simple!

      REINSTALL KALI v2.0 , they fixed this bug.

      Delete
  3. How long should it take to get 10000 data, i've waited for an hour an only got 100, is that ok?

    ReplyDelete
  4. I've never faced this problem in Kali. In BT5 I faced this issue. 'rfkill unblock all' solved the problem. Also, does airmodump-ng mon0 also give the message : Operation not possible due to RF-kill??

    ReplyDelete
  5. How do I see how many data packets have been captured?i mean whta on the screen tells you that?

    ReplyDelete
  6. whenever i try to use aireplay-ng, with the options, always fail saying that mon0 is in channel -1 and the target is in other channel. How can i fixed this? i looked a lot for a real answer but nobody know what is this.

    ReplyDelete
    Replies
    1. Shashwat, thanks for these tutorials and for replying in depth like this.
      This is easily the best tutorial I sight I have seen for this.

      Delete
  7. No question, Just wanted to thank you :) you rock!

    ReplyDelete
  8. I got to step 3 and this happened...

    root@kali:~# airodump-ng mon0
    Interface mon0:
    ioctl(SIOCGIFINDEX) failed: No such device

    Also, when I type ifconfig there is no wlan showing up.

    ReplyDelete
    Replies
    1. Are you using a virtual machine. They do not support internal card, so you'll have to you Kali from live USB or buy external wireless card.

      Delete
    2. Hey man do you use VM ware or Virtual box ?
      Virtual machines will NEVER use your INTERN wireless card.

      If you want to use Kali in a VM, you gonna need a wired connection or a wireless usb adapter or so. ( pretty cheap these days, 15 USD and you're good to go)

      But i recommend to dual boot windows with kali.
      JUST MAKE SURE YOU HAVE KALI 2.0
      There are know "Bugs" with the wireless cards but kali 2.0 has fixed the most of them.
      sow go ahead and buy yourself an external wireless card or just dual boot!

      peace

      Delete
  9. As in case when no data is recieving from the network, and a message comes "aircrack is quitting because no data is recieving from the network" what should i do ??

    ReplyDelete
  10. thanks for these!

    this is going to be my weekend project.

    ReplyDelete
    Replies
    1. Good luck and have a great weekend, complete with all sorts of wireless networks.

      Delete
  11. Please BrO give me ur phone no.

    ReplyDelete
  12. Enjoying the tutorials, having a problem though, whenever I try to crack my wifi with the packets captured file, it asks me to specify dictionary with -w. Tried searching but couldn't find an answer.


    the command I used was
    aircrack-ng packets-01.cap

    selected the ESSID I wanted

    the error it gave me was
    "please specify a dictionary (option -w)

    ReplyDelete
    Replies
    1. u should have a dictionary file to crack the wifi. after having the wordlist u can use the command :
      aircrack-ng name_of_file-01.cap -w name_of_wordlist.txt

      Delete
  13. My network is WEP, I configured it myself, shows up as WEP on wifite as well. But both times I try to crack it with Aircrack and Wifite it asks for a dictionary.

    ReplyDelete
  14. I had Kali Linux but the file was became too big so I had to delete it :(. Now I wanna downlaod it again but it doesn't work. Does anybody know how to download Kali Linux on USB and does that damage my computer? Plz add me on Skype: Coen.Couwenberg
    Thx

    ReplyDelete
    Replies
    1. It's safe but it gives you full power sow YOU can cause damage ^^
      You are in luck there's been a release of kali v2.0 big update.
      Just download the iso, use poweriso (google it) to make a bootable usb.

      Follow this link to dualboot kali-windows
      http://radixcode.com/how-to-dual-boot-kali-linux-and-windows-8-1-pro-2015/

      Delete


  15. Hello, I have large amount of csv file, which is generated by Airodump-ng. And now I have to filter lots of things like, Channels, Privacy, Signals, MAC Addresses etc... How would i do that? Actually I have used this online service which will provide me to filter all the things.
    I have also shared my sample file of csv, Please have a look, and let me know if you know any other sources for filtration process. Sample:- http://bit.ly/1Nbfgm6

    ReplyDelete
    Replies
    1. You can use wireshark for filtering, but it will need some knowledge of how to use filters in wireshark. You can look it up on the internet, I'm sure you'll find plenty of tutorials about wireshark.

      Delete
  16. root@kali:~# airmon-ng start wlan0


    Found 2 processes that could cause trouble.
    If airodump-ng, aireplay-ng or airtun-ng stops working after
    a short period of time, you may want to kill (some of) them!
    -e
    PID Name
    2026 dhclient
    2655 NetworkManager


    Interface Chipset Driver


    root@kali:~# airodump-ng mon0
    nl80211 not found.
    Interface mon0:
    ioctl(SIOCGIFINDEX) failed: No such device
    root@kali:~#


    I'm running this on a Dual processor... Why is it giving me an error?

    ReplyDelete
    Replies
    1. First of all make sure you have the latest version of kali installed! (v2.0!!!!!)
      This would probably fix your wireless driver.

      Use this command:
      airmon-ng check wlan0

      Next kill all the services, for your example:
      kill 2026
      kill 2655

      CHECK AGAIN sometimes killing one restarts the other one.

      Then go a head and use these commands("#"not a comand, details to help you):
      airmon-ng start wlan0
      # airMON-ng see this to ass mon of Monitor mode.
      airodump-ng wlan0
      # if i activate mon-mode it will show up as wlan0mon, go and check with the command "Ïfconfig"

      now you should be set to follow the rest.
      just make sure you use the correct interface :)

      Delete
  17. estou com um erro na linha 3 (airodump-ng mon0)

    erro:nl80211 not found.
    interface mon0:
    ioctl (siocgifindex) failed: no such device

    (desculpe pelos erro de dramatica GOOGLE TRADUTOR)

    ReplyDelete
    Replies
    1. your wireless card is not supported....refer here http://www.aircrack-ng.org/doku.php?id=compatible_cards and http://madwifi-project.org/wiki/Compatibility for wireless compatibility issues, if card is not compat get yourself an external wireless interface device check here http://www.aircrack-ng.org/doku.php?id=compatibility_drivers&DokuWiki=a8cbe99a5cf637319f17b8149a5418ab#which_is_the_best_card_to_buy good luck! Expect Us

      Delete
    2. Just Reinstall KALI VERSION 2.0

      EVERONE WITH WIRELESS PROBLEMS REINSTALL WITH V2.0
      https://www.kali.org/downloads/

      Delete
    3. Hi , I am using kali linux 2.0 and I am running it from my hard drive yet I am having the same issue as well. I tried the solutions given at the other comments yet none worked , so I am still seeing No Such Device.

      I will be glad if someone gives me a solution.

      Regards

      Delete
  18. Sir, Whenever i use to want to capture the network traffic by using airodump-ng mon0 , it is not at all capturing any data instead i have some access points surrounded! i research on it alot but didnt get yet a final answer! please give your valuable Reply ASAP! i am waiting

    ReplyDelete
    Replies
    1. Make sure you got the right interface.
      In my case it ain't mon0, it changes to wlan0mon.
      Do me a favor and follow these commands, i hope it helps (# not a command but details to help you!):

      Ifconfig
      #if your wlan0 isn't there reinstall kali with vs 2.0

      airmon-ng start wlan0

      ifconfig
      #search for the monitor mode interface, can be wlan0mon or mon0 or mon1 ......

      airmon-ng check wlan0
      # use command kill to end all services for example kill 2425

      airodump-ng mon0
      #change the mon0 with your interface

      follow the rest of the tutorial above.

      Delete
  19. Sir, Whenever i use to want to capture the network traffic by using airodump-ng mon0 , it is not at all capturing any data instead i have some access points surrounded! i research on it alot but didnt get yet a final answer! please give your valuable Reply ASAP! i am waiting

    ReplyDelete
  20. I have Kali on my cell phone will it alow me to do this?

    ReplyDelete
    Replies
    1. depends on the power of the phone and the password.
      WEP , probably, wpa or wpa-2 probably not unless
      you got a high end smarthphone (galaxy, oneplus, ...)

      Delete
  21. Hi, first of all, thanks you for your extraordinary work on this website. All is clear and nice.
    I jsut have one question about hacking WEP wifi : i tried on my own wifi, got arround 70.000 data, but i'm still not able to crack it : it tells me to try with more and more data each time.
    Is that normal ?

    (btw sorry if my english is bad, it's not my native language)

    ReplyDelete
    Replies
    1. WEP is very weak this should work, try a little longer, but aircrack-ng is one of the best ways to hack wep. Don't give up!

      Delete
  22. how much time it will take to complete data(10000)

    ReplyDelete
    Replies
    1. It depend, could be 20min or 48 hours, or less, or more.

      Delete
  23. give me mac latest version download link plz admin

    ReplyDelete
  24. A quick tip here... To instantly kill all processes that may cause issues. Type
    Airmon-ng check kill

    ReplyDelete
    Replies
    1. Then to be sure the processes are no longer there just type
      Airmon-ng check
      It will help u while cracking so u don't get errors.

      Delete
  25. With more than 10000 ivs the capture was decrypted by aircrack but it shows me the with 26 hex digits
    what should i do to find the ascii key to tape in password field

    ReplyDelete
    Replies
    1. Just remove the colons and that's it. The password field takes the hex password itself.

      Delete
  26. i have recently installed kali linux light 2.0. it installed successfully. but when i open the terminal and type airmon-ng it gives a message "Please install lsusb from your distro's package manager." i searched a lot but i cant get rid of this uncommon error. i need your help.

    ReplyDelete
    Replies
    1. This means all dependencies for airmon-ng aren't installed in Kali 2.0 light version. You need to install Isusb using apt-get, aptitude, or by compiling the source (or some other way). I suggest you do a install the complete version of Kali instead, that would be simpler, since this is not the last missing dependency issue you'll encounter.

      Delete
  27. WEP? really? Next going to talk about how to hack dialup?

    ReplyDelete
  28. sir i have dell wireless 1705 802.11 b/g/n adapter but this are not make a monitor mode so please give me soluation as you contact me:- kkyshimlatechguy@gmail.com

    ReplyDelete
  29. need help in gaining access/passwords to facebook, gmail, instagram, bbm, yahoomail, snapchat, twitter, hotmail, badoo, zoosk, various blogs, icloud, apple accounts etc. Password retrieval, breaching of bank accounts: (for local and international banks, block transfers, make transfers), clear debts, pay for bills at give a way rates, breach of web host servers, firewall breaches, application cracks, change of school grades, professional hacking into institutional servers, clearing of criminal records, mobile airtime recharge, keylogging, smartphone,tablet portable device hacks, pc hacks on any OS and ip tracking and genral tracking operations. contact EthicalWorldGroup via Matrixhackka007@gmail.com +1773 417-9906
    *Service available 24Hrs
    *Easy Reliable and Efficient
    *Charges Apply

    ReplyDelete
  30. Hey been trying this method, but im running Kali of one of my hard drives and using a wired connection so wlan0 doesnt show, is there a way to do this with a wired connection?

    ReplyDelete
    Replies
    1. airodump-ng eth0
      ioctl(SIOCSIWMODE) failed: Operation not supported

      ARP linktype is set to 1 (Ethernet) - expected ARPHRD_IEEE80211,
      ARPHRD_IEEE80211_FULL or ARPHRD_IEEE80211_PRISM instead. Make
      sure RFMON is enabled: run 'airmon-ng start eth0 <#>'
      Sysfs injection support was not found either.

      This is the error i get

      Delete
  31. I am using linux in android by using software Debian.
    Please tell me how to use airmon-ng command in this matter by using my cell phone's internal wifi adapter.
    Please help me.

    ReplyDelete
  32. i have a problem with my wireless, why no one wifi detected on my kali linux?
    please help me!!!

    ReplyDelete
  33. i have a problem with my wireless, why no one wifi detected on my kali linux?
    please help me!!!

    ReplyDelete
  34. i have a problem with my wireless, why no one wifi detected on my kali linux?
    please help me!!!

    ReplyDelete
  35. Hey man Just going to say great tutorial
    I faced a problem when I came to capturing the packets step it was because of currently using Kali-Linux 2.0 basically the error I had gotten when I typed
    airodump-ng mon0
    was that of device being busy , so I searched around Google and found a fix it was:
    ifconfig mon0 down
    iwconfig mon0 mode moniter
    ifconfig mon0 up
    and then placing the final code:
    airodump-ng mon0
    this seemed to work for me just wanted to get it out there for any of the 2.0 users

    ReplyDelete
  36. hi
    when i try to using aircrack-ng it's gev me

    choosing first network as target

    openig (name of netowrk).cap
    get now data packeg form target network

    ReplyDelete
  37. With the new version, the monitor is wlan0mon, and the monitor isn't working.
    A solution is the commands:
    ifconfig wlan0mon down
    iwconfig wlan0mon mode monitor
    ifconfig wlan0mon up

    Source: http://stackoverflow.com/questions/32025472/airodump-ng-wlan0mon-doesnt-work

    ReplyDelete
    Replies
    1. thx this fixed the monitoring issue for me.

      Delete
  38. when i open aircrack and i type the name_of_file-01.cap it says 'Please specify a dictionary (option -w)' what should i do then
    i have 13244 packets and every thing works fine until i get to that stage we i type 'aircrack-ng name_of_file-01.cap'
    and that line appear

    ReplyDelete
    Replies
    1. The wireless network you are trying to hack is WPA secured. This tutorial is valid for WEP.

      Delete
  39. i tried
    ~$ airmon-ng start wlan1
    the output:
    bash: airmon-ng: command not found

    i am using kali rolling
    any help here?

    ReplyDelete
  40. I unfortunately didn't run the write command until a few hours after I started capturing packets, I lost all that time didn't I?

    ReplyDelete
  41. Hi, i had some problems with the handshake, i figured it out tho, so as you guys probably know your network card sends package using 802.11g or 802.11n, if your card sends packages with 802.11g like mine, it wont get any handshakes with other devices that uses 802.11n, so if you want to get a handshake, you must either use a 802.11n card OR get something that has a 802.11 g or LOWER to connect to that network, so yh lol :D

    ReplyDelete
  42. I have a question. I'm trying to understand how exactly the airmon-ng and aircrack-ng tools work. I understand that it is illegal to crack a wifi password that is not your own using aircrack-ng. My question is this: when I run airmon-ng I am gathering (to my understanding) not only my own packets but packets from other nearby networks. Is the mere collection of these packets illegal or are there any legal implications in this? Additionally, are network administrators or security suites able to detect the use of airmon-ng nearby?

    Thanks!

    ReplyDelete
  43. airmon-ng start wlan0
    Gives me message to type airmon-ng check kill

    ReplyDelete
  44. I followed this tutorial to the letter but i still cant get it to work. I have three problems (i think)
    1. I created a wireless network with wep encryption but airdump is reading it as a wpa/wpa2 network
    2. No packets are being collected
    3. No connected clients are showing up on any of the networks around me

    Yes it is in monitor mode, i have checked and double checked. Was wondering if someone could help me out. Thanks

    ReplyDelete
  45. i have iPhone 5S and i would like to download linux in my phone. i am aware this is possible in android but i cant find anything on ios. any help will be appreciated. also is it possible to dual boot android on ios(or atleast as an application-and if so can i then use that android to boot linux?)

    ReplyDelete
  46. can any one teach me the kali linux

    ReplyDelete
  47. hey after the 3rd step it is taking so much time in collecting packet it is showing 50000and also it is now increasing ! is it okay or any error

    ReplyDelete
  48. Thanks Man .. i have completed this test successfully
    I will study one training each day ^_^

    ReplyDelete
  49. Hey bhai,
    Im having a problem with my network adapter..i got the TL-WN725N.. and i cant install the driver even though i have it..any help?

    ReplyDelete
  50. "aircrack-ng _____.cap" cmd shows :

    KEY FOUND! [ 50:40:30:20:10 ]
    what is this?
    "50:40:30:20:10" is not my password..

    ReplyDelete
    Replies
    1. thanxx.. for your quick reply :)
      it's worked..... :)

      Delete
  51. Hi, when I airodump on a bssid, I don't get any data to retrieve. It remains @ 0. Don't no what the prob is....

    ReplyDelete
    Replies
    1. Does the same bssid get data when you run airodump without specifying bssid?

      Delete
    2. Notin at all... No data... Very fustrating....

      Delete

© Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.
Bitcoin: 1B5aLqJcMW7zznffTxQwta8JTZsxBDPguC