PHASE 4: WIRELESS ATTACKS

Aircrack-ng

Master WPA/WPA2 password cracking using aircrack-ng. Dictionary attacks on captured handshakes. Learn to assess wireless network security through hands-on exploitation.

IntermediatePhase 4: Wireless AttacksInteractive Lab

What You'll Learn

  • WPA/WPA2 handshake capture and analysis
  • Dictionary-based password cracking techniques
  • Wireless network security assessment
  • Offensive security testing methodologies

What is Aircrack-ng?

Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security including monitoring, attacking, testing, and cracking. The suite includes tools for capturing packets, deauthenticating clients, creating fake access points, and most importantly, cracking WEP and WPA/WPA2-PSK keys using captured handshakes.

WPA/WPA2 Cracking Process

1. Capture Handshake

Use airodump-ng to capture the 4-way WPA handshake when a client connects

2. Select Wordlist

Choose a password dictionary (e.g., rockyou.txt with 14M+ passwords)

3. Launch Aircrack

Run aircrack-ng with the capture file and wordlist

aircrack-ng -w rockyou.txt -b [BSSID] capture.cap

4. Wait for Result

Aircrack tests each password until a match is found (can take hours/days)

Cracking Techniques

📚 Dictionary Attack

Test passwords from a pre-compiled wordlist (fast but limited coverage)

🔢 Brute Force

Try all possible character combinations (thorough but extremely slow)

🎲 Rule-Based

Apply transformation rules to wordlist entries (e.g., l33t speak)

💡 Hybrid

Combine wordlist with character masks for better coverage

Defensive Measures

  • Use strong, random passwords with 16+ characters mixing upper/lowercase, numbers, and symbols
  • Implement WPA3 which uses SAE (Simultaneous Authentication of Equals) to resist offline attacks
  • Avoid common passwords, dictionary words, and predictable patterns
  • Consider using enterprise authentication (WPA2-Enterprise/802.1X) instead of PSK
  • Regularly rotate Wi-Fi passwords and audit network access

💡 Pro Tip

Cracking time depends on password complexity and computing power. A GPU-accelerated tool like Hashcat can crack passwords 10-100x faster than CPU-based aircrack-ng. Weak 8-character passwords can be cracked in hours, while strong 16+ character passwords could take centuries.

CPU Load
12%
Adapter
wlan0mon
Wordlist
rockyou.txt
Status
recon
root@kali:~
aircrack-ng v1.7 - (C) 2023 Thomas d'Otreppe
System ready. Select a target to begin.

Available Networks

Scanning...