Wirelessdefence.

org

11/17/2014

Aircrack-ng for Windows - Aircrack:

Project Homepage: http://w w w .aircrack-ng.org/index.php?title=Main_Page
Aircrack-ng is the next generation of Christophe Devine's excellent aircrack suite of tools.

Linux

INSTALLING AIRCRACK-NG FOR W INDOW S

RUNNING AIRCRACK-NG FOR W INDOW S

Linux tools, Howtos

Tools Index
W ireless Com m ands
FC6 Build Howto

BREAKING W EP
BREAKING W PA

Running Aircrack-ng for Windows:

FC5 Build Howto

FC4 Build Howto

Once as many IVs as required have been captured using the airodump packet capture utility the resultant
[filename].cap file can be imported into aircrack to break the static W EP or W PA-PSK keys.

Live Linux Distros

To view all available sw itches:

Site Search
cd c:\aircrack-ng-[version]
Search
aircrack-ng.exe
Windows
WIN32 tools, Howtos
Tools Index

General
Miscellaneous WI-FI
Default W I-FI Settings
Rogue AP Howtos
W I-FI Certifications
802.11 Standards
STEP BY STEP Guides
Form ats / Ex tensions
W I-FI Hom e Security
Useful Link s

Basic usage: aircrack -q -n [WEP key length] -b [BSSID] [filename].cap

Breaking WEP:
As you can see the capture file in use below (capture1.ivs) w as created w ith airodump capture option "Only
capture WEP IVs (y/n)" set to "y" as the resultant file is in the .ivs format. If n had been selected the resultant
file w ould be in the .cap format.

http://wirelessdefence.org/Contents/Aircrack-ng_WinAircrack.htm

1/3

Wirelessdefence.org

11/17/2014

W hilst this w ill w ork, w e can could have cut dow n the cracking options for Aircrack-ng by specifying the W EP key
length (-n) or by specifying the target AP MAC address (-b) on the command line:
aircrack -a 1 -q -n 128 -b 11:11:11:11:11:11 capture1.ivs (W here 11:11:11:11:11:11 = Target AP's MAC
address)

As you can see aircrack found the W EP key for our 1008195 IV capture file (capture1.ivs) in only 4 seconds.
The capture file itself (capture1.ivs) is included here to test your ow n aircrack installs (note: the file is a 5.77mb
dow nload).

Breaking WPA:
In order to be carry out the W PA dictionary attack using aircrack-ng w e either have to:
1. W ait for a W PA client to associate to the netw ork (This could take a w hile)
2. Force a W PA client off the netw ork, forcing it to reassociate.

Either of these tw o method allow s us to capture the W PA handshake, w hich is w hat w e require to perform a
dictionary attack.
The dow nside to using this W indow s version of aircrack-ng is that there are not any freely available tools to
perform this attack. So w e have to either use a Linux tools (e.g. aireplay or void11) or w ait for an association to
occur.
W hich ever w ay w e gather the W PA handshake w e still use the same tool; airodump.
Once w e think w e have captured the W PA handshake, w e simply run the capture file through aircrack for
confirmation:

If have confirmed w e have the W PA handshake (as above) w e can attempt the dictionary attack:

http://wirelessdefence.org/Contents/Aircrack-ng_WinAircrack.htm

2/3

Wirelessdefence.org

11/17/2014

As you can see above aircrack found the W PA PSK of "passphrase"

The capture file itself (capture2.cap) is included here to test your ow n aircrack installs

Copyright 2010 W irelessdefence.org. All Rights Reserved.

http://wirelessdefence.org/Contents/Aircrack-ng_WinAircrack.htm

3/3