Linux tools, Howtos


Tools Index


Wireless Commands


FC6 Build Howto


FC5 Build Howto


FC4 Build Howto


Live Linux Distros



Site Search







WIN32 tools, Howtos


Tools Index



Get Firefox!





Miscellaneous WI-FI


Default WI-FI Settings


Rogue AP Howtos


WI-FI Certifications


802.11 Standards




Formats / Extensions


WI-FI Home Security


Useful Links





Aircrack-ng for Windows - Aircrack:


Project Homepage:


Aircrack-ng is the next generation of Christophe Devine's excellent aircrack suite of tools. 












Running Aircrack-ng for Windows:


Once as many IVs as required have been captured using the airodump packet capture utility the resultant [filename].cap file can be imported into aircrack to break the static WEP or WPA-PSK keys.



To view all available switches:



cd  c:\aircrack-ng-[version]








Basic usage: aircrack  -q  -n  [WEP key length]  -b [BSSID]  [filename].cap



Breaking WEP:


As you can see the capture file in use below (capture1.ivs) was created with airodump capture option "Only capture WEP IVs (y/n)" set to "y" as the resultant file is in the .ivs format.  If n had been selected the resultant file would be in the .cap format. 





Whilst this will work, we can could have cut down the cracking options for Aircrack-ng by specifying the WEP key length (-n) or by specifying the target AP MAC address (-b) on the command line:



aircrack -a 1 -q  -n 128  -b  11:11:11:11:11:11  capture1.ivs  (Where 11:11:11:11:11:11 = Target AP's MAC address)





As you can see aircrack found the WEP key for our 1008195 IV capture file (capture1.ivs) in only 4 seconds.



The capture file itself (capture1.ivs) is included here to test your own aircrack installs (note: the file is a 5.77mb download).



Breaking WPA:


In order to be carry out the WPA dictionary attack using aircrack-ng we either have to:


  1. Wait for a WPA client to associate to the network (This could take a while)


  2. Force a WPA client off the network, forcing it to reassociate.


Either of these two method allows us to capture the WPA handshake, which is what we require to perform a dictionary attack.


The downside to using this Windows version of aircrack-ng is that there are not any freely available tools to perform this attack.  So we have to either use a Linux tools (e.g. aireplay or void11) or wait for an association to occur.


Which ever way we gather the WPA handshake we still use the same tool; airodump.


Once we think we have captured the WPA handshake, we simply run the capture file through aircrack for confirmation:




If have confirmed we have the WPA handshake (as above) we can attempt the dictionary attack:





As you can see above aircrack found the WPA PSK of "passphrase"


The capture file itself (capture2.cap) is included here to test your own aircrack installs


   Copyright 2010 All Rights Reserved.