Cracking WiFi passwords using Aircrack-ng using a target-specific

custom wordlist generated by us

By
ANUJ SHAH 1711110
RAJ NATHWANI 1711119
VIJAY TIRUKKOVALLURU1711122

1. Introduction.

Aircrack-ng is an 802.11 WEP and WPA-PSK key recovery software that can recover keys after
capturing enough data packets. It uses the traditional FMS attack as well as some optimizations
such as KoreK attacks and the brand-new PTW attack, making it much quicker than other WEP
cracking tools.
Aircrack-ng is a collection of tools for evaluating WiFi network protection that comes pre-
installed with Kali Linux.

It focuses on different areas of WiFi security:

● Monitoring: Packet capture and export of data to text files for further processing by third-
party tools
● Attacking: Replay attacks, deauthentication, fake access points, and others via packet
injection
● Testing: Checking WiFi cards and driver capabilities (capture and injection)
● Cracking: WEP and WPA PSK (WPA 1 and 2)

All of the tools are command lines that support extensive scripting. This functionality has
been used by a large number of graphical user interfaces. It runs on Linux, but it also operates on
Windows, OS X, FreeBSD, OpenBSD, NetBSD, Solaris, and even eComStation 2.

Based on the IEEE 802.11 standards, Wi-Fi is a technology for radio wireless local area
networking of computers. The Wi-Fi Alliance owns the trademark Wi-Fi, which limits the use of
the name Wi-Fi. After several years of research, the 802.11 committee interoperability validation
testing, certified to items that are final.

Desktops and laptops, video game consoles, smartphones and tablets, smart TVs, printers,
digital audio players, digital cameras, motorcycles, and drones are among the devices that can
use Wi-Fi technology. A WLAN and a wireless access point will link Wi-Fi friendly devices to
the Internet. Indoors, such an access point (or hotspot) has a range of around 20 metres (66 feet),
and outdoors, it has a much longer range. Hotspot coverage may be as small as a single room
with radio-wave-blocking walls or as wide as several square kilometres when many overlapping
access points are used.

Depiction of a device sending information wirelessly to another device, both connected to the
local network, to print a document

Wi-Fi comes in a variety of flavours, with various ranges, radio bands, and speeds. The
2.4 gigahertz (12 cm) UHF and 5 gigahertz (6 cm) SHF ISM radio bands are the most widely
used for Wi-Fi, and these bands are subdivided into several channels. Multiple networks will
share the same channel at the same time. These wavelengths are ideal for line-of-sight
communication. Many common materials absorb or reflect them, reducing range even more.
However, in crowded environments, this can help reduce interference between different
networks. Some Wi-Fi models, when used with the right hardware, can reach speeds of over 1
Gbit/s when used at close range.
Wi-Fi is more vulnerable to attack (called eavesdropping) than wired networks since
anyone within range with a wireless network interface controller will attempt to access a
network. WPA (Wi-Fi Protected Access) is a collection of technologies designed to secure data
flowing through Wi-Fi networks, with solutions for both personal and business networks. As the
security environment has evolved over time, WPA's security features have included stronger
safeguards and new security standards.

2. Problem definition and scope.

 We need to crack the WiFi password of a given network using the Aircrack-ng toolkit,
which is available on Kali Linux. All of the experiments presented here were carried out with the
permission of the respective owners.
The aim is to catch the WPA/WPA2 authentication handshake and then crack the pre-
shared key with aircrack-ng.

This is where the custom-made wordlist comes into play. Because we know our goal, we
can use the information we have about him to create a custom-made wordlist based on his
information, such as his name, date of birth, and other details. The CUPP (Common User
Passwords Profiler) tool, which we have to clone from GitHub, can also include any keywords
we want to add.
The said assault can then be carried out either actively or passively using Aircrack-ng.
We'll "actively" speed up the process by deauthenticating an existing wireless client. We wait for
a wireless client to authenticate to the WPA/WPA2 network "passively." The benefit of passive
is that we don't need injection capability, so the Windows version of aircrack-ng can be used as
well; however, we're using the Kali version.
However, since time is of the essence and we have the WiFi router owner's prior
permission, we will proceed with the Active assault.

3. Proposed methodology.

Here are the basic steps we will be going through:

● Find information about our target.

● Use the above-mentioned information to generate a custom-made wordlist so that
the probability of finding the WiFi password increases.
● Start the wireless interface in monitor mode on the specific AP channel.
● Start airodump-ng on AP channel with filter for BSSID to collect authentication
handshake.
● Use airplay-ng to deauthenticate the wireless client.
● Run aircrack-ng to crack the pre-shared key using the authentication handshake
and a wordlist.

4. Description of software and/or tools utilized.

Software Requirements:
● Virtual Machine (for hosting Kali Linux)
● Kali Linux Operating System
Hardware Requirements:
● WiFi Adapter (which can be configured in monitor mode, Atheros AR9271
chipset-based WiFi adapter used in this case.)
 5. Implementation steps along with screenshots.
● Gathering Information to generate the wordlist
First, we shall generate a wordlist, but before we can do that we note down all the
information we know about the target so that generating a wordlist is now easier.

● Generating the wordlist

Now we start the CUPP tool using the command

python cupp.py -i

-I here stands for an interactive mode which is an easier way of inputting all the target
information.
 As seen in the screenshot above, we just enter the information we were asked
from the earlier step.

● Check for any processes that can cause trouble

We can do so by typing in the following command:

airman -ng start wlan0

Where wlan0 is the name of our wireless interface which can be found out by using the
iwconfig command.

● Killing any processes found in the above step

We need to kill any processes that can cause issues in the execution for which we can
type the following command:

airmon-ng check kill

We shall get an output as shown below:

● Scanning the networks

Now we shall scan the networks using the command:

airodump-ng -i wlan0

This creates a dump of all the connections in range and we can then find the BSSID of
our target network and the channel on which it is operating. The ESSID is the name of the WiFi
network we are targeting.

The output is shown below:

 ● Generation of the handshake file

airodump-ng --bssid <<BSSID_OF_TARGET>> -c <<CHANNEL_OF_TARGET>> -w

<<PATH_OF_HANDSHAKE_FILE>> -i wlan0mon

● Sending Deauthentication packets

We start to send de-authentication packets to the access point by the following command:
aireplay-ng -0 50 -a <<BSSID>> -c <<STATION>> wlan0mon

Where 50 is the number of deauthentication packets to be sent.

 ● Cracking the WiFi password

To crack the WiFi password now that everything is setup we can type in:
aircrack-ng -a2 -b <<BSSID>> -w <<PATH_TO_WORDLIST>>
<<PATH_TO_HANDSHAKE_FILE>>

With this, we shall now be able to crack the password if it was one of the passwords from
the wordlist generated by us, if not then we shall have to restart the process by generating a new
wordlist of probable passwords.

Output:
6. References.

https://www.aircrack-ng.org/

https://en.wikipedia.org/wiki/Aircrack-ng

https://en.wikipedia.org/wiki/Wi-Fi

https://tools.kali.org/wireless-attacks/aircrack-ng

https://www.shellhacks.com/how-to-use-aircrack-ng-wifi-password-hacker-tutorial/

https://www.aircrack-ng.org/doku.php?id=cracking_wpa

https://docs.microsoft.com/en-us/previous-versions//bb878054(v=technet.10)