Aircrack-ng
User Tools
Site Tools
Table of Contents
Installing Aircrack-ng from Source
Legacy information can be found here.
Requirements
Linux
Windows (Cygwin)
Install the following via Homebrew (brew):
FreeBSD, OpenBSD, NetBSD, Solaris
Install the following via pkg:
Optional stuff
Compiling and installing
Current version
Compiling with AirPcap support (cygwin only)
Compiling on *BSD
Commands are exactly the same as Linux but instead of make, use gmake (with CC=gcc5 CXX=g++5 or any more recent gcc version installed).
Compiling on OS X
Commands are exactly the same as Linux
Latest Git (development) Sources
Note: Compilation parameters can also be used with the sources from our git repository.
./configure flags
When configuring, the following flags can be used and combined to adjust the suite to your choosing:
Troubleshooting Tips
error while loading shared libraries: libaircrack-ng.so.0
Run ldconfig as root or with “sudo” to solve the issue.
«command not found» error message
After you do “make install” then try to use any of the Aircrack-ng suite commands, you get the error message “command not found” or similar. Your system will look for the Aircrack-ng commands in the directories defined by the PATH command.
Normally, the Aircrack-ng suite programs and man pages are placed in:
On your system, to determine which directories have the Aircrack-ng programs enter the following. If using “locate” be sure to first run “updatedb”.
Once you know the directories (exclude the source directories) then determine which directories are in your PATH. To see which directories are included in PATH on your particular system enter:
It should show something like:
At this point compare the actual locations with the directories in your PATH. If the directories are missing from your PATH then you have a few options:
Installing pre-compiled binaries
Linux/BSD/OSX
We offer packages for a number of Linux distributions in 64 bit thanks to PackageCloud.io so you can use your distro’s package manager to install and keep Aircrack-ng up to date:
While most folks want to use our “release” packages, “git” packages are available too for those who decide to use bleeding edge.
More details about them can be found in our blog post.
On OSX, install it is via Macports or brew. Simply do “brew install aircrack-ng” or “sudo ports install aircrack-ng”
Windows
The Windows version of the Aircrack-ng suite does not have an install program. You must manually install (unzipping archive) the software.
Here are the steps to follow for Windows:
Prior to using the software, make sure to install the drivers for your particular wireless card. See this link for the instructions. We currently only support Airpcap; other adapters may be supported but require development of your own DLL so the different tools can interact with it.
To now use the Aircrack-ng suite, start Windows Explorer and double click on Aircrack-ng GUI .exe inside “bin” subdirectory. The GUI requires .NET version 4.6.1 to run.
Jean Martins
jeanfmc.github.io
Hacking: Aircrack-ng on Mac OsX | Cracking wi-fi without kali in parallels
Hi there,
i expended many many hours looking a way to use the aircrack-ng in the Linux Kali in Parallels. But with out success. Searching on google, the alternative was buy a usb wifi, but i didn’t and now i’m using the aircrack-ng natively on mac.
For crack wifi passwords, fallow these steps. ☠️
1. Install the brew:
Maybe you already have the homebrew installed in your mac, but if not, INSTALL RIGHT NOW. The homebrew is like the linux apt-get, and will provide to you things that the apple don’t.
2. Install the aircrack-ng and create necessary links:
With the homebrew installed, use this command:
With the aircrack-ng installed, use this command:
sudo ln -s /usr/local/Cellar/aircrack-ng/1.1_2/bin/aircrack-ng /usr/local/bin/aircrack-ng
Now the command are able to be used. The homebrew install folder are “/usr/local/Cellar” and this command created a link of this folder to be used directly on terminal. Other tool that will be necessary is the airport. So we will create a other link too.
sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/local/bin/airport
3. Find a target to crack:
Ok, now we have our very useful tools prepared to start. Check if your wifi are turn-in and let’s see wifis that are close.
This is the list of wifi able. Are three important information that we need look for, the RSS, channel and BSSID.
Chose the connection with less RSSI, the less is better. In this case i’ll crack the last one.
Turn-off your connection but maintain the wifi turned-in. If you don’t do, the interface en0 will be active and busy.
4. Capturing a four way handshake:
Sniff the channel selected.
This command will sniff the traffic on channel and log on tmp folder. You can see the log file with:
Get the name of the file because we will use them in the next step. This file is very important because it will contain the hash captured by the handshake. And the brute force will try broke this hash comparing with each line of the wordlist file.
6. Forcing a handshake with deauth – (Death Authentication):
On Kali we can use the aireplay command, but on mac we don’t have this tool. My suggestion is the JamWiFi. With this software you can make a death authentication attack and force a auto 4way handshake. Just press Scan, chose the target and press Deauth to restart all connections.
Chose the network press JAM, Do it! and Done.
7. Starting the brute force by CPU:
The first information are about the tries, and the second one will show each word of your wordlist that has been try.
And a long time after…
The Key FOUND! So, enjoy it.
8. Getting out:
To turn off the monitoring mode kill airport the process.
If it dosen’t work check if the JamWifi are scanning, you need close it..
And it’s it, good look for find a wifi with a poor password…
… and review your pass.
Compartilhe isso:
Like this:
31 thoughts on “ Hacking: Aircrack-ng on Mac OsX | Cracking wi-fi without kali in parallels ”
Hey, thanks for your guide, I do have a problem.
When i type “airport en0 sniff 11”, i get this “Could not open device en0 (en0: You don’t have permission to capture on that device ((cannot open BPF device) /dev/bpf0: Permission denied)).”
Could you help me on solving it please ? Thanks !
Hi my friend, thanks for your comments 🙂
Well, i wrote this a some time ago, but i’ll try help you…
I believe that we must pay attention in the return of “airport -z” command, it must be a broadcast and be inactive. When i did this on kali, i needed use the interface en1, so try disable the interface en0 or use other interface, like en1.
Tell-me if it’s worked 🙂
Maybe run the command using sudo?
“sudo airport en0 sniff 11”
do it with sudo it will work
Amazing guide, thank you for this.
I can’t run a Scan with Jam while airport is sniffing. If I run a scan first and select the network, I get no indication if Deauth worked. I can select the network and then click Jam, and hit Jam when I see packets flowing. Is this the same as Deauth? I am looking for an indication of when I have collected the handshakes via deauths.
great question, the deauth will works fast if your target has some display to connect automatically (password saved)… In your cap file will contain the hash of connection, you can check using a “tail -f file.cap”.
About the Jam, i believe that your interface must be active, so you can kill the process that is putting your interface as innative.
I`ll do a video on youtube to show all steps, i think that will be easier 🙂
Thanks by the comment.
JamWifi needs to be used on other Mac? I mean during sniffing of airport, JamWifi can’t scan for networks on the same mac.
Can be, but it`s not necessary… Try able your interface (be active)…
You can kill the process that is deactivating your interface…
If it dosent help send me other comment, i`ll do a video on youtube to teach all steps.
aircrack-ng -1 -a 1 -b -w
what i write at wordlist part ?
Hi sarvar,
the word list is the possibles passwords to be validated by the script. Because the sniff will get the handshake hash, and the script will check each values from wordlist to be if it will be equal to the hash.
Has many wordlist on the web…
HI, thanks very much for your guide! Everything works for me until I get to the step “airport sniff “. When I enter this command with the correct variables I first get the (correct) response: Capturing 802.11 frames on en0., but then I get the response “Segmentation fault: 11”. I still get a file output to /tmp/airportSniff.cap, but when I run the command “aircrack-ng -1 -a 1 -b -w ” I get the response:
Opening /tmp/airportSniff.cap
read(file header) failed: Undefined error: 0
Read 0 packets.
0 potential targets
No matching network found – check your bssid.
Any ideas what is causing this Segmentation fault
Yes, it`s can happen because you didn`t get a handshake…
Because the “happy path” is:
1) monitor by some handshake
2) deauth every one
3) some console will automatically connect with a password saved. And this moment will you listening and will get the handshake hash.
If no display connected automatically, no handshake 😦
Try with your own wiki to check if all steps are right, else send-me other comment.
Hi – thank you very much for putting together this guide. trying to run airport en0 sniff and getting segmentation fault 11 when trying to run this command.
Hi Clusk,
please, check with ifconfig with the interface it`s right or if be inative. Sometimes can be other interface, as en1 for example.
thanks for ask…
I`ll create a video on youtube to show better all steps.
Hi Jean…. thanks for this tutorial… im getting the neccesary files to start with the task…
I have a doubt about this step…
aircrack-ng -1 -a 1 -b -w
I need to rename “BSSID” with the target SSID?
“cap_file” with the name of the log file??
“wordlist” what do you mean with this??
I hope you can help me…
I want to try this for fun and impress some fellas jjajaj
Hola Daniel,
bien? mira, creo que hablas español entonces voy a escribir para entrenar…
si, la información tu debes cambiar por lá que tiene en el JamWiFI. Lá informacion es donde se queda las informaciones que tu agarraste por el sniff, paso 4, acá tiene las informacionoes del handshake.
Lá ultima informacion debe tener una lista de palabras para que el script intente, tiene muchos arquivo por la internet. es eso?
En otro post escrebi como usar tu placa de video, sugiro porque és un proceso muy custoso, entonces vá ser menos despácio.
Voy hacer un video en youtube mostrando como hacer todos los pasos, después informo.
Gracias por el comentário y perdón por mi español más o menos. jajajaja
When will the video be available? Also please include your Mac OS :). It would be great to have all done from scratch. What you have achieved (if true :D) is quite incredible.
Just wanted to let you know all that after much reading online, IF YOU HAVE MOJAVE MacOS you are out of luck. You will keep getting segmentation fault 1 when you run the Sniff command.
If any one has a solution happy to hear it, but I doubt it. (No, tcpdump does not work well. Wireshark perhaps but I have not tried)
I am unable to capture from en0 as they say i dont have the sufficient permission. Do you have any idea how I could get the permission to en0?
Thanks a lot for your tutorial
Thanks for the info really useful stuff. Really appreciate it.
I have one question and still, you have answered previously in the comments here but I am a bit confused.
aircrack-ng -1 -a 1 -b -w
I know what to use for:
BSSID and cap_file
What do I need to use for ?
You mentioned this:
Hi sarvar,
the word list is the possibles passwords to be validated by the script. Because the sniff will get the handshake hash, and the script will check each values from wordlist to be if it will be equal to the hash.
Has many wordlist on the web…
Does this mean that I add a numeric value to the or where do I get the possible passwords from?
Thank you in advance.
I’ll type this again as wordpress is removing some of the words due to symbol.
Thanks for the info really useful stuff. Really appreciate it.
I have one question and still, you have answered previously in the comments here but I am a bit confused.
aircrack-ng -1 -a 1 -b BSSID cap_file -w wordlist
I know what to use for:
BSSID and cap_file
What do I need to use for wordlist ?
You mentioned this:
Hi sarvar,
the word list is the possibles passwords to be validated by the script. Because the sniff will get the handshake hash, and the script will check each values from wordlist to be if it will be equal to the hash.
Has many wordlist on the web…
Does this mean that I add a numeric value instead of wordlist or where do I get the possible passwords from?
Thank you in advance.
…$ airport -z
root required to disassociate
Ws-MacBook-Pro:
…$ airport sniff
-bash: syntax error near unexpected token `newline’
please need help. thanks
Awesome information, thank you Martins! I wonder if anyone else has ever got it to work though lol xP
I am not sure how much do I have to be sniffing with airport, as I always get error that I don’t have enough IVs, I’d like to know how to fix this from MacOS. Thanks!
Hello Jean,
Nice tutorial, but I am stuck in the middle of I don’t know :))
1. So I have generated the ls /tmp/airportSniff*.cap but it tells me this: read(file header) failed: Undefined error: 0
Read 0 packets.
0 potential targets
2. No matching network found – check your bssid, but I wrote correctly the bssid.
3. When I want to choose the channels it tell me this:
Capturing 802.11 frames on en0.
Segmentation fault: 11
4. JamWifi is stucked when I push deauth and nothing appears at the Jam Tab…
5. Maybe can you make a video tutorial and put it on private mail?
6. Thank you a lot and very very much!
Wonderful guide man! Finally one online
The things for now that are not clear to me are:
– how long should I leave the sniffer on? (and how to switch it off that’s not restarting the laptop)
– about wordlist, I found some online but was thinking does it really work for WPA wifi password if they are just alphanumeric psw?
– in case of alphanumeric (no words), how long could take the bruteforce?
Thanks in advance for your answers and keep it up 😉
Hi Martin,
I think everything worked well until I the “airport -z” command, which produced the message “root required to disassociate.” I disconnected my wifi and unchecked “automatically join this network” after putting in the “airport -s” command.
Hey, I am having this issue
aircrack-ng-1.5.2 airport en0 sniff 11
Capturing 802.11 frames on en0.
fish: ‘airport sniff 11’ terminated by signal SIGSEGV (Address boundary error)