Вы находитесь на странице: 1из 3

Wirelessdefence.org

11/17/2014

Aircrack-ng for Windows - Aircrack: Project Homepage: http://www.aircrack-ng.org/index.php?title=Main _ Page Aircrack-ng
Aircrack-ng for Windows - Aircrack: Project Homepage: http://www.aircrack-ng.org/index.php?title=Main _ Page Aircrack-ng
Aircrack-ng for Windows - Aircrack:

Aircrack-ng for Windows - Aircrack:

Aircrack-ng is the next generation of Christophe Devine's excellent aircrack suite of tools.

Linux

Linux

 

RUNNING AIRCRACK-NG FOR WINDOWS

 

Linux tools, Howtos

 

BREAKING WEP

 

BREAKING WPA

 

Running Aircrack-ng for Windows:

 

Once as many IVs as required have been captured using the airodump packet capture utility the resultant [filename].cap file can be imported into aircrack to break the static WEP or WPA-PSK keys.

 

To view all available switches:

Site Search

Site Search

   

cd c:\aircrack-ng-[version]

Search
Search
 
 

aircrack-ng.exe

Windows

Windows

WIN32 tools, Howtos

Basic usage: aircrack -q -n [WEP key length] -b [BSSID] [filename].cap

Basic usage: aircrack -q -n [WEP key length] -b [BSSID] [filename].cap

 
 
General

General

Miscellaneous WI-FI

 

Breaking WEP:

As you can see the capture file in use below (capture1.ivs) was created with airodump capture option "Only capture WEP IVs (y/n)" set to "y" as the resultant file is in the .ivs format. If n had been selected the resultant file would be in the .cap format.

Wirelessdefence.org

11/17/2014

Whilst this will work, we can could have cut down the cracking options for Aircrack-ng

Whilst this will work, we can could have cut down the cracking options for Aircrack-ng by specifying the WEP key length (-n) or by specifying the target AP MAC address (-b) on the command line:

aircrack -a 1 -q -n 128 -b 11:11:11:11:11:11 capture1.ivs (Where 11:11:11:11:11:11 = Target AP's MAC address)

(Where 11:11:11:11:11:11 = Target AP's MAC address) As you can see aircrack found the WEP key

As you can see aircrack found the WEP key for our 1008195 IV capture file (capture1.ivs) in only 4 seconds.

The capture file itself (capture1.ivs) is included here to test your own aircrack installs (note: the file is a 5.77mb download).

Breaking WPA:

In order to be carry out the WPA dictionary attack using aircrack-ng we either have to:

1. Wait for a WPA client to associate to the network (This could take a while)

2. Force a WPA client off the network, forcing it to reassociate.

Either of these two method allows us to capture the WPA handshake, which is what we require to perform a dictionary attack.

The downside to using this Windows version of aircrack-ng is that there are not any freely available tools to perform this attack. So we have to either use a Linux tools (e.g. aireplay or void11) or wait for an association to occur.

Which ever way we gather the WPA handshake we still use the same tool; airodump.

Once we think we have captured the WPA handshake, we simply run the capture file through aircrack for confirmation:

run the capture file through aircrack for confirmation: If have confirmed we have the WPA handshake

If have confirmed we have the WPA handshake (as above) we can attempt the dictionary attack:

Wirelessdefence.org

11/17/2014

As you can see above aircrack found the WPA PSK of "passphrase" The capture file
As you can see above aircrack found the WPA PSK of "passphrase"
The capture file itself (capture2.cap) is included here to test your own aircrack installs
© Copyright 2010 Wirelessdefence.org. All Rights Reserved.