Aircrack-ng for Windows - Aircrack:
Aircrack-ng is the next generation of
Christophe Devine's excellent aircrack suite of tools.
INSTALLING AIRCRACK-NG FOR
RUNNING AIRCRACK-NG FOR WINDOWS
Once as many IVs as required have been captured using the
airodump packet capture
utility the resultant [filename].cap file can be imported into
aircrack to break the static WEP or WPA-PSK keys.
To view all available switches:
Basic usage: aircrack
-q -n [WEP key length] -b [BSSID] [filename].cap
As you can see the capture file in
use below (capture1.ivs) was created with airodump capture option "Only
capture WEP IVs (y/n)" set to "y" as the resultant file is in the
.ivs format. If n had been selected the resultant file would be
in the .cap format.
Whilst this will work, we can could
down the cracking options for Aircrack-ng by specifying the WEP key length (-n)
or by specifying the target AP MAC address (-b) on the
aircrack -a 1 -q
-n 128 -b 11:11:11:11:11:11 capture1.ivs (Where
11:11:11:11:11:11 = Target AP's MAC address)
As you can see aircrack found the WEP
key for our 1008195 IV capture file (capture1.ivs) in only 4 seconds.
The capture file itself (capture1.ivs)
here to test your own aircrack installs (note: the file is a 5.77mb
In order to be carry out the WPA
dictionary attack using aircrack-ng we either have to:
Wait for a WPA client to
associate to the network (This could take a while)
Force a WPA client off the
network, forcing it to reassociate.
Either of these two method allows us
to capture the WPA handshake, which is what we require to perform a dictionary
The downside to using this Windows
version of aircrack-ng is that there are not any freely available tools to
perform this attack. So we have to either use a Linux tools (e.g.
void11) or wait for an association
Which ever way we gather the WPA
handshake we still use the same tool;
Once we think we have captured the
WPA handshake, we simply run the capture file through aircrack for confirmation:
If have confirmed we have the WPA
handshake (as above) we can attempt the dictionary attack:
As you can see above aircrack found
the WPA PSK of "passphrase"
The capture file itself (capture2.cap)
to test your own aircrack installs