Linux

 

Linux tools, Howtos

 

Tools Index

 

Wireless Commands

 

FC6 Build Howto

 

FC5 Build Howto

 

FC4 Build Howto

 

Live Linux Distros

 

 

Site Search

 

 

 

 

Windows

 

WIN32 tools, Howtos

 

Tools Index

 

 

Get Firefox!

 

 

General

 

Miscellaneous WI-FI

 

Default WI-FI Settings

 

Rogue AP Howtos

 

WI-FI Certifications

 

802.11 Standards

 

STEP BY STEP Guides

 

Formats / Extensions

 

WI-FI Home Security

 

Useful Links

 

 

 

 

Aircrack-ng for Windows - Aircrack:

 

Project Homepage: http://www.aircrack-ng.org/index.php?title=Main_Page

 

Aircrack-ng is the next generation of Christophe Devine's excellent aircrack suite of tools. 

 

 

INSTALLING AIRCRACK-NG FOR WINDOWS

 

RUNNING AIRCRACK-NG FOR WINDOWS

 

BREAKING WEP

 

BREAKING WPA

 

 

Running Aircrack-ng for Windows:

 

Once as many IVs as required have been captured using the airodump packet capture utility the resultant [filename].cap file can be imported into aircrack to break the static WEP or WPA-PSK keys.

 

 

To view all available switches:

 

 

cd  c:\aircrack-ng-[version]

 

 

aircrack-ng.exe

 

 

 

 

Basic usage: aircrack  -q  -n  [WEP key length]  -b [BSSID]  [filename].cap

 

 

Breaking WEP:

 

As you can see the capture file in use below (capture1.ivs) was created with airodump capture option "Only capture WEP IVs (y/n)" set to "y" as the resultant file is in the .ivs format.  If n had been selected the resultant file would be in the .cap format. 

 

 

 

 

Whilst this will work, we can could have cut down the cracking options for Aircrack-ng by specifying the WEP key length (-n) or by specifying the target AP MAC address (-b) on the command line:

 

 

aircrack -a 1 -q  -n 128  -b  11:11:11:11:11:11  capture1.ivs  (Where 11:11:11:11:11:11 = Target AP's MAC address)

 

 

 

 

As you can see aircrack found the WEP key for our 1008195 IV capture file (capture1.ivs) in only 4 seconds.

 

 

The capture file itself (capture1.ivs) is included here to test your own aircrack installs (note: the file is a 5.77mb download).

 

 

Breaking WPA:

 

In order to be carry out the WPA dictionary attack using aircrack-ng we either have to:

 

  1. Wait for a WPA client to associate to the network (This could take a while)

     

  2. Force a WPA client off the network, forcing it to reassociate.

     

Either of these two method allows us to capture the WPA handshake, which is what we require to perform a dictionary attack.

 

The downside to using this Windows version of aircrack-ng is that there are not any freely available tools to perform this attack.  So we have to either use a Linux tools (e.g. aireplay or void11) or wait for an association to occur.

 

Which ever way we gather the WPA handshake we still use the same tool; airodump.

 

Once we think we have captured the WPA handshake, we simply run the capture file through aircrack for confirmation:

 

 

 

If have confirmed we have the WPA handshake (as above) we can attempt the dictionary attack:

 

 

 

 

As you can see above aircrack found the WPA PSK of "passphrase"

 

The capture file itself (capture2.cap) is included here to test your own aircrack installs


 

 
 
   Copyright 2010 Wirelessdefence.org. All Rights Reserved.