Linux

 

Linux tools, Howtos

 

Tools Index

 

Wireless Commands

 

FC6 Build Howto

 

FC5 Build Howto

 

FC4 Build Howto

 

Live Linux Distros

 

 

Site Search

 

 

 

 

Windows

 

WIN32 tools, Howtos

 

Tools Index

 

 

Get Firefox!

 

 

General

 

Miscellaneous WI-FI

 

Default WI-FI Settings

 

Rogue AP Howtos

 

WI-FI Certifications

 

802.11 Standards

 

STEP BY STEP Guides

 

Formats / Extensions

 

WI-FI Home Security

 

Useful Links

 

 

 

 

Aircrack-ptw

Project Homepage: http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw

Local mirror: aircrack-ptw-1.0.0.tar.gz  MD5: 1d7d84d1e69189bc1397db3f565c183a

 

 

The_Attack

Installing_aircrack-ptw

Troubleshooting_Install

Running_aircrack-ptw

 

 

The Attack:

 

"We were able to extend Klein's attack and optimize it for usage against WEP. Using our version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets. For 60,000 available data packets, the success probability is about 80% and for 85,000 data packets about 95%. Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good conditions."  -www.cdc.informatik.tu-darmstadt.de

 

aircrack-ptw is a proof of concept tool to be utilised together with the aircrack-ng toolsuite (basically it replaces the aircrack-ng component to speed up WEP cracking).

 

 

Installing aircrack-ptw:

 

The following installation process assumes you have build similar to the Auditing Laptop Build: HOWTO 

 

Download latest stable code (currently aircrack-ptw-1.0.0.tar.gz) from http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/#top to /tools/wifi

 

 

cd /tools/wifi

 

tar zxvf aircrack-ptw-[version].tar.gz

 

cd aircrack-ptw-[version]

 

Debian/ubuntu only: Install libpcap0.8-dev apt-get install libpcap0.8-dev

 

Fedora Core: edit the makefile and move -lpcap switch to the end of both gcc lines

  

make

 

 

Running aircrack-ptw:

 

NOTE: 

 

POINTS TO NOTE:

  1. Aircrack-ptw requires the Aircrack-ng suite of tools for ARP re-injection (aireplay-ng) and data capture (airodump-ng).

  1. When starting airodump-ng do not use the --ivs parameter.

  1. Aircrack-ptw currently only works with ARP requests and ARP responses  e.g. ARP re-injection carried out with aireplay.  It does not work with arbitrary data e.g. file downloads etc.

Step 1:

 

Start airodump-ng:

 

 

Step 2:

 

Start aireplay-ng:

 

 

 

Step 3:

 

If no ARP requests are captured it may be necessary to deauth a network client, forcing the client to generate an arp-request

 

 

 

Step 4:

 

Collect between the recommended 40,000 and 85,000+ data packets.

 

 

Step 5:

 

Once 40,000 data packets have been collected aircrack-ptw can be run against the resultant data file (failed attempt below)

 

 

Step 6:

 

You can carry on collecting data packets whilst running aircrack-ptw against the capture file.

 

 

The successful aircrack-ptw crack took approximately 50,000 data packets, however, the number of data packets required will obviously vary.

 

It took less than 2 minutes to capture the 50,000 data packets and obtain the WEP key: 866578388517be0b4818a0db1

 

This scenario was conducted in a lab environment under ideal conditions, expect the process to take a little longer in reality.

 

 

Troubleshooting Install:

 

Receiving the error on compilation:

 

/tmp/ccOUnQRV.o: In function 'main':

aircrack-ptw.c:(.text+0x9e): undefined reference to 'pcap_open_offline'

aircrack-ptw.c:(.text+0xb2): undefined reference to 'pcap_datalink'

aircrack-ptw.c:(.text+0xee): undefined reference to 'pcap_next_ex'

collect2: ld returned 1 exit status

make: *** [aircrack-ptw] Error 1

 

Fix: move -lpcap switch to the end of both gcc lines

 

  
 
  © Copyright 2005-2006 Wirelessdefence.org. All Rights Reserved.