Linux

 

Linux tools, Howtos

 

Tools Index

 

Wireless Commands

 

FC6 Build Howto

 

FC5 Build Howto

 

FC4 Build Howto

 

Live Linux Distros

 

 

Site Search

 

 

 

 

Windows

 

WIN32 tools, Howtos

 

Tools Index

 

 

Get Firefox!

 

 

General

 

Miscellaneous WI-FI

 

Default WI-FI Settings

 

Rogue AP Howtos

 

WI-FI Certifications

 

802.11 Standards

 

STEP BY STEP Guides

 

Formats / Extensions

 

WI-FI Home Security

 

Useful Links

 

 

 

 

aircrack:

 

Project Homepage: http://www.cr0.net:8040/code/network/ (OFFLINE)

Project Homepage: Local Mirror of Homepage  aircrack-2.41.tgz  MD5: 05A37C8A165EFB11EA226829C809DEB3

NOTE: The next generation of Aircrack, Aircrack-ng has far superseded the functionality of the original; Aircrack-ng's project homepage can be found here: http://www.aircrack-ng.org/doku.php

 

Once as many IVs as required have been captured using the airodump packet capture utility the resultant [filename].cap file is imported into aircrack to break the static WEP or WPA-PSK keys.

Installing aircrack

aircrack help

Breaking WEP

Breaking WPA

aircrack usage

Examples

 

 

aircrack help:

aircrack will give you the following help:

 

Basic usage: aircrack  -q  -n  [WEP key length]  -b [BSSID]  [filename].cap

 

 

Breaking WEP:

 

How many packets do I need?

 

Approximately 300,000 packets for breaking 64-bit WEP

 

Approximately 1,000,000 packets for breaking 128-bit WEP

 

 

aircrack -q  -n 128  -b  11:11:11:11:11:11  capture1-01.cap

The WEP key 86:65:78:38:8F:51:7B:E0:B4:81:8A:0D:B1 was cracked in under 10 seconds.  aircrack is very quick, it is the capture process using airodump that takes the majority of the time in WEP cracking.

 

 

Breaking WPA:

Once the WPA handshake has been collected (see aireplay) we can perform a dictionary attack to determine the WPA-PSK (Pre-Shared-Key)

aircrack  -a 2  -w  passwords.txt  capture1-01.cap

 

 

aircrack Usage:

 

aircrack provides us with a wealth of options (type aircrack or visit project homepage for full listing): 

  • -a [mode 1 or 2] 1=WEP, 2=WPA-PSK

     

  • -e [essid] target selection network ID

     

  • -b [bssid] target access point's MAC

     

  • -q enable quiet mode

     

  • -w [path] path to a dictionary word list (WPA only)

     

  • -n [no. bits] WEP key length (64, 128, 152 or 256)

     

  • -f [fudge no.] defaults are 5 for 64 bit WEP and 2 for 128 bit WEP

     

Examples:

 

aircrack -a 1  -n 64 capture1-01.cap

 

    Runs aircrack against the capture1-01.cap file in 64 bit WEP cracking mode

 

aircrack -q -b 00:06:25:BF:46:06  -n 128 -f 4 testfile-01.cap

 

    Runs aircrack in quiet mode against the testfile-01.cap file in 128 bit WEP cracking mode with a fudge factor of 4

 

aircrack -a 2  -w  passwords.txt  capture1-01.cap

 

    Runs aircrack against the capture1-01.cap file in WPA-PSK dictionary attack mode


 

 
 
   Copyright 2010 Wirelessdefence.org. All Rights Reserved.