-
Notifications
You must be signed in to change notification settings - Fork 1
/
aircrack-ng.txt
72 lines (47 loc) · 2.9 KB
/
aircrack-ng.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
Content-Type: text/x-zim-wiki
Wiki-Format: zim 0.4
Creation-Date: 2017-02-25T16:02:56+01:00
====== aircrack-ng ======
Created Saturday 25 February 2017
**Aircrack-ng is one of the more common tools in any offensive arsenal. In this article we'll assume that the network device we'll be working with is called **//wifi1 //** (see Alpha-AWUS036H for more info on naming)**
== Installation ==
$ pacman -S aircrack-ng
===== Usage =====
**# Aircrack-ng comes with a variety of tools. **
**#** **Below is some core information a couple of basic examples for some of these tools.**
== Airmon-ng ==
**# This tool is used to put our network device into monitor mode. **
$ airmon-ng start wifi1
**# Take notice of the output. It will change the name of the device. Ex, from **//wifi1//** to**// wifi1mon//
== Airodump-ng ==
**# Used to capture packets. Use it with the monitor device you just set up (**//airmon-ng//**)**
$ airodump-ng wifi1mon
**# What we are most interested in is the **//BSSID//** and the **//Channel//
**# We can then narrow down our monitor (look for handshake) to a specific BSSID**
**# The **//--write//** is the file that Airodump-ng will output to, which we can later review for Handshakes.**
$ airodump-ng wifi1mon --bssid //<BSSID_ADDRESS>// --channel //<CHANNEL_NO> //--write //<FILE_NAME>//
== Aireplay-ng ==
**# Is a powerful tool in the Aircrack suite. It is used for a couple of purposes, f.ex. to Deauth people**
**# from a network. It is also used for ARP injections, WEP and WPA2 password attacks and replay attacks.**
**# Aireplay-ng can read **//pcap//** files, which we a.a. can generate with **//Wireshark//
**# To Deauth a specific person on the network, obtain hes MAC (**//airodump//**) and run the following**
$ aireplay-ng --deauth 1 -a //<CLIENT_MAC_ADDRESS>// wifi1mon
**# To Deauth everyone on a network (For capturing reconnects/handshakes)**
$ aireplay-ng --deauth 100 -a //<AP_MAC_ADDRESS> //wifi1mon
== Aircrack-ng ==
**# Is the main tool in the Suite. It is used to crack passwords statically for WEP or dictionary cracks**
**# on WPA2 once the handshake is captured. **
**# Password lists (wordlist) can be found here; **https://wiki.skullsecurity.org/Passwords
**# Once you have a handshake, try and crack a password with (dictionary)**
$ aircrack-ng //path/to/cap/file// -w ///path/to/wordlist//
== Airdecap-ng ==
**# Is used to decrypt the traffic on a network. Once we have the password we are able to decrypt**
**# everyone's traffic to the Access Point. **
== Airtun-ng ==
**# Is tools to set up a virtual tunnel that will monitor specified packages on a network and connects**
**# to an IDE (like Snort) that can alert us. **
== Airolib-ng ==
**# Stores or manages ESSID and password lists that will help us speed up WPA/WPA2 password cracking.**
== Airbase-ng ==
**# Is used to turn our system into a AP - for tricking clients into associating with our machine instead**
**# of the real AP.**