Aircrack-ng to crack WEP and WPA-PSK keys.
Aireplay-ng supports various attacks such as
deauthentication (for the purpose of capturing the 4-way WPA handshake), fake
authentication, interactive packet replay, and more.
Aireplay-ng supports the following attacks along with their
corresponding numbers:
This section provides a general usage overview as not all options apply to all attacks. See
the command options of the specific attack you wish to use for the relevant details.
aireplay-ng <options><interface name>
For all attacks, with the exception of deauthentication and fake authentication, you may use
the following filters to limit the packets that will be used in the attack. The most commonly
used filter option is ‘-b’ to single out a specific AP.
When replaying (injecting) packets, the following options apply. Bear in mind that not
every option is relevant for every attack. The specific attack documentation provides
examples of the relevant options.
The Aireplay-ng attacks can obtain packets from two sources. The first source is a live flow
of packets from your wireless card whereas the second source is from a pre-captured pcap
file. The standard pcap format (http://www.tcpdump.org) is recognized by most
commercial and open-source traffic capture and analysis tools. Reading from a file is an
often-overlooked feature of Aireplay-ng.
The following attack modes are specified with the following switches. Numbers can be used
instead of the attack names.
The following troubleshooting tips apply to all modes of Aireplay-ng.
Aireplay-ng does not Inject Packets
Ensure that you are using the correct monitor mode interface. Running ‘iwconfig’ will
show the wireless interfaces and their states. For devices using mac80211 drivers, the
monitor mode interface is typically named mon0. For users of madwifi-ng drivers, ensure
that there are no other VAPs running.
Aireplay-ng Hangs with No Output
If you enter the command and it appears to hang with no output, this is typically due to
your wireless card being on a different channel number than the access point.
Also, if you have another instance of Aireplay-ng running in background mode, this can
cause the second command to hang if the options conflict.
Aireplay-ng “write failed: Cannot allocate memory wi_write(): illegal seek”
When using a wireless card with a Broadcom chipset, you may encounter this bug found in
the original bcm43xx patch. You can try using the b43 driver instead of bcm43xx.
Aireplay-ng has Slow Injection “rtc: lost some interrupts at 1024Hz”
If you see that you are injecting packets successfully but very slowly, at around 30 packets
per second, and receive the kernel message “rtc: lost some interrupts at 1024Hz”, there is
no fix other than to start another instance of Aireplay, which should increase the injection
rate.
Injection Test Usage
The injection test has the following usage:
aireplay-ng -9 -e <ESSID> -a <AP MAC> -i <interface><interface name>
Where:
• -9: injection test
• -e: optional ESSID (network name)
• -a: optional AP MAC address
• -i: optional interface name for the two card injection test
• <interface name>: the interface name to use for the test
Important: You must set your card to the desired channel with Airmon-ng prior to running
any of the tests.
The basic injection test determines if your card successfully supports injection. As
mentioned earlier, the wireless card must first be in monitor mode:
Next, the basic injection test is launched using the following syntax:
aireplay-ng -9 <interface name>
Injection Test Results Analysis
• 12:02:10 Injection is working!:
This confirms that the wireless card can inject
• 12:02:11 Found 2 APs:
These APs were found either through the broadcast probes
or received beacons
12:02:12 34:08:04:09:3D:38 – channel: 3 – ‘em3rgency’: The first AP being tested
12:02:13 Ping (min/avg/max): 1.455ms/4.163ms/12.006ms Power: -37.63: the ping times are calculated
12:02:13 30/30: 100%: The pings had a 100% success rate for the AP
12:02:13 C8:BC:C8:FE:D9:65 – channel: 2 – ‘secnet’: Notice that this AP is on channel 2.
Không có nhận xét nào:
Đăng nhận xét