Aircrack-ng

User Tools

Site Tools

Trace:
aircrack-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
aircrack-ng [2017/03/15 01:50] – Added note about -l overwriting existing file. mister_xaircrack-ng [2018/07/11 20:30] – [Usage] Updated mister_x
Line 91: Line 91:
 ^Option^Param.^Description^ ^Option^Param.^Description^
 |-a|amode|Force attack mode (1 = static WEP, 2 = WPA/WPA2-PSK).| |-a|amode|Force attack mode (1 = static WEP, 2 = WPA/WPA2-PSK).|
-|-b|bssid|Long version - -bssid. Select the target network based on the access point's MAC address.| 
 |-e|essid|If set, all IVs from networks with the same ESSID will be used. This option is also required for WPA/WPA2-PSK cracking if the ESSID is not broadcasted (hidden).| |-e|essid|If set, all IVs from networks with the same ESSID will be used. This option is also required for WPA/WPA2-PSK cracking if the ESSID is not broadcasted (hidden).|
 +|-b|bssid|Long version - -bssid. Select the target network based on the access point's MAC address.|
 |-p|nbcpu|On SMP systems: # of CPU to use.  This option is invalid on non-SMP systems.| |-p|nbcpu|On SMP systems: # of CPU to use.  This option is invalid on non-SMP systems.|
 |-q|//none//|Enable quiet mode (no status output until the key is found, or not).| |-q|//none//|Enable quiet mode (no status output until the key is found, or not).|
 +|-C|MACs|Long version - -combine.  Merge the given APs (separated by a comma) into virtual one.|
 +|-l|file name|(Lowercase L, ell) logs the key to the file specified. Overwrites the file if it already exists.|
 |-c|//none//|(WEP cracking) Restrict the search space to alpha-numeric characters only (0x20 - 0x7F).| |-c|//none//|(WEP cracking) Restrict the search space to alpha-numeric characters only (0x20 - 0x7F).|
 |-t|//none//|(WEP cracking) Restrict the search space to binary coded decimal hex characters.| |-t|//none//|(WEP cracking) Restrict the search space to binary coded decimal hex characters.|
Line 100: Line 102:
 |-d|start|(WEP cracking) Long version --debug.  Set the beginning of the WEP key (in hex), for debugging purposes.| |-d|start|(WEP cracking) Long version --debug.  Set the beginning of the WEP key (in hex), for debugging purposes.|
 |-m|maddr|(WEP cracking) MAC address to filter WEP data packets. Alternatively, specify -m ff:ff:ff:ff:ff:ff to use all and every IVs, regardless of the network.| |-m|maddr|(WEP cracking) MAC address to filter WEP data packets. Alternatively, specify -m ff:ff:ff:ff:ff:ff to use all and every IVs, regardless of the network.|
-|-M|number|(WEP cracking) Sets the maximum number of ivs to use.| 
 |-n|nbits|(WEP cracking) Specify the length of the key: 64 for 40-bit WEP, 128 for 104-bit WEP, etc. The default value is 128.| |-n|nbits|(WEP cracking) Specify the length of the key: 64 for 40-bit WEP, 128 for 104-bit WEP, etc. The default value is 128.|
 |-i|index|(WEP cracking) Only keep the IVs that have this key index (1 to 4). The default behaviour is to ignore the key index.| |-i|index|(WEP cracking) Only keep the IVs that have this key index (1 to 4). The default behaviour is to ignore the key index.|
 |-f|fudge|(WEP cracking) By default, this parameter is set to 2 for 104-bit WEP and to 5 for 40-bit WEP. Specify a higher value to increase the bruteforce level: cracking will take more time, but with a higher likelyhood of success.| |-f|fudge|(WEP cracking) By default, this parameter is set to 2 for 104-bit WEP and to 5 for 40-bit WEP. Specify a higher value to increase the bruteforce level: cracking will take more time, but with a higher likelyhood of success.|
 |-H|//none//|Long version - -help.  Output help information.| |-H|//none//|Long version - -help.  Output help information.|
-|-l|file name|(Lowercase L, ell) logs the key to the file specified. Overwrites the file if it already exists.| 
 |-K|//none//|Invokes the Korek WEP cracking method. (Default in v0.x)| |-K|//none//|Invokes the Korek WEP cracking method. (Default in v0.x)|
 |-k|korek|(WEP cracking) There are 17 korek statistical attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try -k 1, -k 2, ... -k 17 to disable each attack selectively.| |-k|korek|(WEP cracking) There are 17 korek statistical attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try -k 1, -k 2, ... -k 17 to disable each attack selectively.|
Line 118: Line 118:
 |-w|words|(WPA cracking) Path to a wordlist or "-" without the quotes for standard in (stdin).| |-w|words|(WPA cracking) Path to a wordlist or "-" without the quotes for standard in (stdin).|
 |-z|//none//|Invokes the PTW WEP cracking method. (Default in v1.x)| |-z|//none//|Invokes the PTW WEP cracking method. (Default in v1.x)|
-|-P|//none//|Long version - -ptw-debug.  Invokes the PTW debug mode.| +|-P|number|Long version - -ptw-debug.  Invokes the PTW debug mode: 1 Disable klein, 2 PTW.| 
-|-C|MACs|Long version - -combine.  Merge the given APs to a virtual one.|+|-K|//none//|Use KoreK attacks instead of PTW.|
 |-D|//none//|Long version - -wep-decloak.  Run in WEP decloak mode.| |-D|//none//|Long version - -wep-decloak.  Run in WEP decloak mode.|
 |-V|//none//|Long version - -visual-inspection.  Run in visual inspection mode.| |-V|//none//|Long version - -visual-inspection.  Run in visual inspection mode.|
-|-1|//none//|Long version - -oneshot.  Run in oneshot mode.|+|-1|//none//|Long version - -oneshot.  Run only 1 try to crack key with PTW.| 
 +|-M|number|(WEP cracking) Specify the maximum number of IVs to use.|
 |-S|//none//|WPA cracking speed test.| |-S|//none//|WPA cracking speed test.|
 +|-Z|sec|WPA cracking speed test execution length in seconds.|
 |-s|//none//|Show the key in ASCII while cracking| |-s|//none//|Show the key in ASCII while cracking|
-|-E|file>|(WPA cracking) Create EWSA Project file v3| +|-N|file|Create a new cracking session and save it to the specified file.| 
-|-J|file|(WPA cracking) Create Hashcat Capture file|+|-R|file|Restore cracking session from the specified file.| 
 +|-E|file>|(WPA cracking) Create EWSA Project file v3.
 +|-J|file|(WPA cracking) Create Hashcat Capture file.| 
 +|-j|file|(WPA cracking) Create Hashcat v3.6+ Capture file (HCCAPX).| 
 +|--simd|optimization|Use user-specified SIMD optimization instead of the fastest one.| 
 +|--simd-list|//none//|Shows a list of the SIMD optimizations available.|
 ===== Usage Examples ===== ===== Usage Examples =====
 ==== WEP ==== ==== WEP ====
Line 508: Line 515:
 If you are sure your capture file contains a valid handshake then use Wireshark or an equivalent piece of software and manually pull out the beacon packet plus a set of handshake packets. If you are sure your capture file contains a valid handshake then use Wireshark or an equivalent piece of software and manually pull out the beacon packet plus a set of handshake packets.
  
-There is an open [[http://trac.aircrack-ng.org/ticket/651|trac ticket]] to correct this incorrect behavior.+There is an open [[https://github.com/aircrack-ng/aircrack-ng/issues/651|GitHub issue]] to correct this incorrect behavior.
  
aircrack-ng.txt · Last modified: 2019/09/18 22:39 by mister_x