User Tools

Site Tools


aircrack-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
aircrack-ng [2010/10/05 02:51]
netrolller3d Update the page a little.
aircrack-ng [2018/03/11 18:58] (current)
mister_x Updated link to ticket
Line 91: Line 91:
 ^Option^Param.^Description^ ^Option^Param.^Description^
 |-a|amode|Force attack mode (1 = static WEP, 2 = WPA/​WPA2-PSK).| |-a|amode|Force attack mode (1 = static WEP, 2 = WPA/​WPA2-PSK).|
-|-b|bssid|Long version --bssid. Select the target network based on the access point'​s MAC address.|+|-b|bssid|Long version - -bssid. Select the target network based on the access point'​s MAC address.|
 |-e|essid|If set, all IVs from networks with the same ESSID will be used. This option is also required for WPA/​WPA2-PSK cracking if the ESSID is not broadcasted (hidden).| |-e|essid|If set, all IVs from networks with the same ESSID will be used. This option is also required for WPA/​WPA2-PSK cracking if the ESSID is not broadcasted (hidden).|
 |-p|nbcpu|On SMP systems: # of CPU to use.  This option is invalid on non-SMP systems.| |-p|nbcpu|On SMP systems: # of CPU to use.  This option is invalid on non-SMP systems.|
Line 104: Line 104:
 |-i|index|(WEP cracking) Only keep the IVs that have this key index (1 to 4). The default behaviour is to ignore the key index.| |-i|index|(WEP cracking) Only keep the IVs that have this key index (1 to 4). The default behaviour is to ignore the key index.|
 |-f|fudge|(WEP cracking) By default, this parameter is set to 2 for 104-bit WEP and to 5 for 40-bit WEP. Specify a higher value to increase the bruteforce level: cracking will take more time, but with a higher likelyhood of success.| |-f|fudge|(WEP cracking) By default, this parameter is set to 2 for 104-bit WEP and to 5 for 40-bit WEP. Specify a higher value to increase the bruteforce level: cracking will take more time, but with a higher likelyhood of success.|
-|-H|//​none//​|Long version --help. ​ Output help information.| +|-H|//​none//​|Long version - -help. ​ Output help information.| 
-|-l|file name|(Lowercase L, ell) logs the key to the file specified.| +|-l|file name|(Lowercase L, ell) logs the key to the file specified. Overwrites the file if it already exists.| 
-|-K|//​none//​|Invokes the Korek WEP cracking method.|+|-K|//​none//​|Invokes the Korek WEP cracking method. ​(Default in v0.x)|
 |-k|korek|(WEP cracking) There are 17 korek statistical attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try -k 1, -k 2, ... -k 17 to disable each attack selectively.| |-k|korek|(WEP cracking) There are 17 korek statistical attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try -k 1, -k 2, ... -k 17 to disable each attack selectively.|
 |-p|threads|Allow the number of threads for cracking even if you have a non-SMP computer.| |-p|threads|Allow the number of threads for cracking even if you have a non-SMP computer.|
Line 115: Line 115:
 |-X|//​none//​|(WEP cracking) Disable bruteforce multithreading (SMP only).| |-X|//​none//​|(WEP cracking) Disable bruteforce multithreading (SMP only).|
 |-y|//​none//​|(WEP cracking) Experimental single bruteforce attack which should only be used when the standard attack mode fails with more than one million IVs| |-y|//​none//​|(WEP cracking) Experimental single bruteforce attack which should only be used when the standard attack mode fails with more than one million IVs|
-|-u|//​none//​|Long form --cpu-detect. ​ Provide information on the number of CPUs and MMX support. ​ Example responses to "​aircrack-ng --cpu-detect"​ are "Nb CPU detected: 2" or "Nb CPU detected: 1  (MMX available)"​.|+|-u|//​none//​|Long form - -cpu-detect. ​ Provide information on the number of CPUs and MMX support. ​ Example responses to "​aircrack-ng - -cpu-detect"​ are "Nb CPU detected: 2" or "Nb CPU detected: 1  (MMX available)"​.|
 |-w|words|(WPA cracking) Path to a wordlist or "​-"​ without the quotes for standard in (stdin).| |-w|words|(WPA cracking) Path to a wordlist or "​-"​ without the quotes for standard in (stdin).|
-|-z|//​none//​|Invokes the PTW WEP cracking method.| +|-z|//​none//​|Invokes the PTW WEP cracking method. ​(Default in v1.x)
-|-P|//​none//​|Long version --ptw-debug. ​ Invokes the PTW debug mode.| +|-P|//​none//​|Long version - -ptw-debug. ​ Invokes the PTW debug mode.| 
-|-C|MACs|Long version --combine. ​ Merge the given APs to a virtual one.| +|-C|MACs|Long version - -combine. ​ Merge the given APs to a virtual one.| 
-|-D|//​none//​|Long version --wep-decloak. ​ Run in WEP decloak mode.| +|-D|//​none//​|Long version - -wep-decloak. ​ Run in WEP decloak mode.| 
-|-V|//​none//​|Long version --visual-inspection. ​ Run in visual inspection mode.| +|-V|//​none//​|Long version - -visual-inspection. ​ Run in visual inspection mode.| 
-|-1|//​none//​|Long version --oneshot. ​ Run in oneshot mode.| +|-1|//​none//​|Long version - -oneshot. ​ Run in oneshot mode.| 
 +|-S|//​none//​|WPA cracking speed test.| 
 +|-s|//​none//​|Show the key in ASCII while cracking| 
 +|-E|file>​|(WPA cracking) Create EWSA Project file v3| 
 +|-J|file|(WPA cracking) Create Hashcat Capture file|
 ===== Usage Examples ===== ===== Usage Examples =====
 ==== WEP ==== ==== WEP ====
Line 396: Line 399:
 Although it is not part of aircrack-ng,​ it is worth mentioning an interesting piece of work is by SuD.  It is basically a wep hex dictionary already prepared and the program to run it: Although it is not part of aircrack-ng,​ it is worth mentioning an interesting piece of work is by SuD.  It is basically a wep hex dictionary already prepared and the program to run it:
  
-   ​http://​tv.latinsud.com/​wepdict/​+   ​http://​www.latinsud.com/pub/wepdict/
  
  
Line 505: Line 508:
 If you are sure your capture file contains a valid handshake then use Wireshark or an equivalent piece of software and manually pull out the beacon packet plus a set of handshake packets. If you are sure your capture file contains a valid handshake then use Wireshark or an equivalent piece of software and manually pull out the beacon packet plus a set of handshake packets.
  
-There is an open [[http://trac.aircrack-ng.org/ticket/651|trac ticket]] to correct this incorrect behavior.+There is an open [[https://github.com/​aircrack-ng/​aircrack-ng/​issues/651|GitHub issue]] to correct this incorrect behavior.
  
aircrack-ng.1286239889.txt.gz · Last modified: 2010/10/05 02:51 by netrolller3d