aircrack-ng
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
aircrack-ng [2015/04/12 23:30] – Fixed display of double '-' again. mister_x | aircrack-ng [2018/07/11 21:04] – [Usage] added requirement for -V mister_x | ||
---|---|---|---|
Line 87: | Line 87: | ||
You can specify multiple input files (either in .cap or .ivs format) or use file name wildcarding. | You can specify multiple input files (either in .cap or .ivs format) or use file name wildcarding. | ||
- | Here's a summary of all available | + | === Options === |
+ | == Common | ||
^Option^Param.^Description^ | ^Option^Param.^Description^ | ||
- | |-a|amode|Force attack mode (1 = static WEP, 2 = WPA/ | + | |-a|amode|Force attack mode (1 = static WEP, 2 = WPA/ |
- | |-b|bssid|Long version - -bssid. Select the target network based on the access point' | + | |-e|essid|If set, all IVs from networks with the same ESSID will be used. This option is also required for WPA/ |
- | |-e|essid|If set, all IVs from networks with the same ESSID will be used. This option is also required for WPA/ | + | |-b|bssid|Long version -'''' |
- | |-p|nbcpu|On SMP systems: # of CPU to use. This option is invalid on non-SMP systems.| | + | |-p|nbcpu|On SMP systems: # of CPU to use. This option is invalid on non-SMP systems| |
- | |-q|// | + | |-q|// |
- | |-c|// | + | |-C|MACs|Long version -'''' |
- | |-t|// | + | |-l|file name|(Lowercase L, ell) logs the key to the file specified. Overwrites the file if it already exists| |
- | |-h|// | + | |
- | |-d|start|(WEP cracking) | + | == Static WEP cracking options == |
- | |-m|maddr|(WEP cracking) | + | |
- | |-M|number|(WEP cracking) Sets the maximum number of ivs to use.| | + | ^Option^Param.^Description^ |
- | |-n|nbits|(WEP cracking) | + | |-c|// |
- | |-i|index|(WEP cracking) | + | |-t|// |
- | |-f|fudge|(WEP cracking) | + | |-h|// |
- | |-H|//none//|Long version | + | |-d|start|Long version --debug. |
- | |-l|file name|(Lowercase L, ell) logs the key to the file specified.| | + | |-m|maddr|MAC address to filter WEP data packets. Alternatively, |
+ | |-n|nbits|Specify the length of the key: 64 for 40-bit WEP, 128 for 104-bit WEP, etc. The default value is 128| | ||
+ | |-i|index|Only keep the IVs that have this key index (1 to 4). The default behaviour is to ignore the key index| | ||
+ | |-f|fudge|By default, this parameter is set to 2 for 104-bit WEP and to 5 for 40-bit WEP. Specify a higher value to increase the bruteforce level: cracking will take more time, but with a higher likelyhood of success| | ||
+ | |-k|korek|There are 17 korek statistical attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try -k 1, -k 2, ... -k 17 to disable each attack selectively| | ||
+ | |-x/-x0|//none//|Disable last keybytes brutforce| | ||
+ | |-x1|// | ||
+ | |-x2|// | ||
+ | |-X|//none//|Disable bruteforce multithreading | ||
+ | |-s|// | ||
+ | |-y|// | ||
+ | |-z|// | ||
+ | |-P|number|Long version -'''' | ||
|-K|// | |-K|// | ||
- | |-k|korek|(WEP cracking) There are 17 korek statistical attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try -k 1, -k 2, ... -k 17 to disable each attack selectively.| | + | |-D|//none//|Long version |
- | |-p|threads|Allow the number of threads for cracking even if you have a non-SMP computer.| | + | |-1|//none//|Long version |
- | |-r|database|Utilizes a database generated by airolib-ng as input to determine the WPA key. | + | |-M|number|(WEP cracking) |
- | |-x/ | + | |-V|// |
- | |-x1|//none//|(WEP cracking) Enable last keybyte bruteforcing (default).| | + | |
- | |-x2|// | + | == WEP and WPA-PSK cracking options == |
- | |-X|// | + | |
- | |-y|//none//|(WEP cracking) | + | ^Option^Param.^Description^ |
- | |-u|// | + | |-w|words|Path to a wordlists |
- | |-w|words|(WPA cracking) | + | |-N|file|Create a new cracking session and save it to the specified file| |
- | |-z|//none//|Invokes | + | |-R|file|Restore |
- | |-P|//none//|Long version | + | |
- | |-C|MACs|Long version | + | == WPA-PSK options == |
- | |-D|//none//|Long version - -wep-decloak. | + | |
- | |-V|// | + | ^Option^Param.^Description^ |
- | |-1|// | + | |-E|file> |
- | |-S|// | + | |-j|file|Create Hashcat v3.6+ Capture file (HCCAPX)| |
+ | |-J|file|Create Hashcat Capture file| | ||
+ | |-S|//none//|WPA cracking speed test| | ||
+ | |-Z|sec|WPA cracking speed test execution length in seconds| | ||
+ | |-r|database|Utilizes a database generated by [[airolib-ng]] as input to determine | ||
+ | |||
+ | == SIMD Selection == | ||
+ | |||
+ | ^Option^Param.^Description^ | ||
+ | |--simd|optimization|Use user-specified SIMD optimization instead of the fastest | ||
+ | |--simd-list|//none//|Shows a list of the SIMD optimizations available| | ||
+ | |||
+ | == Other options == | ||
+ | |||
+ | ^Option^Param.^Description^ | ||
+ | |-H|// | ||
+ | |-u|// | ||
===== Usage Examples ===== | ===== Usage Examples ===== | ||
Line 506: | Line 535: | ||
If you are sure your capture file contains a valid handshake then use Wireshark or an equivalent piece of software and manually pull out the beacon packet plus a set of handshake packets. | If you are sure your capture file contains a valid handshake then use Wireshark or an equivalent piece of software and manually pull out the beacon packet plus a set of handshake packets. | ||
- | There is an open [[http://trac.aircrack-ng.org/ticket/651|trac ticket]] to correct this incorrect behavior. | + | There is an open [[https://github.com/ |
aircrack-ng.txt · Last modified: 2019/09/18 22:39 by mister_x