aircrack-ng
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
aircrack-ng [2018/03/11 18:58] – Updated link to ticket mister_x | aircrack-ng [2018/07/11 21:53] – Fixed displaying page mister_x | ||
---|---|---|---|
Line 87: | Line 87: | ||
You can specify multiple input files (either in .cap or .ivs format) or use file name wildcarding. | You can specify multiple input files (either in .cap or .ivs format) or use file name wildcarding. | ||
- | Here's a summary of all available | + | === Options === |
+ | == Common | ||
^Option^Param.^Description^ | ^Option^Param.^Description^ | ||
- | |-a|amode|Force attack mode (1 = static WEP, 2 = WPA/ | + | |-a|amode|Force attack mode (1 = static WEP, 2 = WPA/ |
- | |-b|bssid|Long version - -bssid. Select the target network based on the access point' | + | |-e|essid|If set, all IVs from networks with the same ESSID will be used. This option is also required for WPA/ |
- | |-e|essid|If set, all IVs from networks with the same ESSID will be used. This option is also required for WPA/ | + | |-b|bssid|Long version -'''' |
- | |-p|nbcpu|On SMP systems: # of CPU to use. This option is invalid on non-SMP systems.| | + | |-p|nbcpu|On SMP systems: # of CPU to use. This option is invalid on non-SMP systems| |
- | |-q|// | + | |-q|// |
- | |-c|// | + | |-C|MACs|Long version -'''' |
- | |-t|// | + | |-l|file name|(Lowercase L, ell) logs the key to the file specified. Overwrites the file if it already exists| |
- | |-h|// | + | |
- | |-d|start|(WEP cracking) | + | == Static WEP cracking options == |
- | |-m|maddr|(WEP cracking) | + | |
- | |-M|number|(WEP cracking) Sets the maximum number of ivs to use.| | + | ^Option^Param.^Description^ |
- | |-n|nbits|(WEP cracking) | + | |-c|// |
- | |-i|index|(WEP cracking) | + | |-t|// |
- | |-f|fudge|(WEP cracking) | + | |-h|// |
- | |-H|// | + | |-d|start|Long version --debug. |
- | |-l|file name|(Lowercase L, ell) logs the key to the file specified. Overwrites the file if it already exists.| | + | |-m|maddr|MAC address to filter WEP data packets. Alternatively, |
- | |-K|// | + | |-n|nbits|Specify the length of the key: 64 for 40-bit WEP, 128 for 104-bit WEP, etc. The default value is 128| |
- | |-k|korek|(WEP cracking) | + | |-i|index|Only keep the IVs that have this key index (1 to 4). The default behaviour is to ignore the key index| |
- | |-p|threads|Allow the number of threads for cracking even if you have a non-SMP computer.| | + | |-f|fudge|By default, this parameter is set to 2 for 104-bit WEP and to 5 for 40-bit WEP. Specify a higher value to increase the bruteforce level: cracking will take more time, but with a higher likelyhood of success| |
- | |-r|database|Utilizes a database generated by airolib-ng as input to determine the WPA key. Outputs an error message if aircrack-ng has not been compiled with sqlite support.| | + | |-k|korek|There are 17 korek statistical attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try -k 1, -k 2, ... -k 17 to disable each attack selectively| |
- | |-x/ | + | |-x/ |
- | |-x1|// | + | |-x1|// |
- | |-x2|// | + | |-x2|// |
- | |-X|// | + | |-X|// |
- | |-y|// | + | |
- | |-u|// | + | |
- | |-w|words|(WPA cracking) Path to a wordlist or " | + | |
- | |-z|// | + | |
- | |-P|// | + | |
- | |-C|MACs|Long version - -combine. | + | |
- | |-D|// | + | |
- | |-V|// | + | |
- | |-1|// | + | |
- | |-S|// | + | |
|-s|// | |-s|// | ||
- | |-E|file>|(WPA cracking) Create EWSA Project file v3| | + | |-y|//none//|Experimental single bruteforce attack which should only be used when the standard attack mode fails with more than one million IVs| |
- | |-J|file|(WPA cracking) Create Hashcat Capture file| | + | |-z|// |
+ | |-P|number|Long version -'''' | ||
+ | |-K|// | ||
+ | |-D|// | ||
+ | |-1|// | ||
+ | |-M|number|(WEP cracking) Specify the maximum number of IVs to use| | ||
+ | |-V|// | ||
+ | |||
+ | == WEP and WPA-PSK cracking | ||
+ | |||
+ | ^Option^Param.^Description^ | ||
+ | |-w|words|Path to a wordlists or " | ||
+ | |-N|file|Create a new cracking session and save it to the specified file| | ||
+ | |-R|file|Restore cracking session from the specified file| | ||
+ | |||
+ | == WPA-PSK options == | ||
+ | |||
+ | ^Option^Param.^Description^ | ||
+ | |-E|file> | ||
+ | |-j|file|Create Hashcat v3.6+ Capture file (HCCAPX)| | ||
+ | |-J|file|Create Hashcat Capture file| | ||
+ | |-S|// | ||
+ | |-Z|sec|WPA cracking speed test execution length in seconds| | ||
+ | |-r|database|Utilizes a database generated by [[airolib-ng]] as input to determine the WPA key. Outputs an error message if aircrack-ng has not been compiled with sqlite support| | ||
+ | |||
+ | == SIMD Selection == | ||
+ | |||
+ | ^Option^Param.^Description^ | ||
+ | |--simd|optimization|Use user-specified SIMD optimization instead of the fastest one| | ||
+ | |--simd-list|// | ||
+ | |||
+ | == Other options == | ||
+ | |||
+ | ^Option^Param.^Description^ | ||
+ | |-H|// | ||
+ | |-u|// | ||
===== Usage Examples ===== | ===== Usage Examples ===== | ||
==== WEP ==== | ==== WEP ==== | ||
Line 302: | Line 329: | ||
Now you have the passphrase and can connect to the network. | Now you have the passphrase and can connect to the network. | ||
+ | |||
+ | === SIMD === | ||
+ | |||
+ | Aircrack-ng is compiled with multiple optimizations based on CPU features we call crypto engines. CPU features are different based on the type of CPU. | ||
+ | |||
+ | On x86 (and 64 bit), typically SSE2, AVX and AVX2 are available (AVX512 can be compiled in but it should only be done if the current CPU supports it). On ARM, neon and ASIMD are usually available and on PowerPC, ASIMD and altivec. A generic optimization is always available no matter what architecture it is compiled on or for. A limited set of optimizations may be available depending on the OS/ | ||
+ | |||
+ | When running aircrack-ng, | ||
+ | |||
+ | In order to override, the option -'''' | ||
+ | |||
+ | aircrack-ng --simd=avx wpa.cap -w password.lst | ||
+ | |||
+ | In order to list all the available SIMD optimization, | ||
+ | |||
+ | aircrack-ng --simd-list | ||
+ | |||
+ | will display "avx2 avx sse2 generic" | ||
+ | |||
+ | ==== Cracking session ==== | ||
+ | |||
+ | Cracking can sometimes take a very long time and it is sometimes necessary to turn off the computer or put it to sleep for a while. In order to handle this kind of situation, a new set of option has been created. | ||
+ | |||
+ | It will create and/or update a session file saving the current status of the cracking (every 10 minutes) as well as all the options used, wordlists and capture files used. Multiple wordlists can be used and it works with WEP and WPA. | ||
+ | |||
+ | aircrack-ng --new-session current.session -w password.lst, | ||
+ | |||
+ | In order to restore the session, use -'''' | ||
+ | |||
+ | aircrack-ng --restore-session current.session | ||
+ | |||
+ | It will keep updating // | ||
+ | |||
+ | Limitations: | ||
+ | * The wordlist must be files. For now, they cannot be //stdin// or [[airolib-ng]] databases | ||
+ | * Session has to be restored from the same directory as when first using -'''' | ||
+ | * No new options can be added when restoring session | ||
===== Usage Tips ===== | ===== Usage Tips ===== | ||
==== General approach to cracking WEP keys ==== | ==== General approach to cracking WEP keys ==== |
aircrack-ng.txt · Last modified: 2019/09/18 22:39 by mister_x