forked from aircrack-ng/aircrack-ng
-
Notifications
You must be signed in to change notification settings - Fork 1
/
README
176 lines (122 loc) · 6.6 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
Documentation, tutorials, ... can be found on https://www.aircrack-ng.org
See also manpages and the forum.
Installing
==========
This version has more dependencies/libraries required than previous versions to be compiled.
See INSTALLING file for more information
OpenWrt Devices
===============
You can use airodump-ng on OpenWrt devices. You'll have to use specify
prism0 as interface. Airodump-ng will automatically create it.
Rq: Aireplay DOESN'T work on OpenWrt (2.4 kernel) with broadcom chipset since the driver doesn't support injection. It *may* work with 2.6 kernels >= 2.6.24 (kamikaze 8.09+ custom-built).
Known bugs:
===========
Drivers
-------
Madwifi-ng
----------
The cause of most of these problems (1, 2 and 3) is that Madwifi-ng cannot easily change the rate in monitor mode.
Technically, when changing rate while in monitor mode, the raw socket gets invalidated and we have to get it again.
Madwifi-ng is getting replaced by several drivers: ath5k, ath9k and ar9170.
Problem 1: No client can associate to an airbase soft AP.
Solution: Use a more recent driver. Madwifi-ng has been deprecated for years.
Problem 2: When changing rate while you are capturing packet makes airodump-ng stall
Solution 2: Restart airodump-ng or change rate before starting it.
Problem 3: After some time it stops capturing packets and you're really sure no network manager are running at all.
Solution 3: That's a known bug in the driver, it may happen at any time (the time before it fails can vary a lot:
from 5 minutes to 50 or even more). Try (as root) unloading completely the driver with 'madwifi-unload'
and then run 'modprobe ath_pci autocreate=monitor'.
Problem 4: When creating a new VAP airodump-ng takes up to 10-15 seconds to see the first packet
Solution 4: It's the behavior of madwifi-ng, don't worry (... be happy ;)).
Orinoco
-------
Problem: BSSID is not reported correctly or is 00:00:00:00:00:00 or signal is not reported correctly.
Solution: None. Consider replacing your card, orinoco is really really old.
Aircrack-ng
-----------
Aireplay-ng
-----------
Problem: Fakeauth on a WRT54G with WEP (shared authentication) doesn't work.
Solution: None at this time (we'll try to fix it in an upcoming release).
Airolib-ng
----------
Problem: On windows only, opening/creating a database doesn't work when airolib-ng is in directories containing
special characters like 'ç', 'é', 'è', 'à', ... (directories containing spaces are not affected).
Reason: It's a SQLite issue.
Solution: Rename the directory or move the database into another directory.
Airodump-ng
-----------
Problem: Airodump-ng stop working after some time.
Solution 1: You may have a network manager running that puts back the card in managed mode.
You'll have to disable it (the fastest solution is killing the process) then restart airodump-ng.
Solution 2: See Problem 3 of Madwifi-ng.
Problem: On windows, it doesn't display a list of adapters like the old 0.X
Solution: It requires you to develop your own DLL.
Problem: Handshake is not captured/detected
Reason: You might be too far and your signal is bad (or too close with a signal too strong).
Another possibility is that Airodump-ng didn't detect the handshake properly due to
being far apart in the capture.
Solution 1: Check out our tutorial 'WPA Packet Capture Explained' in the wiki.
Solution 2: Try running Aircrack-ng on your capture, it might detect the capture.
Solution 3: Check out our wpaclean tool.
Note: It will be fixed in an upcoming release.
Cygwin
------
Problem: /usr/include/sys/reent.h:14:20: fatal error: stddef.h: No such file or directory
Solution: It happens because the gcc and g++ version are different. Make sure they are the same.
Sample files
============
wep.open.system.authentication.cap:
It show a connexion (authentication then association) to a WEP network (open authentication).
wep.shared.key.authentication.cap:
It shows a connexion (authentication then association to a WEP network (shared authentication).
The difference with open authentication is that the client has to encrypt a challenge text
and send it back (encrypted) to the AP to prove it has the right key.
wpa.cap:
This is a sample file with a WPA handshake. It is located in the test/ directory of the install files.
The passphrase is 'biscotte'. Use the password file (password.lst) which is in the same directory.
wpa2.eapol.cap:
This is a sample file with a WPA2 handshake.
It is located in the test/ directory of the install files.
The passphrase is '12345678'. Use the password file (password.lst) which is in the same directory.
test.ivs (http://download.aircrack-ng.org/wiki-files/other/test.ivs):
This is a 128 bit WEP key file.
The key is AE:5B:7F:3A:03:D0:AF:9B:F6:8D:A5:E2:C7.
wep_64_ptw.cap (http://dl.aircrack-ng.org/ptw.cap):
This is a 64 bit WEP key file suitable for the PTW method.
The key is '1F:1F:1F:1F:1F'.
wpa-psk-linksys.cap:
This is a sample file with a WPA1 handshake along with some encrypted packets.
Useful for testing with airdecap-ng. The password is 'dictionary'.
wpa2-psk-linksys.cap:
This is a sample file with a WPA2 handshake along with some encrypted packets.
Useful for testing with airdecap-ng. The password is 'dictionary'.
wps2.0.pcap:
This is a test file with WPS 2.0 beacon.
password.lst and password-2.lst:
This is a sample wordlist for WPA key cracking. More wordlists can be found at
https://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists
password.db
This is a sample airolib-ng database for WPA key cracking.
pingreply.c
Replies to all ping requests. Useful for testing sniffing/injecting packets with airtun-ng.
Chinese-SSID-Name.pcap
Contains a beacon with an SSID displayed in Chinese.
verify_inject.py
Testing DNS requests using airtun-ng.
n-02.cap:
This is a test file with 802.11X-2004 AES-128-CMAC handshake.
Useful for testing with aircrack-ng. The password is 'bo$$password'.
test-pmkid.pcap:
This is a test file with PMKID. Passphrase for 'WLAN-771698' is 'SP-91862D361'
test1.pcap:
This is another test file with PMKID. Passphrase for the network
'ogogo' is '15211521'
StayAlfred.hccapx:
Hashcat HCCAPx file with WPA handshake.
Passphrase for 'StayAlfred' ESSID is 'staytogether'
wpa3-psk.pcap:
WPA3 PSK SAE authentication. Passphrase for the network
'WPA3-Network' is 'abcdefgh'
More sample pcap are available from Wireshark:
https://wiki.wireshark.org/SampleCaptures#Wifi_.2F_Wireless_LAN_captures_.2F_802.11