Aircrack-ng

User Tools

Site Tools

Trace:
faq

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
faq [2009/10/21 17:01] – Clarified max packets needed. darkaudaxfaq [2017/04/26 23:24] – [Where can I find good wordlists ?] Added github search mister_x
Line 1: Line 1:
 ====== FAQ ====== ====== FAQ ======
 +===== What version of Aircrack-ng am I running ?  =====
 +
 +Run 'aircrack-ng | head'. Version information is in the first line of text (second if the empty line is taken into account).
 +
 ===== What is the best wireless card to buy ?  ===== ===== What is the best wireless card to buy ?  =====
  
-Which card to purchase is a hard question to answer.  Each person's criteria is somewhat different.  However, having said that, if money is not a constraint then the following cards are considered the best in class:+Which card to purchase is a hard question to answer.  Each person's criteria is somewhat different, such as one may require 802.11n capability, or may require it to work via virtualisation.  However, having said that, if money is not a constraint then the following cards are considered the best in class:
  
-  * Alfa AWUS036H +  * Alfa AWUS036H [b/g USB] 
-  * Ubiquiti SRC+  * Ubiquiti SRC [a/b/g Cardbus] 
 +  * Ubiquiti SRX [a/b/g ExpressCard] 
 +  * Airpcap series [USB] 
 +  * TP-Link TL-WN722N [b/g/n USB] 
 +  * Alfa AWUS051NH v2 [a/b/g/n USB]
  
-If money is a constraint then consider purchasing a card with a RTL8187L, RT73 or Atheros chipset.  There are many available on the market for fairly low prices.  You are simply trading off distance, sensitivity and performance for cost.+If money is a constraint then consider purchasing a card with a RTL8187L or Atheros chipset, also read [[compatibility_drivers#which_is_the_best_card_to_buy|this]] first before purchasing. There are many available on the market for fairly low prices.  You are simply trading off distance, sensitivity and performance for cost.
  
 If you want to know if your existing card is compatible then use this page: [[compatible_cards|Tutorial: Is My Wireless Card Compatible?]] If you want to know if your existing card is compatible then use this page: [[compatible_cards|Tutorial: Is My Wireless Card Compatible?]]
Line 19: Line 27:
  
 The [[links]] page also generic wireless information and tutorials. The [[links]] page also generic wireless information and tutorials.
 +
 +===== Any GPS recommendation ?  =====
 +
 +The following 2 devices have been tested and work fine:
 +
 +  * BU-353
 +  * NL-402U USB
 +
 +However, anything that is [[http://www.catb.org/gpsd/hardware.html|compatible with GPSd]] will work. 
  
 ===== "command not found" error message  ===== ===== "command not found" error message  =====
Line 30: Line 47:
  
 Since that time, the PTW approach (Pychkine, Tews, Weinmann) has been developed. The main advantage of the PTW approach is that very few data packets are required to crack the WEP key.  Since that time, the PTW approach (Pychkine, Tews, Weinmann) has been developed. The main advantage of the PTW approach is that very few data packets are required to crack the WEP key. 
- 
- 
  
 ===== How many IVs are required to crack WEP ? ===== ===== How many IVs are required to crack WEP ? =====
Line 39: Line 54:
 There is no way to know the WEP key length: this information is kept hidden and never announced, either in management or data packets; as a consequence, airodump-ng can not report the WEP key length. Thus, it is recommended to run aircrack-ng twice: when you have 250,000 IVs, start aircrack-ng with "-n 64" to crack 40-bit WEP. Then if the key is not found, restart aircrack-ng (without the -n option) to crack 104-bit WEP. There is no way to know the WEP key length: this information is kept hidden and never announced, either in management or data packets; as a consequence, airodump-ng can not report the WEP key length. Thus, it is recommended to run aircrack-ng twice: when you have 250,000 IVs, start aircrack-ng with "-n 64" to crack 40-bit WEP. Then if the key is not found, restart aircrack-ng (without the -n option) to crack 104-bit WEP.
  
-The figures above are based on using the Korek method.  With the introduction of the [[http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/|PTW technique]] in aircrack-ng 0.9 and above, the number of **data packets** required to crack WEP is dramatically lowered. Using this technique, 40-bit WEP (64 bit key) can be cracked with as few as 20,000 data packets and 104-bit WEP (128 bit key) with 40,000 data packets.  PTW is limited to 40 and 104 bit keys lengths.  Keep in mind that it can take 100,00+ packets even using the PTW method.  Additionally, PTW only works properly with [[supported_packets|selected packet types]].  Aircrack-ng defaults to the PTW method and you must manually specify the Korek method in order to use it.\\+The figures above are based on using the Korek method.  With the introduction of the [[http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/|PTW technique]] in aircrack-ng 0.9 and above, the number of **data packets** required to crack WEP is dramatically lowered. Using this technique, 40-bit WEP (64 bit key) can be cracked with as few as 20,000 data packets and 104-bit WEP (128 bit key) with 40,000 data packets.  PTW is limited to 40 and 104 bit keys lengths.  Keep in mind that it can take 100K packets or more even using the PTW method.  Additionally, PTW only works properly with [[supported_packets|selected packet types]].  Aircrack-ng defaults to the PTW method and you must manually specify the Korek method in order to use it.\\
  
  
Line 65: Line 80:
  
 The easiest way is do an Internet search for word lists and dictionaries. Also check out web sites for password cracking tools. Many times they have references to word lists. A few sources follow. Please add comments or additions to this thread: http://forum.aircrack-ng.org/index.php?topic=1373.0. The easiest way is do an Internet search for word lists and dictionaries. Also check out web sites for password cracking tools. Many times they have references to word lists. A few sources follow. Please add comments or additions to this thread: http://forum.aircrack-ng.org/index.php?topic=1373.0.
 +
 +Remember that valid passwords are 8 to 63 characters in length. The [[http://aircrack-ng.org/doku.php?id=aircrack-ng#other_tips|Aircrack-ng Other Tips]] page has a script to eliminate passwords which are invalid in terms of length.
  
   * OpenWall:   * OpenWall:
     * ftp://ftp.openwall.com/pub/wordlists/     * ftp://ftp.openwall.com/pub/wordlists/
     * http://www.openwall.com/mirrors/     * http://www.openwall.com/mirrors/
-  * ftp://ftp.ox.ac.uk/pub/wordlists/+  * GitHub 
 +    * https://github.com/danielmiessler/SecLists/tree/master/Passwords 
 +    * https://github.com/berzerk0/Probable-Wordlists 
 +    * https://github.com/search?q=wordlist
   * http://gdataonline.com/downloads/GDict/   * http://gdataonline.com/downloads/GDict/
-  * http://www.theargon.com/achilles/wordlists/ 
-  * http://theargon.com/achilles/wordlists/theargonlists/ 
   * ftp://ftp.cerias.purdue.edu/pub/dict/   * ftp://ftp.cerias.purdue.edu/pub/dict/
   * http://www.outpost9.com/files/WordLists.html   * http://www.outpost9.com/files/WordLists.html
-  * http://www.securinfos.info/wordlists_dictionnaires.php 
   * http://www.vulnerabilityassessment.co.uk/passwords.htm   * http://www.vulnerabilityassessment.co.uk/passwords.htm
   * http://packetstormsecurity.org/Crackers/wordlists/   * http://packetstormsecurity.org/Crackers/wordlists/
   * http://www.ai.uga.edu/ftplib/natural-language/moby/   * http://www.ai.uga.edu/ftplib/natural-language/moby/
-  * http://www.insidepro.com/eng/download.shtml 
-  * http://www.word-list.com/ 
   * http://www.cotse.com/tools/wordlists1.htm   * http://www.cotse.com/tools/wordlists1.htm
   * http://www.cotse.com/tools/wordlists2.htm   * http://www.cotse.com/tools/wordlists2.htm
-  * http://wordlist.sourceforge.net/ +  * http://wordlist.aspell.net/ 
- +  * https://darkz0ne.net/wordlists
-==== Build your own ==== +
- +
-Here are a few resources to build your own lists.  There are many, many more available if you search the Internet. +
- +
-  *[[https://code.goto10.org/svn/unpacked/sh/etemenanki/etemenanki.sh|Etemenanki]] is a shell script that "builds word dictionaries based on remote and local (hyper)text repositories"+
-  *[[http://awlg.org/index.gen|Associative Word List Generator]] allows you to build custom lists based on a "root" word. +
-  *[[http://forum.aircrack-ng.org/index.php?topic=4580.0|Password Generator]] is a program that generates all the variations of a string of characters based on the length of the string. +
-  *[[http://forum.aircrack-ng.org/index.php?topic=4877.msg27435#msg27435|Password Generator]] is a program that goes through standard and arbitrary permutations of strings.+
  
 ===== How do I recover my WEP/WPA key in windows ? ===== ===== How do I recover my WEP/WPA key in windows ? =====
Line 141: Line 148:
 From the command line you may use the //mergecap// program to merge //.cap// files (part of the Wireshark/Ethereal package or the win32 distribution):  From the command line you may use the //mergecap// program to merge //.cap// files (part of the Wireshark/Ethereal package or the win32 distribution): 
  
-  mergecap -w out.cap test1.cap test2.cap test3.cap +  mergecap -F pcap test1.cap test2.cap test3.cap -w out.cap 
 + 
 +It will merge test1.captest2.cap and test3.cap into out.cap
  
-It will merge test1.cap, test2.cap and test3.cap into out.cap +  mergecap -F pcap *.cap -w out.cap 
 +  
 +It will merge all the .cap files contained in the current folder into out.cap
  
 You may use the [[tools#merge|ivstools]] program to merge //.ivs// files (part of aircrack-ng package) You may use the [[tools#merge|ivstools]] program to merge //.ivs// files (part of aircrack-ng package)
Line 366: Line 377:
  
 To determine the frequency that a channel uses (or vice versa), check out: To determine the frequency that a channel uses (or vice versa), check out:
-http://www.rflinx.com/help/calculations/#2.4ghz_wifi_channels then select the "Wifi Channel Selection and Channel Overlap" tab.+[[http://www.cisco.com/en/US/docs/wireless/technology/channel/deployment/guide/Channel.html#wp134132|Wifi Channels]] Or check out [[http://en.wikipedia.org/wiki/802.11_channels|Wikipedia List of WLAN Channels]].  This is a nice [[http://www.air-stream.org.au/files/agder_56.gif|graphic]] showing the channel assignments and their overlap.
  
  
Line 435: Line 446:
 ===== Why do I get 'SIOCSIFFLAGS : No such file or directory' error message ===== ===== Why do I get 'SIOCSIFFLAGS : No such file or directory' error message =====
  
-Some drivers require a firmware to be loaded (b43, prism54, zd1211rw, ...). The driver does it by itself when loaded. \\ +Some drivers require a firmware to be loaded (b43, prism54, zd1211rw, ...). The driver typically loads the firmware itself when started. \\ 
-In this case, the driver didn't find it because the firmware was not in the right place. To find the firmware's correct location, read the driver documentation.+In this case, the driver didn't find it because the firmware was not in the right place or is missing from the computer. To find the firmware's correct location, read the driver documentation.
  
  
Line 469: Line 480:
 Solution: Disable this function in UDEV Solution: Disable this function in UDEV
  
-Open /etc/udev/persistent-net-generator.rules in your prefered text editor+Open /etc/udev/persistent-net-generator.rules in your preferred text editor
  
 Search for  Search for 
Line 483: Line 494:
 Save and close. Save and close.
  
-Open /etc/udev/rules.d/z25_persistent-net.rules in your prefered text editor ("z25_" may be something different on your system).+Open /etc/udev/rules.d/z25_persistent-net.rules in your preferred text editor ("z25_" may be something different on your system).
  
 Search for the lines concerning your nwc and delete or just disable them by inserting a leading "#". Search for the lines concerning your nwc and delete or just disable them by inserting a leading "#".
Line 515: Line 526:
 ===== What is RSSI? ==== ===== What is RSSI? ====
  
-RSSI is means Received Signal Strength Indication. RSSI is a measurement of the received radio signal strength. It is the received signal strength in a wireless environment, in arbitrary units.+RSSI means Received Signal Strength Indication. RSSI is a measurement of the received radio signal strength. It is the received signal strength in a wireless environment, in arbitrary units.
  
 For more information, see http://en.wikipedia.org/wiki/RSSI For more information, see http://en.wikipedia.org/wiki/RSSI
Line 561: Line 572:
  
 See [[airmon-ng#how_do_i_put_my_card_back_into_managed_mode|airmon-ng documentation]]. See [[airmon-ng#how_do_i_put_my_card_back_into_managed_mode|airmon-ng documentation]].
- 
- 
- 
  
 ===== How Do I Check What Mode My Card Is In?  ===== ===== How Do I Check What Mode My Card Is In?  =====
Line 576: Line 584:
 [[http://www.linuxwireless.org/en/users/Drivers/zd1211rw/AddID|Adding new device IDs to zd1211rw]] [[http://www.linuxwireless.org/en/users/Drivers/zd1211rw/AddID|Adding new device IDs to zd1211rw]]
  
 +
 +===== Why do I get "Error creating tap interface: Permission denied" or a similar message?  =====
 +
 +You receive one or both of the following errors:
 +   error creating tap interface: Permission denied
 +   error opening tap device: Permission denied
 +
 +This is caused by SELinux (Security Enhanced Linux) preventing the interface from starting.  To resolve, disable SELinux.  See the support forums for your particular linux to determine how to do this.
 +
 +===== Why airodump-ng doesn't display anything on Android terminal? =====
 +
 +By default, in settings, stty rows and columns are set to 0. Here are the settings:
 +  * stty columns 86
 +  * stty rows 39
faq.txt · Last modified: 2024/01/10 16:40 by mister_x