faq
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
faq [2009/10/21 22:40] – fixed number of packets needed for PTW mister_x | faq [2018/10/16 03:38] – How do I deal with rfkill hard blocks? mister_x | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== FAQ ====== | ====== FAQ ====== | ||
+ | ===== What version of Aircrack-ng am I running ? ===== | ||
+ | |||
+ | Run ' | ||
+ | |||
===== What is the best wireless card to buy ? ===== | ===== What is the best wireless card to buy ? ===== | ||
- | Which card to purchase is a hard question to answer. | + | Which card to purchase is a hard question to answer. |
- | * Alfa AWUS036H | + | * Alfa AWUS036H |
- | * Ubiquiti SRC | + | * Ubiquiti SRC [a/b/g Cardbus] |
+ | * Ubiquiti SRX [a/b/g ExpressCard] | ||
+ | * Airpcap series [USB] | ||
+ | * TP-Link TL-WN722N v1 [b/g/n USB] - Beware, if version is not specified by vendor, it is **NOT** v1 | ||
+ | * Alfa AWUS036NHA [b/g/n USB] | ||
+ | * Alfa AWUS051NH v2 [a/b/g/n USB] | ||
+ | * MiniPCIe: anything that uses [[https:// | ||
- | If money is a constraint then consider purchasing a card with a RTL8187L, RT73 or Atheros chipset. | + | If money is a constraint then consider purchasing a card with a RTL8187L or Atheros chipset, also read [[compatibility_drivers# |
If you want to know if your existing card is compatible then use this page: [[compatible_cards|Tutorial: | If you want to know if your existing card is compatible then use this page: [[compatible_cards|Tutorial: | ||
Line 15: | Line 25: | ||
The [[tutorial|Tutorials]] page has many tutorials specific to the aircrack-ng suite. | The [[tutorial|Tutorials]] page has many tutorials specific to the aircrack-ng suite. | ||
- | * The [[http:// | + | * The [[https:// |
* [[User Docs|User Documentation by platform (Linux, Windows)]] | * [[User Docs|User Documentation by platform (Linux, Windows)]] | ||
The [[links]] page also generic wireless information and tutorials. | The [[links]] page also generic wireless information and tutorials. | ||
+ | |||
+ | ===== Any GPS recommendation ? ===== | ||
+ | |||
+ | The following 2 devices have been tested and work fine: | ||
+ | |||
+ | * BU-353 | ||
+ | * NL-402U USB | ||
+ | |||
+ | However, anything that is [[http:// | ||
===== " | ===== " | ||
Line 27: | Line 46: | ||
===== How do I crack a static WEP key ? ===== | ===== How do I crack a static WEP key ? ===== | ||
- | The basic idea is to capture as much encrypted traffic as possible using airodump-ng. Each WEP data packet has an associated 3-byte Initialization Vector (IV): after a sufficient number of data packets have been collected, run aircrack-ng on the resulting capture file. aircrack-ng will then perform a set of statistical attacks developed by a talented hacker named [[http:// | + | The basic idea is to capture as much encrypted traffic as possible using airodump-ng. Each WEP data packet has an associated 3-byte Initialization Vector (IV): after a sufficient number of data packets have been collected, run aircrack-ng on the resulting capture file. aircrack-ng will then perform a set of statistical attacks developed by a talented hacker named [[https:// |
Since that time, the PTW approach (Pychkine, Tews, Weinmann) has been developed. The main advantage of the PTW approach is that very few data packets are required to crack the WEP key. | Since that time, the PTW approach (Pychkine, Tews, Weinmann) has been developed. The main advantage of the PTW approach is that very few data packets are required to crack the WEP key. | ||
Line 37: | Line 56: | ||
There is no way to know the WEP key length: this information is kept hidden and never announced, either in management or data packets; as a consequence, | There is no way to know the WEP key length: this information is kept hidden and never announced, either in management or data packets; as a consequence, | ||
- | The figures above are based on using the Korek method. | + | The figures above are based on using the Korek method. |
Line 62: | Line 81: | ||
===== Where can I find good wordlists ? ===== | ===== Where can I find good wordlists ? ===== | ||
- | The easiest way is do an Internet search for word lists and dictionaries. Also check out web sites for password cracking tools. Many times they have references to word lists. A few sources follow. Please add comments or additions to this thread: | + | The easiest way is do an Internet search for word lists and dictionaries. Also check out web sites for password cracking tools. Many times they have references to word lists. A few sources follow. Please add comments or additions to this thread: |
+ | |||
+ | Remember that valid passwords are 8 to 63 characters in length. The [[aircrack-ng# | ||
* OpenWall: | * OpenWall: | ||
* ftp:// | * ftp:// | ||
- | * http:// | + | * https:// |
- | * ftp:// | + | * GitHub |
- | * http://gdataonline.com/downloads/GDict/ | + | * https://github.com/danielmiessler/SecLists/tree/ |
- | * http://www.theargon.com/achilles/ | + | * https://github.com/berzerk0/Probable-Wordlists |
- | * http://theargon.com/achilles/ | + | * https://github.com/search? |
* ftp:// | * ftp:// | ||
- | * http:// | + | * https:// |
- | * http:// | + | |
* http:// | * http:// | ||
- | * http:// | + | * https:// |
- | * http://www.ai.uga.edu/ | + | * http://ai1.ai.uga.edu/ |
- | * http:// | + | * http:// |
- | * http:// | + | |
- | * http:// | + | |
- | * http:// | + | |
- | * http:// | + | |
- | + | ||
- | ==== Build your own ==== | + | |
- | + | ||
- | Here are a few resources to build your own lists. | + | |
- | + | ||
- | *[[https:// | + | |
- | *[[http:// | + | |
- | *[[http:// | + | |
- | *[[http:// | + | |
===== How do I recover my WEP/WPA key in windows ? ===== | ===== How do I recover my WEP/WPA key in windows ? ===== | ||
Line 130: | Line 137: | ||
* Shared Key Authentication: | * Shared Key Authentication: | ||
- | The [[http:// | + | The [[https:// |
===== How do I merge multiple capture files ? ===== | ===== How do I merge multiple capture files ? ===== | ||
- | You may use File -> Merge... in Wireshark or Ethereal. | + | You may use File -> Merge... in Wireshark or Ethereal. Make sure to export in pcap format. |
From the command line you may use the // | From the command line you may use the // | ||
- | mergecap -w out.cap | + | mergecap -F pcap test1.cap test2.cap test3.cap -w out.cap |
- | It will merge test1.cap, test2.cap and test3.cap into out.cap | + | It will merge test1.cap, test2.cap and test3.cap |
+ | |||
+ | mergecap -F pcap *.cap -w out.cap | ||
+ | |||
+ | It will merge all the .cap files contained in the current folder | ||
You may use the [[tools# | You may use the [[tools# | ||
Line 153: | Line 164: | ||
===== Can I use Wireshark/ | ===== Can I use Wireshark/ | ||
- | Under Linux, simply setup the card in monitor mode with the [[airmon-ng]] script. Under Windows, Wireshark can capture 802.11 packets using [[http://www.cacetech.com/products/airpcap.htm|AirPcap]]. | + | Under Linux, simply setup the card in monitor mode with the [[airmon-ng]] script. Under Windows, Wireshark can capture 802.11 packets using [[https://support.riverbed.com/content/ |
Line 164: | Line 175: | ||
Wireshark 0.99.5 and above can decrypt WPA as well. Go to Edit -> Preferences -> Protocols -> IEEE 802.11, select " | Wireshark 0.99.5 and above can decrypt WPA as well. Go to Edit -> Preferences -> Protocols -> IEEE 802.11, select " | ||
- | Many times in this forum and on the wiki we suggest using Wireshark to review packets. | + | Many times in this forum and on the wiki we suggest using Wireshark to review packets. |
- | The good news is that they have made Chapter 6 of the " | + | The good news is that they have made Chapter 6 of the " |
==== What are the different wireless filter expressions ? ==== | ==== What are the different wireless filter expressions ? ==== | ||
- | The [[http:// | + | The [[https:// |
- | + | ||
- | ([[http:// | + | |
- | + | ||
- | See the previous item for detailed instructions on using Wireshark. | + | |
- | + | ||
- | + | ||
===== How do I change my card's MAC address ? ===== | ===== How do I change my card's MAC address ? ===== | ||
Line 192: | Line 196: | ||
Be aware that the example above does not work with every driver. | Be aware that the example above does not work with every driver. | ||
- | The easier way is to use the macchanger package. | + | The easier way is to use the macchanger package. |
- | *http:// | + | |
- | *http:// | + | |
If you are using mac80211 drivers and have a mon0 interface then: | If you are using mac80211 drivers and have a mon0 interface then: | ||
Line 302: | Line 304: | ||
Under Windows, you may use: | Under Windows, you may use: | ||
- | *[[http:// | + | *[[https:// |
- | *[[http://tmac.technitium.com/ | + | *[[https:// |
- | *[[http:// | + | |
Troubleshooting Tip: A normal MAC address looks like this: 00: | Troubleshooting Tip: A normal MAC address looks like this: 00: | ||
Line 351: | Line 352: | ||
===== How can I resolve MAC addresses to IP addresses ? ===== | ===== How can I resolve MAC addresses to IP addresses ? ===== | ||
- | You can try [[http://freshmeat.net/projects/ | + | You can try [[https://github.com/alexxy/ |
Line 364: | Line 365: | ||
To determine the frequency that a channel uses (or vice versa), check out: | To determine the frequency that a channel uses (or vice versa), check out: | ||
- | http://www.rflinx.com/help/calculations/#2.4ghz_wifi_channels then select | + | [[https:// |
Line 372: | Line 373: | ||
Here are some conversion links. | Here are some conversion links. | ||
- | *http://centricle.com/tools/ascii-hex/ | + | *https://www.rapidtables.com/convert/number/hex-to-ascii.html |
*http:// | *http:// | ||
- | LatinSuD has developed a very useful tool - [[http:// | + | LatinSuD has developed a very useful tool - [[https:// |
Line 397: | Line 398: | ||
- | ===== Why do I have bad speeds when i'm too close to the access point? ===== | + | ===== Why do I have bad speeds when I'm too close to the access point? ===== |
Problem: The wireless card behaves badly if the signal is too strong. If you are too close (1-2m) to the access point, you get high quality signal but actual transmission rates drop (down to 5-11Mbps or less). The net result is TCP throughput of about 600KB/ | Problem: The wireless card behaves badly if the signal is too strong. If you are too close (1-2m) to the access point, you get high quality signal but actual transmission rates drop (down to 5-11Mbps or less). The net result is TCP throughput of about 600KB/ | ||
Line 417: | Line 418: | ||
This usually happens because the linux headers don't match your current running kernel. In this situation, grab the kernel sources or just recompile a fresh kernel, install it and reboot. Then, try again compiling the driver. See this [[http:// | This usually happens because the linux headers don't match your current running kernel. In this situation, grab the kernel sources or just recompile a fresh kernel, install it and reboot. Then, try again compiling the driver. See this [[http:// | ||
- | |||
- | |||
- | ===== Why can't I compile airodump-ng and aireplay-ng on other OSs ? ===== | ||
- | |||
- | Both airodump-ng and aireplay-ng sources are Linux-specific. | ||
Line 433: | Line 429: | ||
===== Why do I get ' | ===== Why do I get ' | ||
- | Some drivers require a firmware to be loaded (b43, prism54, zd1211rw, ...). The driver | + | Some drivers require a firmware to be loaded (b43, prism54, zd1211rw, ...). The driver |
- | In this case, the driver didn't find it because the firmware was not in the right place. To find the firmware' | + | In this case, the driver didn't find it because the firmware was not in the right place or is missing from the computer. To find the firmware' |
===== Why does my computer lock up when injecting packets ? Is there a solution? ==== | ===== Why does my computer lock up when injecting packets ? Is there a solution? ==== | ||
- | See http:// | + | See [[https:// |
Line 446: | Line 442: | ||
Yes, aircrack-ng suite successfully been run under VMware. | Yes, aircrack-ng suite successfully been run under VMware. | ||
- | * [[http:// | + | * [[https:// |
- | A virtual machine | + | Kali is available |
Line 467: | Line 463: | ||
Solution: Disable this function in UDEV | Solution: Disable this function in UDEV | ||
- | Open / | + | Open / |
Search for | Search for | ||
Line 481: | Line 477: | ||
Save and close. | Save and close. | ||
- | Open / | + | Open / |
Search for the lines concerning your nwc and delete or just disable them by inserting a leading "#" | Search for the lines concerning your nwc and delete or just disable them by inserting a leading "#" | ||
Line 491: | Line 487: | ||
===== What is the format of a valid MAC address ? ===== | ===== What is the format of a valid MAC address ? ===== | ||
- | A normal MAC address looks like this: 00: | + | A normal MAC address looks like this: 00: |
Make sure that that the last bit of first octet is 0. This corresponds to unicast addresses. | Make sure that that the last bit of first octet is 0. This corresponds to unicast addresses. | ||
Line 513: | Line 509: | ||
===== What is RSSI? ==== | ===== What is RSSI? ==== | ||
- | RSSI is means Received Signal Strength Indication. RSSI is a measurement of the received radio signal strength. It is the received signal strength in a wireless environment, | + | RSSI means Received Signal Strength Indication. RSSI is a measurement of the received radio signal strength. It is the received signal strength in a wireless environment, |
- | For more information, | + | For more information, |
Line 543: | Line 539: | ||
Most cards have 100mW when combined with the antenna (2dBi antenna). | Most cards have 100mW when combined with the antenna (2dBi antenna). | ||
- | In 802.11a and 802.11g, the output power is 30mW due to modulation (it's a bit harder to use [[http:// | + | In 802.11a and 802.11g, the output power is 30mW due to modulation (it's a bit harder to use [[https:// |
Line 553: | Line 549: | ||
===== How do I choose an antenna? | ===== How do I choose an antenna? | ||
- | You should see [[http:// | + | You should see [[https:// |
Line 559: | Line 555: | ||
See [[airmon-ng# | See [[airmon-ng# | ||
- | |||
- | |||
- | |||
===== How Do I Check What Mode My Card Is In? ===== | ===== How Do I Check What Mode My Card Is In? ===== | ||
Line 572: | Line 565: | ||
If you have a very new USB device, sometimes the device ID has not been included in the driver. | If you have a very new USB device, sometimes the device ID has not been included in the driver. | ||
- | [[http://www.linuxwireless.org/ | + | [[https://wireless.wiki.kernel.org/ |
+ | |||
+ | |||
+ | ===== Why do I get "Error creating tap interface: Permission denied" | ||
+ | |||
+ | You receive one or both of the following errors: | ||
+ | error creating tap interface: Permission denied | ||
+ | error opening tap device: Permission denied | ||
+ | |||
+ | This is caused by SELinux (Security Enhanced Linux) preventing the interface from starting. | ||
+ | |||
+ | ===== Why airodump-ng doesn' | ||
+ | |||
+ | By default, in settings, stty rows and columns are set to 0. Here are the settings: | ||
+ | * stty columns 86 | ||
+ | * stty rows 39 | ||
+ | |||
+ | =====How much does Aircrack-ng cost? | ||
+ | |||
+ | Aircrack-ng is "free software"; | ||
+ | The license under which Aircrack-ng is issued is mostly the GNU General Public License version 2. See the GNU GPL FAQ for some more information. | ||
+ | |||
+ | You may also want to check out the OpenSSL license included in our source code download. | ||
+ | |||
+ | =====But I just paid someone on eBay for a copy of Aircrack-ng! Did I get ripped off?===== | ||
+ | |||
+ | That depends. Did they provide any sort of value-added product or service, such as installation support, installation media, training, trace file analysis, or funky-colored socks? Probably not. | ||
+ | Aircrack-ng is available for anyone to download, absolutely free, at any time. Paying for a copy implies that you should get something for your money. | ||
+ | |||
+ | =====Can I use Aircrack-ng commercially? | ||
+ | |||
+ | Yes, if, for example, you mean "I work for a commercial organization; | ||
+ | |||
+ | If you mean "Can I use Aircrack-ng as part of my commercial product?", | ||
+ | |||
+ | =====Can I use Aircrack-ng as part of my commercial product? | ||
+ | |||
+ | As noted, Aircrack-ng is licensed under the GNU General Public License, version 2. The GPL imposes conditions on your use of GPL'ed code in your own products; you cannot, for example, make a " | ||
+ | You can combine a GPLed program such as Aircrack-ng and a commercial program as long as they communicate "at arm's length", | ||
+ | |||
+ | We recommend keeping Aircrack-ng and your product completely separate. | ||
+ | |||
+ | You may also want to check out the OpenSSL license included in our source code download. | ||
+ | |||
+ | ===== Can I take screenshots of Aircrack-ng and use them in my own publications? | ||
+ | |||
+ | Yes. As long as you take the screenshots yourself. If you are using someone else' | ||
+ | |||
+ | ===== How do I deal with rfkill hard blocks? ===== | ||
+ | |||
+ | A hard block usually is a physical switch on the computer. It can either be a flip switch on the side of the computer, a key combination to press on the keyboard or a setting to enable in the BIOS. | ||
+ | In some cases, if wireless was disabled before Windows was powered off, it will appear like a hard block and the trick is to enable wireless in Windows then reboot. |
faq.txt · Last modified: 2024/01/10 16:40 by mister_x