aircrack-ng - a 802.11 WEP / WPA-PSK key cracker
Synopsis
Description
Options
Author
See Also
aircrack-ng [options] <.cap / .ivs file(s)>
aircrack-ng is a 802.11 WEP / WPA-PSK key cracker. It implements the so-called Fluhrer - Mantin - Shamir (FMS) attack, along with some new attacks by a talented hacker named KoreK. When enough encrypted packets have been gathered, aircrack-ng can almost instantly recover the WEP key.
-H, --help Shows the help screen. Common options:
-a <amode>Force the attack mode, 1 or wep for WEP and 2 or wpa for WPA-PSK. -e <essid> Select the target network based on the ESSID. This option is also required for WPA cracking if the SSID is cloacked. -b <bssid> Select the target network based on the access point MAC address. -p <nbcpu> Set this option to the number of CPUs to use (only available on SMP systems). By default, it uses all available CPUs -q If set, no status information is displayed. -C <macs> Merges all those APs MAC (separated by a comma) into a virtual one. Static WEP cracking options:
-cSearch alpha-numeric characters only. -t Search binary coded decimal characters only. -h Search the numeric key for Fritz!BOX -d <mask> Specify mask of the key. For example: A1:XX:CF -m <maddr> Only keep the IVs coming from packets that match this MAC address. Alternatively, use -m ff:ff:ff:ff:ff:ff to use all and every IVs, regardless of the network (this disables ESSID and BSSID filtering). -n <nbits> Specify the length of the key: 64 for 40-bit WEP, 128 for 104-bit WEP, etc., until 512 bits of length. The default value is 128. -i <index> Only keep the IVs that have this key index (1 to 4). The default behaviour is to ignore the key index in the packet, and use the IV regardless. -f <fudge> By default, this parameter is set to 2. Use a higher value to increase the bruteforce level: cracking will take more time, but with a higher likelihood of success. -k <korek> There are 17 KoreK attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try -k 1, -k 2, ... -k 17 to disable each attack selectively. -x or -x0 Disable last keybytes bruteforce (not advised). -x1 Enable last keybyte bruteforcing (default) -x2 Enable last two keybytes bruteforcing. -X Disable bruteforce multithreading (SMP only). -s Shows ASCII version of the key at the right of the screen -y This is an experimental single brute-force attack which should only be used when the standard attack mode fails with more than one million IVs. -z Uses PTW (Andrei Pyshkin, Erik Tews and Ralf-Philipp Weinmann) attack (default attack). -P <num> PTW debug: 1 Disable klein, 2 PTW. -K Use KoreK attacks instead of PTW. -D WEP decloak mode. WPA-PSK cracking options:
-w <words>Path to a dictionary file for wpa cracking. Specify "-" to use stdin.
This manual page was written by Adam Cecile <gandalf@le-vert.net> for the Debian system (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL.
airdecap-ng(1)
airdriver-ng(1)
aireplay-ng(1)
airmon-ng(1)
airodump-ng(1)
airolib-ng(1)
airsev-ng(1)
airtun-ng(1)
buddy-ng(1)
easside-ng(1)
ivstools(1)
kstats(1)
makeivs-ng(1)
packetforge-ng(1)
wesside-ng(1)
Top of page |
Version 1.0-beta1 | AIRCRACK-NG (1) | October 2007 |
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek