Aircrack-ng 0.6.2 review
DownloadAircrack-ng is a set of tools for auditing wireless networks. · airodump: 802.11 packet capture program · aireplay: 802.11 packe
|
|
Aircrack-ng is a set of tools for auditing wireless networks.
airodump: 802.11 packet capture program
aireplay: 802.11 packet injection program
aircrack: static WEP and WPA-PSK key cracker
airdecap: decrypts WEP/WPA capture files
Aircrack-ng is the next generation of aircrack with lots of new features.
How do I crack a static WEP key ?
The basic idea is to capture as much encrypted traffic as possible using airodump. Each WEP data packet has an associated 3-byte Initialization Vector (IV): after a sufficient number of data packets have been collected, run aircrack on the resulting capture file. aircrack will then perform a set of statistical attacks developped by a talented hacker named KoreK.
How do I know my WEP key is correct ?
There are two authentication modes for WEP:
Open-System Authentication: this is the default mode. All clients are accepted by the AP, and the key is never checked: association is always granted. However if your key is incorrect you won't be able to receive or send packets (because decryption will fail), so DHCP, ping etc. will timeout.
Shared-Key Authentication: the client has to encrypt a challenge before association is granted by the AP. This mode is flawed and leads to keystream recovery, so it's never enabled by default.
In summary, just because you seem to have successfully connected to the access point doesn't mean your WEP key is correct ! To check your WEP key, try to decrypt a capture file with the airdecap program.
How many IVs are required to crack WEP ?
WEP cracking is not an exact science. The number of required IVs depends on the WEP key length, and it also depends on your luck. Usually, 40-bit WEP can be cracked with 300.000 IVs, and 104-bit WEP can be cracked with 1.000.000 IVs; if you're out of luck you may need two million IVs, or more.
There's no way to know the WEP key length: this information is kept hidden and never announced, either in management or data packets; as a consequence, airodump can not report the WEP key length. Thus, it is recommended to run aircrack twice: when you have 250.000 IVs, start aircrack with "-n 64" to crack 40-bit WEP. Then if the key isn't found, restart aircrack (without the -n option) to crack 104-bit WEP.
What's New in This Release:
Mainly bugfixes.
A new tool replaces arpforge-ng: packetforge-ng.
Now airodump-ng on Windows automatically downloads needed peek files, and there's a basic GUI for Windows.
Aircrack-ng 0.6.2 keywords