AIRCRACK-NG
Section: User Commands (1)
Updated: April 2006
Index
Return to Main Contents
NAME
aircrack-ng
is a 802.11 WEP / WPA-PSK key cracker.
SYNOPSIS
aircrack-ng
[options] <.cap / .ivs file(s)>
DESCRIPTION
aircrack-ng
is a 802.11 WEP / WPA-PSK key cracker. It implements the so-called Fluhrer - Mantin - Shamir (FMS) attack, along with some new attacks by a talented hacker named KoreK. When enough encrypted packets have been gathered, aircrack-ng can almost instantly recover the WEP key.
OPTIONS
- Common options:
-
- -a <amode>
-
Force the attack mode, 1 or wep for WEP and 2 or wpa for WPA-PSK.
- -e <essid>
-
Select the target network based on the ESSID. This option is also required for WPA cracking if the SSID is cloacked.
- -b <bssid>
-
Select the target network based on the access point's MAC address.
- -p <nbcpu>
-
Set this option to the number of CPUs to use (only available on SMP systems). By default, it uses all available CPUs
- -q
-
If set, no status information is displayed.
- Static WEP cracking options:
-
- -c
-
Search alpha-numeric characters only.
- -t
-
Search binary coded decimal characters only.
- -h
-
Search the numeric key for Fritz!BOX
- -d <start>
-
Force the beginning of the WEP key. Only useful for debugging purposes.
- -m <maddr>
-
Only keep the IVs coming from packets that match this MAC address. Alternatively, use -m ff:ff:ff:ff:ff:ff to use all and every IVs, regardless of the network (this disables ESSID and BSSID filtering).
- -n <nbits>
-
Specify the length of the key: 64 for 40-bit WEP, 128 for 104-bit WEP, etc., until 512 bits of length. The default value is 128.
- -i <index>
-
Only keep the IVs that have this key index (1 to 4). The default behaviour is to ignore the key index in the packet, and use the IV regardless.
- -f <fudge>
-
By default, this parameter is set to 2. Use a higher value to increase the bruteforce level: cracking will take more time, but with a higher likelihood of success.
- -k <korek>
-
There are 17 KoreK attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try -k 1, -k 2, ... -k 17 to disable each attack selectively.
- -x
-
Don't bruteforce the last 2 keybytes.
- -y
-
This is an experimental single brute-force attack which should only be used when the standard attack mode fails with more than one million IVs.
- WPA-PSK cracking options:
-
- -w <words>
-
Path to a dictionary file for wpa cracking.
AUTHOR
This manual page was written by Adam Cecile <gandalf@le-vert.net> for the Debian system (but may be used by others).
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation
On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL.
SEE ALSO
airmon-ng(1)
airdecap-ng(1)
aireplay-ng(1)
airodump-ng(1)
arpforge-ng(1)
ivstools(1)
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- OPTIONS
-
- AUTHOR
-
- SEE ALSO
-
This document was created by
man2html,
using the manual pages.
Time: 22:12:29 GMT, February 23, 2023