For full text search please use the '?' prefix. e.g. ? Onboarding

Wireless

aircrack-ng

Install with the following:

sudo apt-get install build-essential autoconf automake libtool pkg-config libnl-3-dev libnl-genl-3-dev libssl-dev ethtool shtool rfkill zlib1g-dev libpcap-dev libsqlite3-dev libpcre2-dev libhwloc-dev libcmocka-dev hostapd wpasupplicant tcpdump screen iw usbutils expect
git clone --recursive https://github.com/aircrack-ng/aircrack-ng.git
cd aircrack-ng
autoreconf -i
./configure --with-experimental --with-ext-scripts
make
sudo make install

Then it can be ran on PCAP files with aircrack-ng <pcap file>.

This gives useful information such as the number of IVs (Initialization Vectors) and the WEP key. Example output:

                               Aircrack-ng 1.7 rev fa28a8d2


                       [00:00:01] Tested 134106 keys (got 14337 IVs)

KB    depth   byte(vote)
0    1/  3   A4(20736) 81(19968) DE(19200) 65(18944) F9(18944) 97(18688) 5D(18176) 94(18176)
1    1/ 11   81(19200) 4C(19200) D0(18944) 47(18432) A6(18176) BE(18176) 3B(18176) 94(17664)
2    2/ 26   53(18944) 73(18432) A0(18432) BE(18432) C6(18432) 21(18432) 3B(18432) 5B(18432)
3    4/  9   B4(18944) 10(18688) 2D(18432) 4B(18432) D8(18432) 19(18176) 4D(18176) 65(18176)
4   12/ 18   15(17408) 34(17152) 46(17152) 51(17152) 7D(17152) FB(17152) 3B(16896) B1(16896)

                              KEY FOUND! [ A4:81:53:B4:CF ]
    Decrypted correctly: 100%

The key size can be determined by counting the number of bits in the key text (5 bytes * 8 bits per byte = 40 bits) and comparing that to the possible WEP key sizes (64 bit WEP contains a 40-bit key and a 24-bit initialization vector which forms the final 64-bit RC4-based key for WEP).

NOTE: WEP keys are larger than the password input size.

wifite

Install with the following:

# Install the main tool
sudo apt install wifite

##
# Install the dependencies
##

# Install bully
cd ~/Documents/Tools
git clone https://github.com/aanarchyy/bully
cd bully*/ && cd src/ && make
sudo make install

# Install Pyrit
cd ~/Documents/Tools
git clone https://github.com/JPaulMora/Pyrit.git
cd Pyrit/ && sudo python setup.py install

# Install hcxdumptool
sudo apt install hcxdumptool

Then use like so, if a PCAP file is provided:

sudo wifite --check ./Hidden.cap

Wireshark

The wlan.wep.iv filter can be used to filter out only the IVs. If you're interested in the specific IV, you can get it from IEEE 802.11 > WEP parameters > Initialization Vector.

If you want to decrypt the traffic with the key, select “Edit → Preferences → Protocols → IEEE 802.11” and check “Enable decryption” to add the decryption key.

https://pianalytix.com/what-is-wireshark-sniffing-passwords-using-it/

Backlinks