Aircrack-ng Wifi Hack On Macos

admin

  • Jul 28, 2017  Most (not airmon-ng) aircrack-ng tools can be installed on macOS with MacPorts, but airodump-ng and aireplay-ng crash. So PLEASE, if you want to do other advanced networking things than network sniffing or what is described in this article, do yourself a favour and buy an USB adapter to use with the virtual machine.
  • Apr 30, 2020  wifi hack aircrack-ng windows 7/8/10.

Jun 05, 2020  How to hack any Public wifi – Tutorial Aircrack-ng attack; has been made public on our website after successful testing. This tool will work great on MAC OS and WINDOWS OS platforms. And Latest mobile platforms How to hack any Public wifi – Tutorial Aircrack-ng attack has based on open source technologies, our tool is secure and safe to use.

Yesterday, my friend Victor wanted to crack a wifi network (his, of course) using his MacBook Pro.

I told him to use the excellent VirtualBox images of Kali Linux from Offensive Security and aircrack-ng.

I had just forgotten that:

  • Using advanced wireless features is impossible from a virtual machine
  • Even if he used Kali Linux with a dual boot, installing the wireless drivers to make it work with the airport card is tiresome.
  • Most (not airmon-ng) aircrack-ng tools can be installed on macOS with MacPorts, but airodump-ng and aireplay-ng crash.

So PLEASE, if you want to do other advanced networking things than network sniffing or what is described in this article, do yourself a favour and buy an USB adapter to use with the virtual machine.

There is a list on the website of aircrack-ng, and I think the Alfa AWUS051NH v2 is great.Some people say it is expensive, but last time I checked on Google Shopping, it cost less than half an Apple mouse.

There are 3 steps:

  • Identify the target acces point: name (= BSSID), MAC address (= SSID) and channel (~ radio frequency)
  • Sniff the channel in monitor mode to retrieve:
    • a beacon (easy)
    • a handshake (= four-way handshake), or some frames of it (hard)
  • Crack the password using the dump

What makes the retrieval of the handshake hard is that it appears only when somebody connects to the access point.

The good news is that you can deauthentificate people from the wifi network - it’s called wifi jamming and it’s useful to impress a girl and piss off people at Starbucks.When they reconnect, they re-send the handshake. That adds a Deauth step.

“Install”

Scan

It saves the .cap capture file and displays the path.

If you don’t have the beacon or the handshake, it will fail accordingly.

For wordlists, see below.

As I said, aireplay-ng doesn’t work on a MacBook Pro.The catch is that aireplay-ng can do a lot of other things besides deauth attacks.

You might read that airport cards do not support packet injection, but packet injections are for WEP attacks and nobody uses WEP anymore. We only want to send some deauthentification frames.

Use JamWiFi. A ready-to-use application is provided there.

In fact, you can indentify the target with it too, and it has a really nice GUI.

Once you have selected the access point, you can deauth one or multiple users. Stop after about 50 “Deauths”, or else the persons might have trouble to reconnect during several minutes.

It might not work it you are too far from the target as your airport card is far less powerful than the router.

Using airport presents some issues. You cannot know if you got the beacon and the handshake until you stop the capture and try with aircrack-ng.

You capture a lot of unuseful packets too.

Using tcpdump is more efficient.

When you launch those lines, the first tcpdump easily captures a beacon and the second waits for the handshake.

Use JamWiFi to deauth some users, and when tcpdump shows you it got 4 frames or more, Ctrl-C. It appears you can use less that 4 frames, but it depends on the frames you got (for instance 1,2 or 2,3 are sufficient). Anyway you should normally get at least 4. If nothing shows, try to deauth another user.

Now you have everything in capture.cap. You can also run aircrack-ng on it.

Aircrack-ng Wifi Hack On Macos

Like aireplay-ng, aircrack-ng offers so many features that it cannot be the best in everything.

We can really speed up the process by using hashcat.

Install with brew

Convert with cap2hccapx

hashcat doesn’t take cap files, only hccapx files.

Just install hashcat-utils and use cap2hccapx

Alternatively, use this online tool.

Crack

This page provides some examples.

To use with a dictionnary:

You have a lot of other options, like brute force:

Aircrack-ng Wifi Hack On Macos Windows 10

Refer to the documentation fot more patterns.

Speed

hashcat works on the GPU.

On my MacBook Pro, it yields a performance of 5kH/s: it tests 5000 passwords in a second.

On a Tesla K20m, the speed is 75kH/s. I managed to crack the 5 last lowercase letters of a wifi password in about 1 minute (26**5 // 75000 = 158 seconds to test them all).

We can see here that a GTX 1080 breaks 400kH/s.

I recommend:

For more efficiency, target the networks with silly names (good examples are “mozart”, “I love cats”, “Harry and Sally”), and avoid the ones called “National Security Agency”, “sysadmin” and “sup3r h4x0r”.

To find a password, you have to be lucky and have a good idea of its shape.

A lot of default wifi passwords are composed of 8 or 10 hexadecimal digits.

In average (worst case divided by 2) and according to the above benchmark, with a GTX 1080:

  • 8 hexadecimal characters take 90 minutes.
  • 10 hexadecimal characters take 16 days.
  • 12 hexadecimal characters take 11 years.

If you only want free wifi, just do MAC spoofing on a hotspot that uses web login.

The compromise of passwords is always a serious threat to the confidentiality and integrity of data. Generally, the passwords shorter than 7 characters are especially susceptible to bruteforce attack. However, a sequence of mistyped commands or incorrect login responses (with attempts to recover or reuse them) can be a signs of brute-force intrusion attempts.

Brute force attack is a process of guessing a password through various techniques. Commonly, brute force attacks are divided into three categories:

a) Traditional Brute Force

In a traditional brute force attack, you will try all the possible combinations to guess the correct password. This process is very usually time consuming; if the password is long, it will take years to brute-force. But if the password is short, it can give quick results.

b) Dictionary Attacks

In a dictionary-based brute force attack, we use a custom wordlist, which contains a list of all possible username and password combinations. It is much faster than traditional brute force attacks and is the recommended approach for penetration tests.

c) Hybrid Attacks

Hybrid brute force attacks are a combination of both traditional brute force attack and dictionary based attack. The idea behind a hybrid attack is that it will apply a brute force attack on the dictionary list.

Using bruteforce attacks, an attacker could gain full access to the affected machine. When conducting brute force attacks or password attacks, faster processing speed is beneficial. In cases where remote brute force attacks are conducted, bandwidth constraints must be addressed.

1. THC Hydra

THC hydra is one of the oldest password cracking tools developed by “The Hackers Community“. By far, Hydra has the most protocol coverage than any other password cracking tool as per our knowledge, and it is available for almost all the modern operating systems. THC Hydra can perform rapid dictionary attacks against many protocols such as Telnet, FTP, HTTP, SMB etc.

Here is the basic syntax for hydra (Linux version) to brute-force a service.

Syntax: Hydra –L administrator –P password.txt <target ip > <service>

  • Official Website –https://sectools.org/tool/hydra/
  • Github Link –https://github.com/vanhauser-thc/thc-hydra
  • Latest Version (As Per Dated:11 March 2019) – v8.9
  • Available for – Windows/Linux/Mac OS X/

2. Aircrack-Ng

Aircrack-ng is another most popular brute force wireless hacking tool which is further used to assess WiFi network security. Generally it focuses on different 4 areas of WiFi security i.e. Monitoring, Attacking, Testing and Cracking.

Aircrack-ng is a set of tools widely used to crack/recover WEP/WPA/ WPA2-PSK. It supports various attacks such as PTW, which can be used to decrypt WEP key with a less number of initialization vectors, and dictionary/brute force attacks, which can be used against WPA/WPA2-PSK. It includes a wide variety of tools such as packet sniffer and packet injector. The most common ones are airodump-ng, aireply-ng, and airmon-ng.

  • Official Website –http://www.aircrack-ng.org/
  • Github Link –https://github.com/aircrack-ng/aircrack-ng
  • Latest Version (As Per Dated:11 March 2019) – v1.5.2
  • Available for – Linux/BSD/OS X/Windows

3. Ncrack

Ncrack is one of our favorite tool for password cracking. It is based upon nmap libraries. It comes pre-installed with Kali Linux OS. It can be combined with nmap to yield great results. The only disadvantage is that it supports very few services, namely, FTP, SSH, Telnet, FTP, POP3, SMB, RDP, and VNC.

  • Official Website –https://nmap.org/ncrack/
  • Github Link –https://github.com/nmap/ncrack
  • Latest Version (As Per Dated:11 March 2019) – v0.6
  • Available for – Windows/Linux/BSD/Mac OS X

4. SAMInside

SAMInside is a security tool compatible with only Windows operating systems and allows lost passwords and locked systems to be unlocked and accessed with a complex, but easy to use system of password recovery.

  • Official Website –https://www.insidepro.team/
  • Github Link – N.A.
  • Latest Version (As Per Dated:11 March 2019) – v2.7.0.1
  • Available for – Windows

5. Hashcat

Aircrack-ng Wifi Hack On Macos

Hashcat is the world’s fastest and most advanced password recovery utility, supporting 5 unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.

  • Official Website –https://hashcat.net/hashcat/
  • Github Link –https://github.com/hashcat/hashcat
  • Latest Version (As Per Dated:11 March 2019) – v5.1.0
  • Available for – Linux/Windows/Mac OS

6. Ophcrack

Ophcrack is a Windows-based tool that has the capability to not only dump the hashes, but also crack those hashes using rainbow tables. The ophcrack program comes with rainbow tables that work for passwords of a very short length. So if the password is lengthy, or, say, alphanumeric, you won’t be able to crack it.

  • Official Website –http://ophcrack.sourceforge.net/
  • Github Link –https://github.com/luisgg/ophcrack
  • Latest Version (As Per Dated:11 March 2019) – v3.8.0
  • Available for – Windows/Linux

7. Cain & Able

Cain and Abel (often abbreviated to Cain) is a password recovery tool for Microsoft Windows only. It can recover many kinds of passwords using methods such as network packet sniffing, cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks.

  • Official Website –http://www.oxid.it/cain.html
  • Github Link –https://github.com/xchwarze/Cain
  • Latest Version (As Per Dated:11 March 2019) – v4.9.56
  • Available for – Windows

8. Rainbow Crack

Rainbow crack can not only be used to crack password hashes by using rainbow tables, but it can also help you create your own rainbow tables in case you don’t want to download them; but remember that if you are generating a large rainbow table, you should make sure that you have ample hard drive space.

  • Official Website –http://project-rainbowcrack.com/
  • Github Link –https://github.com/adamalawrence/rainbow
  • Latest Version (As Per Dated:11 March 2019) – v1.7
  • Available for – Windows/Linux

9. John the Ripper

Aircrack-ng Osx

John the Ripper (JTR) is an open source password cracker; it’s one of the fastest password crackers around and is pre-installed in Kali Linux OS. It can be used to perform both bruteforce attacks and dictionary-based attacks. It also comes with a pre-installed wordlists.

  • Official Website –https://www.openwall.com/john/
  • Github Link –https://github.com/magnumripper/JohnTheRipper
  • Latest Version (As Per Dated:11 March 2019) – v1.8.0
  • Available for – Linux/Mac OS X/Windows/Android

10. L0phtcrack

L0phtCrack is a password auditing and recovery application originally produced by Mudge from L0pht Heavy Industries. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute-force, hybrid attacks, and rainbow tables. It was one of the crackers’ tools of choice, although most use old versions because of its low price and high availability.

How To Download Aircrack Ng

  • Official Website –http://www.l0phtcrack.com/
  • Github Link –https://github.com/L0phtCrack
  • Latest Version (As Per Dated:11 March 2019) – v7.1.1
  • Available for – Windows