Solved aircrack-ng

I am trying to run a WiFi security audit of my network. I have done some research and everything that I see is a tutorial on aircrack-ng, which I found in the /usr/ports/net-mgmt dir. But, all the tutorials I found make use of tools called airdump-ng and airmon-ng, which I cannot find in the ports dir.

What I want to do is be able to run a dictionary file against my WAPs to crack the WPA1/2 PSKs and crack WEP keys. But, I keep running into the same walls...

I looked into bsd-airtools, but it seems they are depreciated and nto used anymore.

Can anyone point me to a FreeBSD set of tools and a tutorial to walk me through this?
 
I installed aircrack-ng, but none of the other programs are installed with it...
Code:
====> Compressing man pages (compress-man)
===>  Installing for aircrack-ng-1.2.r2_1
===>  Checking if aircrack-ng already installed
===>  Registering installation for aircrack-ng-1.2.r2_1
Installing aircrack-ng-1.2.r2_1...
===> SECURITY REPORT:
  This port has installed the following files which may act as network
  servers and may therefore pose a remote security risk to the system.
/usr/local/sbin/airserv-ng
/usr/local/bin/buddy-ng

  If there are vulnerabilities in these programs there may be a security
  risk to the system. FreeBSD makes no guarantee about the security of
  ports included in the Ports Collection. Please type 'make deinstall'
  to deinstall the port if this is a concern.

  For more information, and contact details about the security
  status of this software, see the following webpage:
http://www.aircrack-ng.org/
===>  Cleaning for aircrack-ng-1.2.r2_1
root@laptop:/usr/ports/net-mgmt/aircrack-ng # airmon-ng
airmon-ng: Command not found.
root@laptop:/usr/ports/net-mgmt/aircrack-ng #
 
Code:
root@laptop:/usr/ports/net-mgmt/aircrack-ng # find / -name airmon-ng -print
root@laptop:/usr/ports/net-mgmt/aircrack-ng # find / -name aircrack-ng -print
/usr/local/bin/aircrack-ng
/usr/ports/net-mgmt/aircrack-ng
root@laptop:/usr/ports/net-mgmt/aircrack-ng #
 
airmon-ng isn't part of the package: https://svnweb.freebsd.org/ports/head/net-mgmt/aircrack-ng/pkg-plist?revision=399705&view=markup.

On FreeBSD airmon-ng seems to be unnecessary. Looking in the source tarball there is scripts/airmon-ng.freebsd which outputs this:
Code:
On FreeBSD, it is not necessary to use airmon-ng to enable the monitor
mode of your wireless card. Instead, you need to specify this mode when
creating your wlan device. For example:

        ifconfig wlan0 create wlandev ath0 wlanmode monitor
 
airmon-ng is unnessecary on Linux, too:


ip link set wlan0 down
iw dev wlan0 set type monitor
ip link set wlan0 up



ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up


airmon-ng renames interfaces in every use (my expirience), I don't think it's a good idea to use it
 
aircrack-ng has a couple of linux-centric scripts which are not needed on FreeBSD. That's why I didn't add them to the port.
 
Ok.... I have my wlan0 device in promisc and monitor mode.
How do I use tcpdump to capture the information aircrack-ng needs to run a dictionary file against a specific bssid?
 
I'm struck by how there isn't a good howto on this very subject...
Seems like a good thing to have...
Or maybe I just don't know where it is?
 
You first need to set the wireless device into monitor mode, then start airodump-ng to sniff for packages and save the output into a file. The last thing is to feed the data to aircrack-ng.
 
You first need to set the wireless device into monitor mode, then start airodump-ng to sniff for packages and save the output into a file. The last thing is to feed the data to aircrack-ng.

I am only having the following issues...
#1 FreeBSD /usr/ports/net-mgt/aircrack-ng does not come with airodump-ng
so, in lieu of that, I am attempting to get tcpdump to give me the info that I need to pass to the next step.
#2 The next step as I understand is to run a deauthorization attack on the BSSID you want to crack in an attempt to capture some device reauthorizing.

I can find the BSSID by simply running ifconfig wlan scan to use in the command line for aireplay-ng. But, the second argument for aireplay-ng is a MAC address of something connected to the access point. I cannot cannot, in spite of all my efforts, get tcpdump to capture what I need to pass to aireplay-ng in the command line...

Once I am able to issue the deauth attack and capture the traffic, I understand that I should just be able to run aircrack-ng on the capture file?

Again... Please excuse me... WiFi on unix is not my thing, and I new to networking in general... But, I really want to know how this is done first hand so that I can fully understand how hacking a WPA/WEP key works... I want to audit my network, and use what I know to audit a network I installed for a friend a while back...

What am I missing?
 
Ok... My bad... it wasn't in my path...
Any Idea why I wouldn't be able to change the channel of my wlan1 device?
I do:
ifconfig wlan1 channel 6
and it still reports it as channel 7 in ifconfig
When I run airodump-ng --bssid <BSSID here> --channel 6 --write dump wlan1
it listens on channel 7 and not 6 also.
But, when I run airodump-ng wlan1 it reports back on several stations on channel 6 so I know the card can read channel 6
 
NVM.... I figured out that you have to ifconfig wlan1 down in order to change the channel...
like I said, wifi is very new to me... used to wired connections
 
Back
Top