You are on page 1of 9

Hacking: Aircrack-ng on Mac OsX

| Cracking wi-fi without kali


in parallels
12 DE FEBRUARY DE 201812 DE FEBRUARY DE 2018 /
MARTINS JEAN
Hi there,
i expended many many hours looking a way to use the aircrack-ng
in the Linux Kali in Parallels. But with out success. Searching on
google, the alternative was buy a usb wifi, but i didn’t and now i’m
using the aircrack-ng natively on mac.

For crack wifi passwords, fallow these steps.

1. Install the brew:


Maybe you already have the homebrew installed in your mac, but if
not, INSTALL RIGHT NOW!!! The homebrew is like the linux apt-
get, and will provide to you things that the apple don’t.

2. Install the aircrack-ng and create


necessary links:

With the homebrew installed, use this command:

brew install aircrack-ng

With the aircrack-ng installed, use this command:

sudo ln -s /usr/local/Cellar/aircrack-ng/1.1_2/bin/aircrack-ng
/usr/local/bin/aircrack-ng

Now the command are able to be used. The homebrew install folder
are “/usr/local/Cellar” and this command created a link of this folder
to be used directly on terminal. Other tool that will be necessary is
the airport. So we will create a other link too.

sudo ln -s
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport
/usr/local/bin/airport

3. Find a target to crack:

Ok, now we have our very useful tools prepared to start. Check if
your wifi are turn-in and let’s see wifis that are close.

airport -s

This is the list of wifi able. Are three important information that we
need look for, the RSS, channel and BSSID.

Chose the connection with less RSSI, the less is better. In this case
i’ll crack the last one.
Turn-off your connection but maintain the wifi turned-in. If you
don’t do, the interface en0 will be active and busy.

airport -z

4. Capturing a four way handshake:

Sniff the channel selected.

airport <interface> sniff <channel>

This command will sniff the traffic on channel and log on tmp
folder. You can see the log file with:

ls /tmp/airportSniff*.cap

Get the name of the file because we will use them in the next step.
This file is very important because it will contain the hash captured
by the handshake. And the brute force will try broke this hash
comparing with each line of the wordlist file.

6. Forcing a handshake with deauth –


(Death Authentication):

On Kali we can use the aireplay command, but on mac we don’t


have this tool. My suggestion is the JamWiFi
(http://macheads101.com/pages/downloads/mac/JamWiFi.app.zip).
With this software you can make a death authentication attack and
force a auto 4way handshake. Just press Scan, chose the target and
press Deauth to restart all connections.
Chose the network press JAM, Do it! and Done.

7. Starting the brute force by CPU:

Use this command:

aircrack-ng -1 -a 1 -b <BSSID> <cap_file> -w <wordlist>

The first information are about the tries, and the second one will
show each word of your wordlist that has been try.

And a long time after…

The Key FOUND! So, enjoy it.

8. Getting out:

To turn off the monitoring mode kill airport the process.

If it dosen’t work check if the JamWifi are scanning, you need close
it..

And it’s it, good look for find a wifi with a poor password…
… and review your pass.

Sem categoria
HACKING , MAC , SECURITY

17 thoughts on “Hacking: Aircrack-ng


on Mac OsX | Cracking wi-fi without
kali in parallels”

1. Lancelot
10 DE AUGUST DE 2018 AT 07:23
Hey, thanks for your guide, I do have a problem.
When i type “airport en0 sniff 11”, i get this “Could not open
device en0 (en0: You don’t have permission to capture on that
device ((cannot open BPF device) /dev/bpf0: Permission
denied)).”
Could you help me on solving it please ? Thanks !

REPLY
Martins Jean
13 DE AUGUST DE 2018 AT 19:59
Hi my friend, thanks for your comments
Well, i wrote this a some time ago, but i’ll try help you…
I believe that we must pay attention in the return of “airport -
z” command, it must be a broadcast and be inactive. When i
did this on kali, i needed use the interface en1, so try disable
the interface en0 or use other interface, like en1.
Tell-me if it’s worked

REPLY
jjgumucio
4 DE NOVEMBER DE 2018 AT 21:24
Maybe run the command using sudo?
“sudo airport en0 sniff 11”

REPLY
2. Fathed
3 DE SEPTEMBER DE 2018 AT 16:58
Amazing guide, thank you for this.

I can’t run a Scan with Jam while airport is sniffing. If I run a


scan first and select the network, I get no indication if Deauth
worked. I can select the network and then click Jam, and hit Jam
when I see packets flowing. Is this the same as Deauth? I am
looking for an indication of when I have collected the
handshakes via deauths.

REPLY
Martins Jean
2 DE NOVEMBER DE 2018 AT 19:29
great question, the deauth will works fast if your target has
some display to connect automatically (password saved)… In
your cap file will contain the hash of connection, you can
check using a “tail -f file.cap”.
About the Jam, i believe that your interface must be active, so
you can kill the process that is putting your interface as
innative.
I`ll do a video on youtube to show all steps, i think that will
be easier

Thanks by the comment.

REPLY
3. john
11 DE SEPTEMBER DE 2018 AT 21:13
JamWifi needs to be used on other Mac? I mean during sniffing
of airport, JamWifi can’t scan for networks on the same mac.

REPLY
Martins Jean
2 DE NOVEMBER DE 2018 AT 19:23
Can be, but it`s not necessary… Try able your interface (be
active)…
You can kill the process that is deactivating your interface…
If it dosent help send me other comment, i`ll do a video on
youtube to teach all steps.

REPLY
4. Sarvar Nadaf
27 DE SEPTEMBER DE 2018 AT 15:16
aircrack-ng -1 -a 1 -b -w
what i write at wordlist part ?

REPLY
Martins Jean
2 DE NOVEMBER DE 2018 AT 19:13
Hi sarvar,
the word list is the possibles passwords to be validated by the
script. Because the sniff will get the handshake hash, and the
script will check each values from wordlist to be if it will be
equal to the hash.
Has many wordlist on the web…

REPLY
5. zandrsn
14 DE OCTOBER DE 2018 AT 16:45
HI, thanks very much for your guide! Everything works for me
until I get to the step “airport sniff “. When I enter this command
with the correct variables I first get the (correct) response:
Capturing 802.11 frames on en0., but then I get the response
“Segmentation fault: 11”. I still get a file output to
/tmp/airportSniff.cap, but when I run the command “aircrack-
ng -1 -a 1 -b -w ” I get the response:
Opening /tmp/airportSniff.cap
read(file header) failed: Undefined error: 0
Read 0 packets.

0 potential targets

No matching network found – check your bssid.

Any ideas what is causing this Segmentation fault

REPLY
Martins Jean
2 DE NOVEMBER DE 2018 AT 19:10
Yes, it`s can happen because you didn`t get a handshake…
Because the “happy path” is:
1) monitor by some handshake
2) deauth every one
3) some console will automatically connect with a password
saved. And this moment will you listening and will get the
handshake hash.

If no display connected automatically, no handshake


Try with your own wiki to check if all steps are right, else
send-me other comment.

REPLY
6. clusk
23 DE OCTOBER DE 2018 AT 01:16
Hi – thank you very much for putting together this guide. trying
to run airport en0 sniff and getting segmentation fault 11 when
trying to run this command.

REPLY
Martins Jean
2 DE NOVEMBER DE 2018 AT 19:05
Hi Clusk,
please, check with ifconfig with the interface it`s right or if be
inative. Sometimes can be other interface, as en1 for example.
thanks for ask…
I`ll create a video on youtube to show better all steps.

REPLY
7. Daniel Galicia
31 DE OCTOBER DE 2018 AT 21:00
Hi Jean…. thanks for this tutorial… im getting the neccesary files
to start with the task…

I have a doubt about this step…

aircrack-ng -1 -a 1 -b -w

I need to rename “BSSID” with the target SSID?

“cap_file” with the name of the log file??

“wordlist” what do you mean with this??

I hope you can help me…

I want to try this for fun and impress some fellas jjajaj

thanks!

REPLY
Martins Jean
2 DE NOVEMBER DE 2018 AT 18:59
Hola Daniel,
bien? mira, creo que hablas español entonces voy a escribir
para entrenar…

si, la información tu debes cambiar por lá que tiene en el


JamWiFI. Lá informacion es donde se queda las
informaciones que tu agarraste por el sniff, paso 4, acá tiene
las informacionoes del handshake.
Lá ultima informacion debe tener una lista de palabras para
que el script intente, tiene muchos arquivo por la internet. es
eso?

En otro post escrebi como usar tu placa de video, sugiro


porque és un proceso muy custoso, entonces vá ser menos
despácio.

Voy hacer un video en youtube mostrando como hacer todos


los pasos, después informo.

Gracias por el comentário y perdón por mi español más o


menos. jajajaja

REPLY
8. Romain
15 DE NOVEMBER DE 2018 AT 14:28
Hi,

I am unable to capture from en0 as they say i dont have the


sufficient permission. Do you have any idea how I could get the
permission to en0?

Thanks a lot for your tutorial

REPLY
Martins Jean
15 DE NOVEMBER DE 2018 AT 21:02
Whats your macOS?

REPLY

BLOG AT WORDPRESS.COM.