ipw2200_generic
                Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| ipw2200_generic [2007/08/29 18:53] – valid destination IPs drio | ipw2200_generic [2009/09/26 14:27] (current) – Fixed typos darkaudax | ||
|---|---|---|---|
| Line 6: | Line 6: | ||
| - screen usage example | - screen usage example | ||
| - Different attacks | - Different attacks | ||
| - | - More detailed | + | - More detailed | 
| - | - upgrade | + | - upgrade | 
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| ===== Introduction ===== | ===== Introduction ===== | ||
| - | This document is based in this [[http://tinyshell.be/ | + | This document is based in this [[http://forum.aircrack-ng.org/ | 
| When I started using the aircrack-ng tools I did not have the | When I started using the aircrack-ng tools I did not have the | ||
| - | [[Compatibility_Drivers|best hardware]] for it. I only had an ibm thinkpad t42 that comes with an intel 2200BG card. | + | [[Compatibility_Drivers|best hardware]] for it. I only had an IBM Thinkpad T42 that comes with an Intel 2200BG card. | 
| Most of the wep attacks require to inject some packets in the network in order to speed up the process of gathering IVs. In order to do that, the device | Most of the wep attacks require to inject some packets in the network in order to speed up the process of gathering IVs. In order to do that, the device | ||
| driver that we use for controlling our card has to support injection. This [[newbie_guide|tutorial]] explains you how to compile and install modules in your | driver that we use for controlling our card has to support injection. This [[newbie_guide|tutorial]] explains you how to compile and install modules in your | ||
| Line 35: | Line 26: | ||
| *4 - Configure the wireless parameters using iwconfig. | *4 - Configure the wireless parameters using iwconfig. | ||
| *5 - Collect data with airodump-ng | *5 - Collect data with airodump-ng | ||
| - | *5 - Launch the chopchop attack | + | *5 - Launch the [[korek_chopchop|chopchop]] attack | 
| - | *6 - Create the arp request packet | + | *6 - Create the ARP request packet | 
| - | *7 - Send the arp request over and over | + | *7 - Send the ARP request over and over | 
| *8 - Wait to gather enough IVs | *8 - Wait to gather enough IVs | ||
| - | *9 - Crack the wep key using aircrack-ng | + | *9 - Crack the WEP key using aircrack-ng | 
| Keep in mind that we are going to be running different commands and we will need to check switch between them. Most | Keep in mind that we are going to be running different commands and we will need to check switch between them. Most | ||
| documents recommend to start [[http:// | documents recommend to start [[http:// | ||
| There is another option: [[http:// | There is another option: [[http:// | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| ===== Verify that our ipw2200 card is recognized by the OS (Linux) ===== | ===== Verify that our ipw2200 card is recognized by the OS (Linux) ===== | ||
| Line 68: | Line 54: | ||
|  |  | ||
| - | That command will list all the pci devices connected to the pci bus. You should see something similar to this when you run it on your machine. | + | That command will list all the PCI devices connected to the pci bus. You should see something similar to this when you run it on your machine. | 
| Note I removed most of the output. | Note I removed most of the output. | ||
| Line 82: | Line 68: | ||
| That's the method I would recommend. But, if you are using the latest version of airodump-ng (we'll use it in the next section) you can | That's the method I would recommend. But, if you are using the latest version of airodump-ng (we'll use it in the next section) you can | ||
| - | tell the program to creat the rtap0 device for you: | + | tell the program to create | 
| # airodump-ng -c X rtap0 | # airodump-ng -c X rtap0 | ||
| Line 89: | Line 75: | ||
| Ok, so we have verified that we have an ipw2200 card and that Linux can talk to it. | Ok, so we have verified that we have an ipw2200 card and that Linux can talk to it. | ||
| - | |||
| - | |||
| ===== List available networks ===== | ===== List available networks ===== | ||
| Line 101: | Line 85: | ||
| === NOTE: === | === NOTE: === | ||
| I am assuming that linux mapped your wireless card under eth1. Most likely you have an ethernet card under eth0. | I am assuming that linux mapped your wireless card under eth1. Most likely you have an ethernet card under eth0. | ||
| - | |||
| - | |||
| ===== Change the MAC address of our card ===== | ===== Change the MAC address of our card ===== | ||
| - | This step is optional but it will give us some anonimyty. On a new window: | + | This step is optional but it will give us some anonymity. On a new window: | 
| # ifconfig eth1 up hw ether 00: | # ifconfig eth1 up hw ether 00: | ||
| - | |||
| - | |||
| - | |||
| ===== Configure the wireless parameters ===== | ===== Configure the wireless parameters ===== | ||
| Line 119: | Line 98: | ||
| # iwconfig eth1 essid < | # iwconfig eth1 essid < | ||
| - | Due to some limitations with the firmware we have to force a fakekey and set managed mode to ensure the airdump-ng tools work properly. | + | Due to some limitations with the firmware we have to force a fakekey and set managed mode to ensure the aircrack-ng tools work properly. | 
| ESSID is the name of the wireless network of our target AP. Channel is the wireless channel. | ESSID is the name of the wireless network of our target AP. Channel is the wireless channel. | ||
| - | |||
| - | |||
| - | |||
| ===== Collect data with airodump-ng ===== | ===== Collect data with airodump-ng ===== | ||
| Line 136: | Line 112: | ||
| As we said before, if you are running the latest version of airodump-ng, | As we said before, if you are running the latest version of airodump-ng, | ||
| - | |||
| - | |||
| ===== Launch the chopchop attack ===== | ===== Launch the chopchop attack ===== | ||
| Line 153: | Line 127: | ||
| vulnerable to the chopchop attack. I also received an error stating the checksum didn't match. I just re-ran aireplay and it was fine. | vulnerable to the chopchop attack. I also received an error stating the checksum didn't match. I just re-ran aireplay and it was fine. | ||
| - | If the attack fails, try to rerun the command again ommiting | + | If the attack fails, try to rerun the command again omitting | 
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| ===== Create the arp request packet ===== | ===== Create the arp request packet ===== | ||
| - | Now we will create an arp-request packet using the aquired | + | Now we will create an arp-request packet using the acquired | 
| - | If you use valid destination IPs then you will be running an amplification attack. This can be run in the same window we run the chopchop attack: | + | If you use valid destination IPs then you will be running an [[arp_amplification|amplification attack]]. This can be run in the same window | 
| + | we run the chopchop attack: | ||
| # packetforge-ng -0 -a <AP MAC> -h 00: | # packetforge-ng -0 -a <AP MAC> -h 00: | ||
| - | |||
| - | |||
| - | |||
| ===== Send the arp request over and over ===== | ===== Send the arp request over and over ===== | ||
| Line 176: | Line 143: | ||
| # aireplay-ng -2 -r arp-request eth1 | # aireplay-ng -2 -r arp-request eth1 | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| ===== Wait to gather enough IVs ===== | ===== Wait to gather enough IVs ===== | ||
| - | We have to wait now so airodump-ng gathers enough data (enough IVs) so we can run airocrack-ng. | + | We have to wait now so airodump-ng gathers enough data (enough IVs) so we can run aircrack-ng. | 
| - | How many packages we need so airocrack-ng cracks the wep key? It depends. The version of | + | How many packages we need so aircrack-ng cracks the wep key? It depends. The version of | 
| - | airocrack-ng that comes with backtrack2 is not the lastest | + | aircrack-ng that comes with backtrack2 is not the latest | 
| - | that have reduced the number | + | If we are using the latest version | 
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| - | + | ||
| ===== Crack the wep key using aircrack-ng ===== | ===== Crack the wep key using aircrack-ng ===== | ||
| Line 201: | Line 155: | ||
| In another window we launch: | In another window we launch: | ||
| - | # aircrack-ng dump*.cap | + | # aircrack-ng | 
| - | Depending the number of packages you have gathered, this may take some minutes or you may get the key inmediately. | + | Depending the number of packages you have gathered, this may take some minutes or you may get the key immediately. | 
| + | The -z argument tells aircrack-ng to also try the PTW attack. If you version of aircrack-ng doesn' | ||
| + | omit it. | ||
| === NOTE: === | === NOTE: === | ||
| Line 210: | Line 166: | ||
| wait for more data to be gathered. | wait for more data to be gathered. | ||
| - | |||
| - | |||
ipw2200_generic.1188406396.txt.gz · Last modified:  by drio
                
                