Next revision | Previous revisionNext revisionBoth sides next revision |
spanish_cracking_wpa [2007/07/20 20:37] – created spanish | spanish_cracking_wpa [2007/07/21 20:51] – spanish |
---|
| |
===== Solución ===== | ===== Solución ===== |
| |
| |
==== Contenidos ==== | ==== Contenidos ==== |
Esto se puede hacer de forma activa o pasiva. "Activa" significa que podemos acelerar el proceso deautenticando a un cliente wireless. "Pasiva" significa que podemos esperar a que un cliente wireless se autentifique en la red WPA/WPA2. La ventaja de la forma pasiva es que no necesitamos inyectar y por lo tanto podremos utilizarla desde Windows. | Esto se puede hacer de forma activa o pasiva. "Activa" significa que podemos acelerar el proceso deautenticando a un cliente wireless. "Pasiva" significa que podemos esperar a que un cliente wireless se autentifique en la red WPA/WPA2. La ventaja de la forma pasiva es que no necesitamos inyectar y por lo tanto podremos utilizarla desde Windows. |
| |
Here are the basic steps we will be going through: | Aquí estań los pasos que vamos a seguir: |
| |
- Start the wireless interface in monitor mode on the specific AP channel | - Colocar la interface wireless en modo monitor y especificar el canal del AP |
- Start airodump-ng on AP channel with filter for bssid to collect authentication handshake | - Iniciar airodump-ng en el canal del AP con filtro de bssid para capturar el handshake |
- Use aireplay-ng to deauthenticate the wireless client | - Usar aireplay-ng para deautentificar a un cliente conectado |
- Run aircrack-ng to crack the pre-shared key using the authentication handshake | - Ejecutar aircrack-ng para obtener la clave pre-compartida usando ese handshake |
| |
| |
==== Step 1 - Start the wireless interface in monitor mode ==== | |
| |
The purpose of this step is to put your card into what is called monitor mode. Monitor mode is the mode whereby your card can listen to every packet in the air. Normally your card will only "hear" packets addressed to you. By hearing every packet, we can later capture the WPA/WPA2 4-way handshake. As well, it will allow us to optionally deauthenticate a wireless client in a later step. | |
| |
| ==== Paso 1 - Colocar la interface wireless en modo monitor y especificar el canal del AP ==== |
| |
First stop ath0 by entering: | El propósito de este paso es colocar la tarjeta en el modo denominado modo monitor. En este modo la tarjeta wireless puede escuchar y capturar cualquier paquete en el aire. En cambio, en el modo normal la tarjeta solo "escuchará" los paquetes que van destinados a la misma. Escuchando todos los paquetes, podremos más adelante capturar los 4 paquetes que forman el handshake WPA/WPA2. Y opcionalmente tambien podremos deautenticar a un cliente wireless. |
| |
| |
| Primero para la interface ath0 escribiendo: |
| |
airmon-ng stop ath0 | airmon-ng stop ath0 |
| |
The system responds: | El sistema nos responderá: |
| |
Interface Chipset Driver | Interface Chipset Driver |
ath0 Atheros madwifi-ng VAP (parent: wifi0) (VAP destroyed) | ath0 Atheros madwifi-ng VAP (parent: wifi0) (VAP destroyed) |
| |
Enter "iwconfig" to ensure there are no other athX interfaces. It should look similar to this: | Escribe "iwconfig" para comprobar que no hay mas interfaces athX. Deberás ver algo como esto: |
| |
lo no wireless extensions. | lo no wireless extensions. |
wifi0 no wireless extensions. | wifi0 no wireless extensions. |
| |
If there are any remaining athX interfaces, then stop each one. When you are finished, run "iwconfig" to ensure there are none left. | Si queda alguna interface athX, para cada una de ellas. Cuando termines, ejecuta "iwconfig" para verificar que ya no queda ninguna. |
| |
Now, enter the following command to start the wireless card on channel 9 in monitor mode: | Ahora, escribe el siguiente comando para poner la tarjeta wireless en modo monitor en el canal 9: |
| |
airmon-ng start wifi0 9 | airmon-ng start wifi0 9 |
| |
Note: In this command we use "wifi0" instead of our wireless interface of "ath0". This is because the madwifi-ng drivers are being used. | Nota: En este comando usamos “wifi0” en lugar de nuestra interface “ath0”. Esto se debe a que estamos usando los drivers madwifi-ng y no madwifi-old. |
| |
The system will respond: | El sistema nos responderá: |
| |
Interface Chipset Driver | Interface Chipset Driver |
ath0 Atheros madwifi-ng VAP (parent: wifi0) (monitor mode enabled) | ath0 Atheros madwifi-ng VAP (parent: wifi0) (monitor mode enabled) |
| |
You will notice that "ath0" is reported above as being put into monitor mode. | Puedes observar que “ath0” aparece colocada en modo monitor. |
| |
To confirm the interface is properly setup, enter "iwconfig". | Para confirmar que la interface está bien configurada, escribimos “iwconfig”. |
| |
The system will respond: | El sistema nos responderá: |
| |
lo no wireless extensions. | lo no wireless extensions. |
Tx excessive retries:0 Invalid misc:0 Missed beacon:0 | Tx excessive retries:0 Invalid misc:0 Missed beacon:0 |
| |
In the response above, you can see that ath0 is in monitor mode, on the 2.452GHz frequency which is channel 9 and the Access Point shows the MAC address of your wireless card. Only the madwifi-ng drivers show the card MAC address in the AP field, other drivers do not. So everything is good. It is important to confirm all this information prior to proceeding, otherwise the following steps will not work properly. | Podemos ver que ath0 está en modo monitor, en la frecuencia 2.452GHz que corresponde al canal 9 y en "Access Point" vemos la dirección MAC de nuestra tarjeta wireless. Es importante comprobar toda esta información antes de continuar, ya que sino no funcionará. |
| |
To match the frequency to the channel, check out: | |
http://www.rflinx.com/help/calculations/#2.4ghz_wifi_channels then select the "Wifi Channel Selection and Channel Overlap" tab. This will give you the frequency for each channel. | |
| |
| Para ver la correspondencia entre frecuencia y canal, mira: |
| http://www.rflinx.com/help/calculations/#2.4ghz_wifi_channels y selecciona "Wifi Channel Selection and Channel Overlap" Así obtendrás la frecuencia para cada canal. |
| |
==== Step 2 - Start airodump-ng to collect authentication handshake ==== | ==== Step 2 - Start airodump-ng to collect authentication handshake ==== |