| Next revision | Previous revisionNext revisionBoth sides next revision |
| spanish_cracking_wpa [2007/07/20 20:37] – created spanish | spanish_cracking_wpa [2007/07/21 20:55] – spanish |
|---|
| |
| ===== Solución ===== | ===== Solución ===== |
| | |
| |
| ==== Contenidos ==== | ==== Contenidos ==== |
| Esto se puede hacer de forma activa o pasiva. "Activa" significa que podemos acelerar el proceso deautenticando a un cliente wireless. "Pasiva" significa que podemos esperar a que un cliente wireless se autentifique en la red WPA/WPA2. La ventaja de la forma pasiva es que no necesitamos inyectar y por lo tanto podremos utilizarla desde Windows. | Esto se puede hacer de forma activa o pasiva. "Activa" significa que podemos acelerar el proceso deautenticando a un cliente wireless. "Pasiva" significa que podemos esperar a que un cliente wireless se autentifique en la red WPA/WPA2. La ventaja de la forma pasiva es que no necesitamos inyectar y por lo tanto podremos utilizarla desde Windows. |
| |
| Here are the basic steps we will be going through: | Aquí estań los pasos que vamos a seguir: |
| | |
| | - Colocar la interface wireless en modo monitor y especificar el canal del AP |
| | - Iniciar airodump-ng en el canal del AP con filtro de bssid para capturar el handshake |
| | - Usar aireplay-ng para deautentificar a un cliente conectado |
| | - Ejecutar aircrack-ng para obtener la clave pre-compartida usando ese handshake |
| |
| - Start the wireless interface in monitor mode on the specific AP channel | |
| - Start airodump-ng on AP channel with filter for bssid to collect authentication handshake | |
| - Use aireplay-ng to deauthenticate the wireless client | |
| - Run aircrack-ng to crack the pre-shared key using the authentication handshake | |
| |
| |
| ==== Step 1 - Start the wireless interface in monitor mode ==== | ==== Paso 1 - Colocar la interface wireless en modo monitor y especificar el canal del AP ==== |
| |
| The purpose of this step is to put your card into what is called monitor mode. Monitor mode is the mode whereby your card can listen to every packet in the air. Normally your card will only "hear" packets addressed to you. By hearing every packet, we can later capture the WPA/WPA2 4-way handshake. As well, it will allow us to optionally deauthenticate a wireless client in a later step. | El propósito de este paso es colocar la tarjeta en el modo denominado modo monitor. En este modo la tarjeta wireless puede escuchar y capturar cualquier paquete en el aire. En cambio, en el modo normal la tarjeta solo "escuchará" los paquetes que van destinados a la misma. Escuchando todos los paquetes, podremos más adelante capturar los 4 paquetes que forman el handshake WPA/WPA2. Y opcionalmente tambien podremos deautenticar a un cliente wireless. |
| |
| |
| First stop ath0 by entering: | Primero para la interface ath0 escribiendo: |
| |
| airmon-ng stop ath0 | airmon-ng stop ath0 |
| |
| The system responds: | El sistema nos responderá: |
| |
| Interface Chipset Driver | Interface Chipset Driver |
| ath0 Atheros madwifi-ng VAP (parent: wifi0) (VAP destroyed) | ath0 Atheros madwifi-ng VAP (parent: wifi0) (VAP destroyed) |
| |
| Enter "iwconfig" to ensure there are no other athX interfaces. It should look similar to this: | Escribe "iwconfig" para comprobar que no hay mas interfaces athX. Deberás ver algo como esto: |
| |
| lo no wireless extensions. | lo no wireless extensions. |
| wifi0 no wireless extensions. | wifi0 no wireless extensions. |
| | |
| If there are any remaining athX interfaces, then stop each one. When you are finished, run "iwconfig" to ensure there are none left. | Si queda alguna interface athX, para cada una de ellas. Cuando termines, ejecuta "iwconfig" para verificar que ya no queda ninguna. |
| |
| Now, enter the following command to start the wireless card on channel 9 in monitor mode: | Ahora, escribe el siguiente comando para poner la tarjeta wireless en modo monitor en el canal 9: |
| |
| airmon-ng start wifi0 9 | airmon-ng start wifi0 9 |
| |
| Note: In this command we use "wifi0" instead of our wireless interface of "ath0". This is because the madwifi-ng drivers are being used. | Nota: En este comando usamos “wifi0” en lugar de nuestra interface “ath0”. Esto se debe a que estamos usando los drivers madwifi-ng y no madwifi-old. |
| |
| The system will respond: | El sistema nos responderá: |
| |
| Interface Chipset Driver | Interface Chipset Driver |
| ath0 Atheros madwifi-ng VAP (parent: wifi0) (monitor mode enabled) | ath0 Atheros madwifi-ng VAP (parent: wifi0) (monitor mode enabled) |
| |
| You will notice that "ath0" is reported above as being put into monitor mode. | Puedes observar que “ath0” aparece colocada en modo monitor. |
| |
| To confirm the interface is properly setup, enter "iwconfig". | Para confirmar que la interface está bien configurada, escribimos “iwconfig”. |
| |
| The system will respond: | El sistema nos responderá: |
| |
| lo no wireless extensions. | lo no wireless extensions. |
| Tx excessive retries:0 Invalid misc:0 Missed beacon:0 | Tx excessive retries:0 Invalid misc:0 Missed beacon:0 |
| |
| In the response above, you can see that ath0 is in monitor mode, on the 2.452GHz frequency which is channel 9 and the Access Point shows the MAC address of your wireless card. Only the madwifi-ng drivers show the card MAC address in the AP field, other drivers do not. So everything is good. It is important to confirm all this information prior to proceeding, otherwise the following steps will not work properly. | Podemos ver que ath0 está en modo monitor, en la frecuencia 2.452GHz que corresponde al canal 9 y en "Access Point" vemos la dirección MAC de nuestra tarjeta wireless. Es importante comprobar toda esta información antes de continuar, ya que sino no funcionará. |
| |
| To match the frequency to the channel, check out: | Para ver la correspondencia entre frecuencia y canal, mira: |
| http://www.rflinx.com/help/calculations/#2.4ghz_wifi_channels then select the "Wifi Channel Selection and Channel Overlap" tab. This will give you the frequency for each channel. | http://www.rflinx.com/help/calculations/#2.4ghz_wifi_channels y selecciona "Wifi Channel Selection and Channel Overlap" Así obtendrás la frecuencia para cada canal. |
| |
| |
| ==== Step 2 - Start airodump-ng to collect authentication handshake ==== | ==== Paso 2 - Iniciar airodump-ng para capturar el handshake ==== |
| |
| The purpose of this step is run airodump-ng to capture the 4-way authentication handshake for the AP we are interested in. | El prpósito de este paso es ejecutar airodump-ng para capturar los 4 paquetes del handshake en el momento que un cliente se autentifica con el AP en el que estamos interesados. |
| |
| Enter: | Escribe: |
| |
| airodump-ng -c 9 --bssid 00:14:6C:7E:40:80 -w psk ath0 | airodump-ng -c 9 --bssid 00:14:6C:7E:40:80 -w psk ath0 |
| |
| Where: | Donde: |
| *-c 9 is the channel for the wireless network | *-c 9 es el canal de la red wireless |
| *- -bssid 00:14:6C:7E:40:80 is the access point MAC address. This eliminate extraneous traffic. | *- -bssid 00:14:6C:7E:40:80 es la dirección MAC del AP. Esto elimina el tráfico de otras redes. |
| *-w psk is the file name prefix for the file which will contain the IVs. | *-w psk es el nombre del archivo en el que guardaremos los IVs. |
| *ath0 is the interface name. | *ath0 es el nombre de nuestra interface. |
| |
| Important: Do NOT use the "- -ivs" option. You must capture the full packets. | Important: Do NOT use the "- -ivs" option. You must capture the full packets. |
