User Tools

Site Tools


how_to_crack_wep_with_no_clients

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
how_to_crack_wep_with_no_clients [2009/09/26 14:34] – Fixed typos darkaudaxhow_to_crack_wep_with_no_clients [2018/03/11 20:15] (current) – [Introduction] Removed link to trac mister_x
Line 1: Line 1:
 ====== Tutorial: How to crack WEP with no wireless clients ====== ====== Tutorial: How to crack WEP with no wireless clients ======
-Version: 1.15 September 262009 \\+Version: 1.16 August 28201 \\
 By: darkAudax \\ By: darkAudax \\
 Video: [[http://video.aircrack-ng.org/noclient/|http://video.aircrack-ng.org/noclient/]] Video: [[http://video.aircrack-ng.org/noclient/|http://video.aircrack-ng.org/noclient/]]
Line 10: Line 10:
  
 It is recommended that you experiment with your home wireless access point to get familiar with these ideas and techniques. If you do not own a particular access point, please remember to get permission from the owner prior to playing with it. It is recommended that you experiment with your home wireless access point to get familiar with these ideas and techniques. If you do not own a particular access point, please remember to get permission from the owner prior to playing with it.
- 
-I would like to acknowledge and thank the [[http://trac.aircrack-ng.org/wiki/Team|Aircrack-ng team]] for producing such a great robust tool.  
  
 Please send me any constructive feedback, positive or negative. Additional troubleshooting ideas and tips are especially welcome. Please send me any constructive feedback, positive or negative. Additional troubleshooting ideas and tips are especially welcome.
Line 103: Line 101:
 In the response above, you can see that ath0 is in monitor mode, on the 2.452GHz frequency which is channel 9 and the Access Point shows the MAC address of your wireless card.  So everything is good.   It is important to confirm all this information prior to proceeding, otherwise the following steps will not work properly. (Note: If you are using a driver other than madwifi, then the Access Point field will be either invisible or show something other than your card's MAC address. This is normal.) In the response above, you can see that ath0 is in monitor mode, on the 2.452GHz frequency which is channel 9 and the Access Point shows the MAC address of your wireless card.  So everything is good.   It is important to confirm all this information prior to proceeding, otherwise the following steps will not work properly. (Note: If you are using a driver other than madwifi, then the Access Point field will be either invisible or show something other than your card's MAC address. This is normal.)
  
-To match the frequency to the channel, check out: +To match the frequency to the channel, check out: http://www.cisco.com/en/US/docs/wireless/technology/channel/deployment/guide/Channel.html#wp134132 .  This will give you the frequency for each channel.
-http://www.rflinx.com/help/calculations/#2.4ghz_wifi_channels then select the "Wifi Channel Selection and Channel Overlap" tab.  This will give you the frequency for each channel.+
  
 === Troubleshooting Tips === === Troubleshooting Tips ===
Line 232: Line 229:
            Use this packet ? y            Use this packet ? y
  
-When a packet from the access point arrives, enter "y" to proceed.  You may need to try a few to be successful.+When a packet from the access point arrives, enter "y" to proceed.  You may need to try a few different packets from the AP to be successful.  These packets have ""FromDS: 1".
  
-When successful, the system reponds:+When successful, the system responds:
  
    Saving chosen packet in replay_src-0203-180328.cap    Saving chosen packet in replay_src-0203-180328.cap
Line 380: Line 377:
   *-k 255.255.255.255 is the destination IP (most APs respond to 255.255.255.255)   *-k 255.255.255.255 is the destination IP (most APs respond to 255.255.255.255)
   *-l 255.255.255.255 is the source IP (most APs respond to 255.255.255.255)   *-l 255.255.255.255 is the source IP (most APs respond to 255.255.255.255)
-  *-y fragment-0203-180343.xor is file to read the PRGA from+  *-y fragment-0203-180343.xor is file to read the PRGA from (NOTE: Change the file name to the actual file name out in step 4 above)
   *-w arp-request is name of file to write the arp packet to   *-w arp-request is name of file to write the arp packet to
  
Line 451: Line 448:
         Use this packet ? y         Use this packet ? y
  
-Enter "y" to use this packet.  The system responds by showing how many packets it is injecting and reminds you to start airodumump if it has not already been started:+Enter "y" to use this packet.  The system responds by showing how many packets it is injecting and reminds you to start airodump-ng if it has not already been started:
  
    Saving chosen packet in replay_src-0204-104917.cap    Saving chosen packet in replay_src-0204-104917.cap
how_to_crack_wep_with_no_clients.1253968478.txt.gz · Last modified: 2009/09/26 14:34 by darkaudax