newbie_guide
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
newbie_guide [2018/11/21 23:27] – [Discovering Networks] Refresh and fixes/improvements mister_x | newbie_guide [2018/11/21 23:31] (current) – [Further tools and information] updated mister_x | ||
---|---|---|---|
Line 119: | Line 119: | ||
Because of the channel hopping you won't capture all packets from your target net. So we want to listen just on one channel and additionally write all data to disk to be able to use it for cracking: | Because of the channel hopping you won't capture all packets from your target net. So we want to listen just on one channel and additionally write all data to disk to be able to use it for cracking: | ||
- | airodump-ng -c 11 --bssid 00: | + | airodump-ng -c 11 --bssid 00: |
With the -c parameter you tune to a channel and the parameter after -w is the prefix to the network dumps written to disk. The " | With the -c parameter you tune to a channel and the parameter after -w is the prefix to the network dumps written to disk. The " | ||
Line 151: | Line 151: | ||
Try to connect to your AP using [[aireplay-ng]]: | Try to connect to your AP using [[aireplay-ng]]: | ||
- | aireplay-ng --fakeauth 0 -e "your network ESSID" -a 00: | + | aireplay-ng --fakeauth 0 -e "your network ESSID" -a 00: |
The value after -a is the BSSID of your AP. | The value after -a is the BSSID of your AP. | ||
Line 185: | Line 185: | ||
Wait for a client to show up on the target network. Then start the attack: | Wait for a client to show up on the target network. Then start the attack: | ||
- | aireplay-ng --arpreplay -b 00: | + | aireplay-ng --arpreplay -b 00: |
-b specifies the target BSSID, -h the MAC of the connected client. | -b specifies the target BSSID, -h the MAC of the connected client. | ||
Line 200: | Line 200: | ||
the -r < | the -r < | ||
- | When using the arp injection technique, you can use the PTW method to crack the WEP key. This dramatically reduces the number of data packets you need and also the time needed. | + | When using the ARP injection technique, you can use the PTW method to crack the WEP key. This dramatically reduces the number of data packets you need and also the time needed. |
If the number of data packets received by airodump-ng sometimes stops increasing you maybe have to reduce the replay-rate. You do this with the -x <packets per second> option. I usually start out with 50 and reduce until packets are received continuously again. Better positioning of your antenna usually also helps. | If the number of data packets received by airodump-ng sometimes stops increasing you maybe have to reduce the replay-rate. You do this with the -x <packets per second> option. I usually start out with 50 and reduce until packets are received continuously again. Better positioning of your antenna usually also helps. | ||
Line 210: | Line 210: | ||
Keep your airodump-ng and aireplay-ng running. Open another window and run a [[deauthentication]] attack: | Keep your airodump-ng and aireplay-ng running. Open another window and run a [[deauthentication]] attack: | ||
- | aireplay-ng --deauth 5 -a 00: | + | aireplay-ng --deauth 5 -a 00: |
-a is the BSSID of the AP, -c the MAC of the targeted client. | -a is the BSSID of the AP, -c the MAC of the targeted client. | ||
- | Wait a few seconds and your arp replay should start running. | + | Wait a few seconds and your ARP replay should start running. |
- | Most clients try to reconnect automatically. But the risk that someone recognizes this attack or at least attention is drawn to the stuff happening on the WLAN is higher | + | Most clients try to reconnect automatically. But the risk that someone recognizes this attack or at least attention is drawn to the stuff happening on the WLAN is higher than with other attacks. |
- | than with other attacks. | + | |
====== Further tools and information ====== | ====== Further tools and information ====== | ||
- | [[https:// | + | |
+ | More tutorials can be found on [[tutorial|this page]]. |
newbie_guide.txt · Last modified: 2018/11/21 23:31 by mister_x