User Tools

Site Tools


flowchart

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
flowchart [2008/05/09 23:33]
netrolller3d Fix chopchop vs. fragmentation confusion.
flowchart [2012/04/02 14:33]
wims changed aircrack-ng to airodump-ng in section 1
Line 1: Line 1:
 ======Simple Wep Cracking with a flowchart====== ======Simple Wep Cracking with a flowchart======
  
-Last update: ​Aug 202007 \\+Last update: ​May 92008 \\
 Author: matts Author: matts
  
Line 25: Line 25:
 Running airodump-ng with no parameters will show you every AP in your area.  You will want to use a few parameters to single out the AP you are trying to crack, so you only collect the information you need. Running airodump-ng with no parameters will show you every AP in your area.  You will want to use a few parameters to single out the AP you are trying to crack, so you only collect the information you need.
  
-  ​aircrack-ng -c 6 --bssid 11:​22:​33:​44:​55:​66 -w output+  ​airodump-ng -c 6 --bssid 11:​22:​33:​44:​55:​66 -w output
  
 ^-c 6|Sets channel to 6, change the number to whatever channel your AP is on.  Very important, so you are not chan hopping.| ^-c 6|Sets channel to 6, change the number to whatever channel your AP is on.  Very important, so you are not chan hopping.|
Line 35: Line 35:
 See the following URL's for compatibility information:​ See the following URL's for compatibility information:​
  
-^Cards|http://​aircrack-ng.org/​doku.php?​id=compatible_cards| +^Cards|[[compatible_cards]]
-^Drivers|http://​aircrack-ng.org/​doku.php?​id=compatibility_drivers| +^Drivers|[[compatibility_drivers]]
-^Patching|http://​aircrack-ng.org/​doku.php?​id=install_drivers|+^Patching|[[install_drivers]]|
  
 =====Section 3:  Associating to the AP===== =====Section 3:  Associating to the AP=====
Line 47: Line 47:
 =====Section 5:  Is the AP sending out ANY data?===== =====Section 5:  Is the AP sending out ANY data?=====
 In order to crack anything, the AP has to send out at least 1 packet. ​ This packet will be used on the chopchop (-4) or fragmentation (-5) attack, or hopefully the arpinteractive (-3) attack. ​ If the AP is not sending out any data, it likely means no one is connected to the AP via wired or wireless. ​  You will just have to wait, keep airodump-ng running with the -w switch (to output data) overnight, and you may get lucky.  ​ In order to crack anything, the AP has to send out at least 1 packet. ​ This packet will be used on the chopchop (-4) or fragmentation (-5) attack, or hopefully the arpinteractive (-3) attack. ​ If the AP is not sending out any data, it likely means no one is connected to the AP via wired or wireless. ​  You will just have to wait, keep airodump-ng running with the -w switch (to output data) overnight, and you may get lucky.  ​
 +
  
  
 =====Section 6:  Generate an XOR file (chopcop or fragmentation attack)===== =====Section 6:  Generate an XOR file (chopcop or fragmentation attack)=====
-The point of cracking is to generate data.  You can generate data in Section 4, but sometimes there are no clients connected to wifi, but the AP is still sending out data.  In this case, you will want to capture the data that the AP is sending out, and use it to determine a valid XOR keystream (basically a file which allows you to create a packet with out knowing the key).   The two attacks for this are "​fragmentation"​ and "​chop-chop"​. ​ Fragmentation is quickest, but you have to have a good connection to the AP (be close to the AP), and it doesn'​t work with all cards. +The point of cracking is to generate data.  You can generate data in Section 4, but sometimes there are no clients connected to wifi, but the AP is still sending out data.  In this case, you will want to capture the data that the AP is sending out, and use it to determine a valid XOR keystream (basically a file which allows you to create a packet with out knowing the key).   The two attacks for this are "​fragmentation"​ and "​chop-chop"​. ​ Fragmentation is quickest, but you have to have a good connection to the AP (be close to the AP), and it doesn'​t work with all cards. ​ Chop-chop usually works with all cards, but it doesn'​t always work on every AP. 
-  ​Chop-chop usually works with all cards, but it doesn'​t always work on every AP.+
  
 =====Section 7:  Frag / Chop-chop failed===== =====Section 7:  Frag / Chop-chop failed=====
Line 62: Line 63:
   * Most AP's are ok with 30-50 packets per second (-x 30 or -x 50), if they are the type that ignore you for sending packets too fast.   * Most AP's are ok with 30-50 packets per second (-x 30 or -x 50), if they are the type that ignore you for sending packets too fast.
   * The AP may ignore you if your MAC address is not the same as the packet'​s MAC address, so you can spoof your mac address to suit the packet.   * The AP may ignore you if your MAC address is not the same as the packet'​s MAC address, so you can spoof your mac address to suit the packet.
 +  * Some APs don't discard corrupted packets correctly. Such APs are not vulnerable to chopchop.
  
 =====Section 8:  Success! ​ XOR Keystream file generated.===== =====Section 8:  Success! ​ XOR Keystream file generated.=====
Line 72: Line 74:
  
 This will open up any file starting with "​output-"​ and ending with "​.cap"​. This will open up any file starting with "​output-"​ and ending with "​.cap"​.
 +
  
 =====Section 10:  Attack wont work at this time===== =====Section 10:  Attack wont work at this time=====
Line 79: Line 82:
   * Turn off MAC filtering and WPA/WPA2.   * Turn off MAC filtering and WPA/WPA2.
   * The AP isn't sending out any data, you will have to wait, or manually generate some data on your network.   * The AP isn't sending out any data, you will have to wait, or manually generate some data on your network.
-  * Frag/​ChopChop aren't working... ​fragmentation ​may or may not work, and chopchop ​is very sensitive to distance from AP.+  * Frag/​ChopChop aren't working... ​chopchop ​may or may not work, and fragmentation ​is very sensitive to distance from AP.
  
 =====EOF===== =====EOF=====
 I hope you have found this tutorial helpful. I hope you have found this tutorial helpful.
  
flowchart.txt · Last modified: 2012/04/02 14:33 by wims