User Tools

Site Tools


flowchart

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
flowchart [2007/08/21 01:37]
darkaudax Cleaned up typos and a small amount of formatting
flowchart [2012/04/02 14:33] (current)
wims changed aircrack-ng to airodump-ng in section 1
Line 1: Line 1:
 ======Simple Wep Cracking with a flowchart====== ======Simple Wep Cracking with a flowchart======
  
-Last update: ​Aug 192007 \\+Last update: ​May 92008 \\
 Author: matts Author: matts
  
Line 20: Line 20:
 =====The following sections correspond to the flow chart'​s blocks.===== =====The following sections correspond to the flow chart'​s blocks.=====
 Read the flowchart to understand where the section is in the flowchart so you get a better understanding on the flow.  The section numbers do not correlate to the procedure for cracking. Read the flowchart to understand where the section is in the flowchart so you get a better understanding on the flow.  The section numbers do not correlate to the procedure for cracking.
 +
  
 =====Section 1:  Singling out the AP you are cracking.===== =====Section 1:  Singling out the AP you are cracking.=====
 Running airodump-ng with no parameters will show you every AP in your area.  You will want to use a few parameters to single out the AP you are trying to crack, so you only collect the information you need. Running airodump-ng with no parameters will show you every AP in your area.  You will want to use a few parameters to single out the AP you are trying to crack, so you only collect the information you need.
  
-  ​aircrack-ng -c 6 --bssid 11:​22:​33:​44:​55:​66 -w output+  ​airodump-ng -c 6 --bssid 11:​22:​33:​44:​55:​66 -w output
  
 ^-c 6|Sets channel to 6, change the number to whatever channel your AP is on.  Very important, so you are not chan hopping.| ^-c 6|Sets channel to 6, change the number to whatever channel your AP is on.  Very important, so you are not chan hopping.|
-^--bssid 11:​22:​33:​44:​55:​66|Sets the BSSID to single out.  This is set to your AP's MAC Address (seen in airodump-ng)|+^-''''​-bssid 11:​22:​33:​44:​55:​66|Sets the BSSID to single out.  This is set to your AP's MAC Address (seen in airodump-ng)|
 ^-w output|Sets the output file, this will start outputting data to output-##​.cap| ^-w output|Sets the output file, this will start outputting data to output-##​.cap|
 +
  
 =====Section 2:  Ensure your drivers are patched and compatible===== =====Section 2:  Ensure your drivers are patched and compatible=====
 See the following URL's for compatibility information:​ See the following URL's for compatibility information:​
  
-^Cards|http://​aircrack-ng.org/​doku.php?​id=compatible_cards| +^Cards|[[compatible_cards]]
-^Drivers|http://​aircrack-ng.org/​doku.php?​id=compatibility_drivers|+^Drivers|[[compatibility_drivers]]| 
 +^Patching|[[install_drivers]]|
  
 =====Section 3:  Associating to the AP===== =====Section 3:  Associating to the AP=====
Line 44: Line 47:
 =====Section 5:  Is the AP sending out ANY data?===== =====Section 5:  Is the AP sending out ANY data?=====
 In order to crack anything, the AP has to send out at least 1 packet. ​ This packet will be used on the chopchop (-4) or fragmentation (-5) attack, or hopefully the arpinteractive (-3) attack. ​ If the AP is not sending out any data, it likely means no one is connected to the AP via wired or wireless. ​  You will just have to wait, keep airodump-ng running with the -w switch (to output data) overnight, and you may get lucky.  ​ In order to crack anything, the AP has to send out at least 1 packet. ​ This packet will be used on the chopchop (-4) or fragmentation (-5) attack, or hopefully the arpinteractive (-3) attack. ​ If the AP is not sending out any data, it likely means no one is connected to the AP via wired or wireless. ​  You will just have to wait, keep airodump-ng running with the -w switch (to output data) overnight, and you may get lucky.  ​
 +
 +
  
 =====Section 6:  Generate an XOR file (chopcop or fragmentation attack)===== =====Section 6:  Generate an XOR file (chopcop or fragmentation attack)=====
-The point of cracking is to generate data.  You can generate data in Section 4, but sometimes there are no clients connected to wifi, but the AP is still sending out data.  In this case, you will want to capture the data that the AP is sending out, and use it to determine a valid XOR keystream (basically a file which allows you to create a packet with out knowing the key).   The two attacks for this are "​fragmentation"​ and "​chop-chop"​. ​ Fragmentation is quickest, but it doesn'​t always work on every AP.  Chop-chop usually works, but you have to have a good connection to the AP (be close to the AP).+The point of cracking is to generate data.  You can generate data in Section 4, but sometimes there are no clients connected to wifi, but the AP is still sending out data.  In this case, you will want to capture the data that the AP is sending out, and use it to determine a valid XOR keystream (basically a file which allows you to create a packet with out knowing the key).   The two attacks for this are "​fragmentation"​ and "​chop-chop"​. ​ Fragmentation is quickest, but you have to have a good connection to the AP (be close to the AP), and it doesn'​t work with all cards. ​ Chop-chop usually works with all cards, but it doesn'​t always work on every AP. 
  
 =====Section 7:  Frag / Chop-chop failed===== =====Section 7:  Frag / Chop-chop failed=====
Line 57: Line 63:
   * Most AP's are ok with 30-50 packets per second (-x 30 or -x 50), if they are the type that ignore you for sending packets too fast.   * Most AP's are ok with 30-50 packets per second (-x 30 or -x 50), if they are the type that ignore you for sending packets too fast.
   * The AP may ignore you if your MAC address is not the same as the packet'​s MAC address, so you can spoof your mac address to suit the packet.   * The AP may ignore you if your MAC address is not the same as the packet'​s MAC address, so you can spoof your mac address to suit the packet.
 +  * Some APs don't discard corrupted packets correctly. Such APs are not vulnerable to chopchop.
  
 =====Section 8:  Success! ​ XOR Keystream file generated.===== =====Section 8:  Success! ​ XOR Keystream file generated.=====
Line 67: Line 74:
  
 This will open up any file starting with "​output-"​ and ending with "​.cap"​. This will open up any file starting with "​output-"​ and ending with "​.cap"​.
 +
  
 =====Section 10:  Attack wont work at this time===== =====Section 10:  Attack wont work at this time=====
Line 74: Line 82:
   * Turn off MAC filtering and WPA/WPA2.   * Turn off MAC filtering and WPA/WPA2.
   * The AP isn't sending out any data, you will have to wait, or manually generate some data on your network.   * The AP isn't sending out any data, you will have to wait, or manually generate some data on your network.
-  * Frag/​ChopChop aren't working... ​fragmentation ​may or may not work, and chopchop ​is very sensitive to distance from AP.+  * Frag/​ChopChop aren't working... ​chopchop ​may or may not work, and fragmentation ​is very sensitive to distance from AP.
  
 =====EOF===== =====EOF=====
 I hope you have found this tutorial helpful. I hope you have found this tutorial helpful.
  
flowchart.1187653067.txt.gz · Last modified: 2007/08/21 01:37 by darkaudax