how_to_crack_wep_via_a_wireless_client
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
how_to_crack_wep_via_a_wireless_client [2007/05/22 21:12] – darkaudax | how_to_crack_wep_via_a_wireless_client [2007/11/10 23:16] – darkaudax | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Tutorial: | ====== Tutorial: | ||
- | Version: 1.14 May 16, 2007 \\ | + | Version: 1.16 August 25, 2007 \\ |
By: darkAudax \\ | By: darkAudax \\ | ||
\\ | \\ | ||
File linked to this tutorial: [[http:// | File linked to this tutorial: [[http:// | ||
+ | |||
===== Introduction ===== | ===== Introduction ===== | ||
Line 17: | Line 18: | ||
* You are within range of a client but not the access point itself | * You are within range of a client but not the access point itself | ||
- | I would like to acknowledge and thank the aircrack-ng | + | I would like to acknowledge and thank the [[http:// |
Please send me any constructive feedback, positive or negative. | Please send me any constructive feedback, positive or negative. | ||
Line 50: | Line 51: | ||
===Ethernet wired Workstation=== | ===Ethernet wired Workstation=== | ||
- | Operation | + | Operating |
MAC address: 00: | MAC address: 00: | ||
===Ethernet wired Workstation=== | ===Ethernet wired Workstation=== | ||
- | Operation | + | Operating |
MAC address: 00: | MAC address: 00: | ||
===Wireless Workstation=== | ===Wireless Workstation=== | ||
- | Operation | + | Operating |
MAC address: 00: | MAC address: 00: | ||
Line 82: | Line 83: | ||
First, capture packets going to/from the access point in question. | First, capture packets going to/from the access point in question. | ||
- | | + | |
You need one or more wireless clients active while you are doing this capture. | You need one or more wireless clients active while you are doing this capture. | ||
Line 136: | Line 137: | ||
Restart your packet capture if it not still going: | Restart your packet capture if it not still going: | ||
- | airodump-ng - -channel 9 - -bssid 00: | + | airodump-ng --channel 9 --bssid 00: |
- | Be sure not to use the "- -ivs" option since you will later use the PTW method to crack the WEP key. | + | Be sure NOT to use the "- -ivs" option since you will later use the PTW method to crack the WEP key. This is " |
Now use interactive replay in a second separate session: | Now use interactive replay in a second separate session: | ||
Line 149: | Line 150: | ||
===Scenario Two - Interactively pulling packets from live communication=== | ===Scenario Two - Interactively pulling packets from live communication=== | ||
- | In this scenario we are going do the capture and injection in real time. | + | In this scenario we are going do the capture and injection in real time. The objective is to select an arp request for a wireless client going to the client. |
First, start capturing packets going to/from the access point in question. | First, start capturing packets going to/from the access point in question. | ||
- | airodump-ng - -channel 9 - -bssid 00: | + | airodump-ng --channel 9 --bssid 00: |
Now start a separate second session to interactively capture and replay packets: | Now start a separate second session to interactively capture and replay packets: | ||
Line 190: | Line 191: | ||
Use this packet ? | Use this packet ? | ||
- | Remember, you may need to try a few packets to get it work. The ARP must be for a wireless client. Once you are successfully injecting packets, start aircrack-ng to determine the WEP key. | + | Remember, the objective is to select an arp request for a wireless client going to the client. |
=== Scenario Three - Creating a packet from a chopchop replay attack === | === Scenario Three - Creating a packet from a chopchop replay attack === | ||
Line 294: | Line 295: | ||
However, So if you are using 0.9 then the correct command is: | However, So if you are using 0.9 then the correct command is: | ||
- | packetforge-ng - -arp -a 00: | + | packetforge-ng --arp -a 00: |
* -a 00: | * -a 00: | ||
Line 307: | Line 308: | ||
The command example below is correct for version 0.6.2 for what we want to do. There was a bug in version 0.6.2 where by -k and -l parameters were reversed. | The command example below is correct for version 0.6.2 for what we want to do. There was a bug in version 0.6.2 where by -k and -l parameters were reversed. | ||
- | packetforge-ng - -arp -a 00: | + | packetforge-ng --arp -a 00: |
After creating the packet, use tcpdump to review it from a sanity point of view. See below. | After creating the packet, use tcpdump to review it from a sanity point of view. See below. |
how_to_crack_wep_via_a_wireless_client.txt · Last modified: 2018/03/11 20:17 by mister_x