ipw2200_generic
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
ipw2200_generic [2007/08/29 18:39] – loading rtap0 changes drio | ipw2200_generic [2007/10/28 22:52] – typo mister_x | ||
---|---|---|---|
Line 44: | Line 44: | ||
documents recommend to start [[http:// | documents recommend to start [[http:// | ||
There is another option: [[http:// | There is another option: [[http:// | ||
+ | |||
+ | |||
Line 82: | Line 84: | ||
tell the program to creat the rtap0 device for you: | tell the program to creat the rtap0 device for you: | ||
- | # | + | # airodump-ng -c X rtap0 |
We'll talk it in the next section. | We'll talk it in the next section. | ||
- | |||
- | |||
Ok, so we have verified that we have an ipw2200 card and that Linux can talk to it. | Ok, so we have verified that we have an ipw2200 card and that Linux can talk to it. | ||
Line 109: | Line 109: | ||
# ifconfig eth1 up hw ether 00: | # ifconfig eth1 up hw ether 00: | ||
+ | |||
Line 119: | Line 120: | ||
# iwconfig eth1 essid < | # iwconfig eth1 essid < | ||
- | Due to some limitations with the firmware we have to force a fakekey and set managed mode to ensure the airdump-ng tools work properly. | + | Due to some limitations with the firmware we have to force a fakekey and set managed mode to ensure the aircrack-ng tools work properly. |
ESSID is the name of the wireless network of our target AP. Channel is the wireless channel. | ESSID is the name of the wireless network of our target AP. Channel is the wireless channel. | ||
+ | |||
Line 129: | Line 131: | ||
In another window, we start collecting data: | In another window, we start collecting data: | ||
- | # airodump-ng --bssid <AP MAC> -w dump rtap0 | + | # airodump-ng |
Notice how we use rtap0 as a input interface. Also, all these commands we are going to be running generate output files. So it is a good idea | Notice how we use rtap0 as a input interface. Also, all these commands we are going to be running generate output files. So it is a good idea | ||
to create a new directory and to run all of them from there. | to create a new directory and to run all of them from there. | ||
+ | |||
+ | As we said before, if you are running the latest version of airodump-ng, | ||
+ | |||
Line 139: | Line 144: | ||
Now it is time to do some injection. In a new window we will launch the chopchop attack: | Now it is time to do some injection. In a new window we will launch the chopchop attack: | ||
- | # aireplay-ng -4 -a <AP MAC> -h 00: | + | # aireplay-ng -4 -a <AP MAC> -h 00: |
Note the modifier "-i rtap0." | Note the modifier "-i rtap0." | ||
Line 148: | Line 153: | ||
Make sure there are no errors reported after using aireplay. If the attack doesn' | Make sure there are no errors reported after using aireplay. If the attack doesn' | ||
vulnerable to the chopchop attack. I also received an error stating the checksum didn't match. I just re-ran aireplay and it was fine. | vulnerable to the chopchop attack. I also received an error stating the checksum didn't match. I just re-ran aireplay and it was fine. | ||
+ | |||
+ | If the attack fails, try to rerun the command again ommiting the "-h <AP MAC>" | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
Line 156: | Line 168: | ||
Now we will create an arp-request packet using the aquired keysteam file. The " | Now we will create an arp-request packet using the aquired keysteam file. The " | ||
- | They can be any valid IP. The destination | + | If you use valid destination |
- | in the same window we run the chopchop attack: | + | we run the chopchop attack: |
- | # packetforge-ng -0 -a <AP MAC> -h 00: | + | # packetforge-ng -0 -a <AP MAC> -h 00: |
Line 170: | Line 182: | ||
# aireplay-ng -2 -r arp-request eth1 | # aireplay-ng -2 -r arp-request eth1 | ||
+ | |||
Line 182: | Line 195: | ||
We have to wait now so airodump-ng gathers enough data (enough IVs) so we can run airocrack-ng. | We have to wait now so airodump-ng gathers enough data (enough IVs) so we can run airocrack-ng. | ||
How many packages we need so airocrack-ng cracks the wep key? It depends. The version of | How many packages we need so airocrack-ng cracks the wep key? It depends. The version of | ||
- | airocrack-ng that comes with backtrack2 is not the lastest one. There have been a lot of improvements in recent versions | + | airocrack-ng that comes with backtrack2 is not the lastest one so we need around 1.000.000 |
- | that have reduced | + | If we are using the latest version (0.9 and up) 100.000 |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
Line 195: | Line 203: | ||
In another window we launch: | In another window we launch: | ||
- | # aircrack-ng dump*.cap | + | # aircrack-ng |
Depending the number of packages you have gathered, this may take some minutes or you may get the key inmediately. | Depending the number of packages you have gathered, this may take some minutes or you may get the key inmediately. | ||
+ | The -z argument tells aircrack-nt to try a ptw attack also. If you version of aircrack-ng doesn' | ||
+ | ommit it. | ||
=== NOTE: === | === NOTE: === |
ipw2200_generic.txt · Last modified: 2009/09/26 14:27 by darkaudax