ipw2200_generic
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
ipw2200_generic [2007/08/29 18:55] – drio | ipw2200_generic [2009/05/04 00:12] – Update links to forum mister_x | ||
---|---|---|---|
Line 8: | Line 8: | ||
- More detailed explaination about what we are doing on each step | - More detailed explaination about what we are doing on each step | ||
- upgrade airo tools from the livecd. | - upgrade airo tools from the livecd. | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
===== Introduction ===== | ===== Introduction ===== | ||
- | This document is based in this [[http://tinyshell.be/ | + | This document is based in this [[http://forum.aircrack-ng.org/ |
When I started using the aircrack-ng tools I did not have the | When I started using the aircrack-ng tools I did not have the | ||
Line 44: | Line 35: | ||
documents recommend to start [[http:// | documents recommend to start [[http:// | ||
There is another option: [[http:// | There is another option: [[http:// | ||
- | |||
- | |||
- | |||
- | |||
- | |||
===== Verify that our ipw2200 card is recognized by the OS (Linux) ===== | ===== Verify that our ipw2200 card is recognized by the OS (Linux) ===== | ||
Line 89: | Line 75: | ||
Ok, so we have verified that we have an ipw2200 card and that Linux can talk to it. | Ok, so we have verified that we have an ipw2200 card and that Linux can talk to it. | ||
- | |||
- | |||
===== List available networks ===== | ===== List available networks ===== | ||
Line 101: | Line 85: | ||
=== NOTE: === | === NOTE: === | ||
I am assuming that linux mapped your wireless card under eth1. Most likely you have an ethernet card under eth0. | I am assuming that linux mapped your wireless card under eth1. Most likely you have an ethernet card under eth0. | ||
- | |||
- | |||
===== Change the MAC address of our card ===== | ===== Change the MAC address of our card ===== | ||
Line 109: | Line 91: | ||
# ifconfig eth1 up hw ether 00: | # ifconfig eth1 up hw ether 00: | ||
- | |||
- | |||
- | |||
===== Configure the wireless parameters ===== | ===== Configure the wireless parameters ===== | ||
Line 119: | Line 98: | ||
# iwconfig eth1 essid < | # iwconfig eth1 essid < | ||
- | Due to some limitations with the firmware we have to force a fakekey and set managed mode to ensure the airdump-ng tools work properly. | + | Due to some limitations with the firmware we have to force a fakekey and set managed mode to ensure the aircrack-ng tools work properly. |
ESSID is the name of the wireless network of our target AP. Channel is the wireless channel. | ESSID is the name of the wireless network of our target AP. Channel is the wireless channel. | ||
- | |||
- | |||
- | |||
===== Collect data with airodump-ng ===== | ===== Collect data with airodump-ng ===== | ||
Line 136: | Line 112: | ||
As we said before, if you are running the latest version of airodump-ng, | As we said before, if you are running the latest version of airodump-ng, | ||
- | |||
- | |||
===== Launch the chopchop attack ===== | ===== Launch the chopchop attack ===== | ||
Line 154: | Line 128: | ||
If the attack fails, try to rerun the command again ommiting the "-h <AP MAC>" | If the attack fails, try to rerun the command again ommiting the "-h <AP MAC>" | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
===== Create the arp request packet ===== | ===== Create the arp request packet ===== | ||
Now we will create an arp-request packet using the aquired keysteam file. The " | Now we will create an arp-request packet using the aquired keysteam file. The " | ||
- | If you use valid destination IPs then you will be running an [[amplication_attack|amplification attack]]. This can be run in the same window | + | If you use valid destination IPs then you will be running an [[arp_amplification|amplification attack]]. This can be run in the same window |
we run the chopchop attack: | we run the chopchop attack: | ||
# packetforge-ng -0 -a <AP MAC> -h 00: | # packetforge-ng -0 -a <AP MAC> -h 00: | ||
- | |||
- | |||
- | |||
===== Send the arp request over and over ===== | ===== Send the arp request over and over ===== | ||
Line 178: | Line 143: | ||
# aireplay-ng -2 -r arp-request eth1 | # aireplay-ng -2 -r arp-request eth1 | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
===== Wait to gather enough IVs ===== | ===== Wait to gather enough IVs ===== | ||
- | We have to wait now so airodump-ng gathers enough data (enough IVs) so we can run airocrack-ng. | + | We have to wait now so airodump-ng gathers enough data (enough IVs) so we can run aircrack-ng. |
- | How many packages we need so airocrack-ng cracks the wep key? It depends. The version of | + | How many packages we need so aircrack-ng cracks the wep key? It depends. The version of |
- | airocrack-ng that comes with backtrack2 is not the lastest | + | aircrack-ng that comes with backtrack2 is not the latest |
- | that have reduced the number | + | If we are using the latest version |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
===== Crack the wep key using aircrack-ng ===== | ===== Crack the wep key using aircrack-ng ===== | ||
Line 203: | Line 155: | ||
In another window we launch: | In another window we launch: | ||
- | # aircrack-ng dump*.cap | + | # aircrack-ng |
- | Depending the number of packages you have gathered, this may take some minutes or you may get the key inmediately. | + | Depending the number of packages you have gathered, this may take some minutes or you may get the key immediately. |
+ | The -z argument tells aircrack-ng to also try the PTW attack. If you version of aircrack-ng doesn' | ||
+ | omit it. | ||
=== NOTE: === | === NOTE: === | ||
Line 212: | Line 166: | ||
wait for more data to be gathered. | wait for more data to be gathered. | ||
- | |||
- |
ipw2200_generic.txt · Last modified: 2009/09/26 14:27 by darkaudax