ipw2200_generic
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
ipw2200_generic [2007/08/29 18:55] – drio | ipw2200_generic [2008/05/09 23:55] – Even more spelling / "englishment" work. netrolller3d | ||
---|---|---|---|
Line 109: | Line 109: | ||
# ifconfig eth1 up hw ether 00: | # ifconfig eth1 up hw ether 00: | ||
+ | |||
Line 119: | Line 120: | ||
# iwconfig eth1 essid < | # iwconfig eth1 essid < | ||
- | Due to some limitations with the firmware we have to force a fakekey and set managed mode to ensure the airdump-ng tools work properly. | + | Due to some limitations with the firmware we have to force a fakekey and set managed mode to ensure the aircrack-ng tools work properly. |
ESSID is the name of the wireless network of our target AP. Channel is the wireless channel. | ESSID is the name of the wireless network of our target AP. Channel is the wireless channel. | ||
Line 154: | Line 155: | ||
If the attack fails, try to rerun the command again ommiting the "-h <AP MAC>" | If the attack fails, try to rerun the command again ommiting the "-h <AP MAC>" | ||
+ | |||
+ | |||
Line 165: | Line 168: | ||
Now we will create an arp-request packet using the aquired keysteam file. The " | Now we will create an arp-request packet using the aquired keysteam file. The " | ||
- | If you use valid destination IPs then you will be running an [[arp_amplication|amplification attack]]. This can be run in the same window | + | If you use valid destination IPs then you will be running an [[arp_amplification|amplification attack]]. This can be run in the same window |
we run the chopchop attack: | we run the chopchop attack: | ||
Line 186: | Line 189: | ||
- | |||
- | ===== Wait to gather enough IVs ===== | ||
- | |||
- | We have to wait now so airodump-ng gathers enough data (enough IVs) so we can run airocrack-ng. | ||
- | How many packages we need so airocrack-ng cracks the wep key? It depends. The version of | ||
- | airocrack-ng that comes with backtrack2 is not the lastest one. There have been a lot of improvements in recent versions | ||
- | that have reduced the number of IVs needed. In my experience, I have found 300k (data output) is more than enough. | ||
+ | ===== Wait to gather enough IVs ===== | ||
+ | We have to wait now so airodump-ng gathers enough data (enough IVs) so we can run aircrack-ng. | ||
+ | How many packages we need so aircrack-ng cracks the wep key? It depends. The version of | ||
+ | aircrack-ng that comes with backtrack2 is not the latest one so we need around 1.000.000 of IVs. | ||
+ | If we are using the latest version (0.9 and up) 100.000 is enough. | ||
Line 204: | Line 205: | ||
In another window we launch: | In another window we launch: | ||
- | # aircrack-ng dump*.cap | + | # aircrack-ng |
- | Depending the number of packages you have gathered, this may take some minutes or you may get the key inmediately. | + | Depending the number of packages you have gathered, this may take some minutes or you may get the key immediately. |
+ | The -z argument tells aircrack-ng to also try the PTW attack. If you version of aircrack-ng doesn' | ||
+ | omit it. | ||
=== NOTE: === | === NOTE: === |
ipw2200_generic.txt · Last modified: 2009/09/26 14:27 by darkaudax