User Tools

Site Tools


newbie_guide

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Last revisionBoth sides next revision
newbie_guide [2018/11/21 23:27] – [Sniffing IVs] Update interface name mister_xnewbie_guide [2018/11/21 23:29] – [The aggressive way] Update interface name + small updates mister_x
Line 151: Line 151:
 Try to connect to your AP using [[aireplay-ng]]: Try to connect to your AP using [[aireplay-ng]]:
  
-  aireplay-ng --fakeauth 0 -e "your network ESSID" -a 00:01:02:03:04:05 rausb0+  aireplay-ng --fakeauth 0 -e "your network ESSID" -a 00:01:02:03:04:05 wlan0mon
  
 The value after -a is the BSSID of your AP. The value after -a is the BSSID of your AP.
Line 185: Line 185:
 Wait for a client to show up on the target network. Then start the attack: Wait for a client to show up on the target network. Then start the attack:
  
-  aireplay-ng --arpreplay -b 00:01:02:03:04:05 -h 00:04:05:06:07:08 rausb0+  aireplay-ng --arpreplay -b 00:01:02:03:04:05 -h 00:04:05:06:07:08 wlan0mon
  
 -b specifies the target BSSID, -h the MAC of the connected client. -b specifies the target BSSID, -h the MAC of the connected client.
Line 200: Line 200:
 the -r <filename> option. the -r <filename> option.
  
-When using the arp injection technique, you can use the PTW method to crack the WEP key.  This dramatically reduces the number of data packets you need and also the time needed.  You must capture the full packet in airodump-ng, meaning do not use the "-''''-ivs" option when starting it.  For [[aircrack-ng]], use "aircrack -z <file name>". (PTW is the default attack in 1.0-rc1.)+When using the ARP injection technique, you can use the PTW method to crack the WEP key.  This dramatically reduces the number of data packets you need and also the time needed.  You must capture the full packet in airodump-ng, meaning do not use the "-''''-ivs" option when starting it.  For [[aircrack-ng]], use "aircrack -z <file name>". (PTW is the default attack)
  
 If the number of data packets received by airodump-ng sometimes stops increasing you maybe have to reduce the replay-rate. You do this with the -x <packets per second> option. I usually start out with 50 and reduce until packets are received continuously again. Better positioning of your antenna usually also helps. If the number of data packets received by airodump-ng sometimes stops increasing you maybe have to reduce the replay-rate. You do this with the -x <packets per second> option. I usually start out with 50 and reduce until packets are received continuously again. Better positioning of your antenna usually also helps.
Line 210: Line 210:
 Keep your airodump-ng and aireplay-ng running. Open another window and run a [[deauthentication]] attack: Keep your airodump-ng and aireplay-ng running. Open another window and run a [[deauthentication]] attack:
  
-  aireplay-ng --deauth 5 -a 00:01:02:03:04:05 -c 00:04:05:06:07:08 rausb0+  aireplay-ng --deauth 5 -a 00:01:02:03:04:05 -c 00:04:05:06:07:08 wlan0mon
  
 -a is the BSSID of the AP, -c the MAC of the targeted client. -a is the BSSID of the AP, -c the MAC of the targeted client.
  
-Wait a few seconds and your arp replay should start running.+Wait a few seconds and your ARP replay should start running.
  
-Most clients try to reconnect automatically. But the risk that someone recognizes this attack or at least attention is drawn to the stuff happening on the WLAN is higher +Most clients try to reconnect automatically. But the risk that someone recognizes this attack or at least attention is drawn to the stuff happening on the WLAN is higher than with other attacks.
-than with other attacks.+
  
  
newbie_guide.txt · Last modified: 2018/11/21 23:31 by mister_x