simple_wep_crack
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
simple_wep_crack [2008/06/10 00:08] – rc1 mister_x | simple_wep_crack [2008/12/28 15:39] – Added additional step for injection testing darkaudax | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Tutorial: Simple WEP Crack ====== | ====== Tutorial: Simple WEP Crack ====== | ||
- | Version: 1.08 May 9, 2008\\ | + | Version: 1.09 December 28, 2008\\ |
By: darkAudax | By: darkAudax | ||
Line 47: | Line 47: | ||
- Start the wireless interface in monitor mode on the specific AP channel | - Start the wireless interface in monitor mode on the specific AP channel | ||
+ | - Test the injection capability of the wireless device to the AP | ||
- Use aireplay-ng to do a fake authentication with the access point | - Use aireplay-ng to do a fake authentication with the access point | ||
- Start airodump-ng on AP channel with a bssid filter to collect the new unique IVs | - Start airodump-ng on AP channel with a bssid filter to collect the new unique IVs | ||
Line 81: | Line 82: | ||
| | ||
- | Note: In this command we use " | + | Substitute the channel number that your AP runs on for " |
+ | |||
+ | Note: In this command we use " | ||
The system will respond: | The system will respond: | ||
Line 117: | Line 120: | ||
http:// | http:// | ||
- | ==== Step 2 - Start airodump-ng to capture the IVs ==== | + | |
+ | ==== Step 2 - Test Wireless Device Packet Injection ==== | ||
+ | |||
+ | The purpose of this step ensures that your card is within distance of your AP and can inject packets to it. | ||
+ | |||
+ | Enter: | ||
+ | |||
+ | | ||
+ | |||
+ | Where: | ||
+ | *-9 means injectin test | ||
+ | *-e teddy is the wireless network name | ||
+ | *-a 00: | ||
+ | *ath0 is the wireless interface name | ||
+ | |||
+ | The system should respond with: | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | The last line is important. | ||
+ | |||
+ | See the [[injection_test|injection test]] for more details. | ||
+ | |||
+ | |||
+ | ==== Step 3 - Start airodump-ng to capture the IVs ==== | ||
The purpose of this step is to capture the IVs generated. | The purpose of this step is to capture the IVs generated. | ||
Line 144: | Line 179: | ||
- | ==== Step 3 - Use aireplay-ng to do a fake authentication with the access point ==== | + | ==== Step 4 - Use aireplay-ng to do a fake authentication with the access point ==== |
In order for an access point to accept a packet, the source MAC address must already be associated. | In order for an access point to accept a packet, the source MAC address must already be associated. | ||
Line 173: | Line 208: | ||
Where: | Where: | ||
- | * 6000 - Reauthenticate | + | * 6000 - Reauthenticate |
* -o 1 - Send only one set of packets at a time. Default is multiple and this confuses some APs. | * -o 1 - Send only one set of packets at a time. Default is multiple and this confuses some APs. | ||
* -q 10 - Send keep alive packets every 10 seconds. | * -q 10 - Send keep alive packets every 10 seconds. | ||
Line 221: | Line 256: | ||
If you want to select only the DeAuth packets with tcpdump then you can use: " | If you want to select only the DeAuth packets with tcpdump then you can use: " | ||
- | ==== Step 4 - Start aireplay-ng in ARP request replay mode ==== | + | ==== Step 5 - Start aireplay-ng in ARP request replay mode ==== |
The purpose of this step is to start aireplay-ng in a mode which listens for ARP requests then reinjects them back into the network. | The purpose of this step is to start aireplay-ng in a mode which listens for ARP requests then reinjects them back into the network. | ||
Line 244: | Line 279: | ||
* If you receive a message similar to "Got a deauth/ | * If you receive a message similar to "Got a deauth/ | ||
- | ==== Step 5 - Run aircrack-ng to obtain the WEP key ==== | + | ==== Step 6 - Run aircrack-ng to obtain the WEP key ==== |
The purpose of this step is to obtain the WEP key from the IVs gathered in the previous steps. | The purpose of this step is to obtain the WEP key from the IVs gathered in the previous steps. |
simple_wep_crack.txt · Last modified: 2018/03/11 20:13 by mister_x