wds
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
wds [2008/02/09 16:34] – corrected a formating problem darkaudax | wds [2018/03/11 19:08] (current) – Removed links to trac mister_x | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Tutorial: | ====== Tutorial: | ||
- | Version: 1.02 February 9, 2008 \\ | + | Version: 1.02.1 February 9, 2008 \\ |
By: darkAudax \\ | By: darkAudax \\ | ||
\\ | \\ | ||
Line 24: | Line 24: | ||
It is recommended that you experiment with your home wireless access point to get familiar with these ideas and techniques. If you do not own a particular access point, please remember to get permission from the owner prior to playing with it. | It is recommended that you experiment with your home wireless access point to get familiar with these ideas and techniques. If you do not own a particular access point, please remember to get permission from the owner prior to playing with it. | ||
- | I would like to acknowledge and thank the [[http:// | + | Please send any constructive feedback, positive or negative. Additional troubleshooting ideas and tips are especially welcome. |
- | + | ||
- | Please send me any constructive feedback, positive or negative. Additional troubleshooting ideas and tips are especially welcome. | + | |
===== Solution ===== | ===== Solution ===== | ||
Line 35: | Line 33: | ||
* You have Wireshark installed and working. | * You have Wireshark installed and working. | ||
* You are using the latest aircrack-ng 1.0dev version or above. | * You are using the latest aircrack-ng 1.0dev version or above. | ||
- | |||
- | In the examples, the option " | ||
- | |||
====Equipment used==== | ====Equipment used==== | ||
Line 111: | Line 106: | ||
* The WDS sends out probe packets for the specific AP as well as " | * The WDS sends out probe packets for the specific AP as well as " | ||
* The client line above only reflects the probes and probe responses. | * The client line above only reflects the probes and probe responses. | ||
- | |||
- | |||
==== Attacks which work ==== | ==== Attacks which work ==== | ||
Line 119: | Line 112: | ||
Although fake authentication does work, each BSSID can be used as an authenticated MAC on the other unit. So fake authentication is not required. | Although fake authentication does work, each BSSID can be used as an authenticated MAC on the other unit. So fake authentication is not required. | ||
+ | airtun-ng can inject plaintext and WEP packets into a WDS link. That's even possible when airtun-ng only sees one of the two WDS nodes! (Note that in this case only clients behind this node are reachable) | ||
==== Attacks which do not work ==== | ==== Attacks which do not work ==== | ||
Line 131: | Line 125: | ||
==== Enhancements required ==== | ==== Enhancements required ==== | ||
- | This is list of software changes required to support WDS attacks. Once aircrack-ng version 1 is released, this section will become a trac ticket. | + | This is list of software changes required to support WDS attacks: |
* aircrack-ng: | * aircrack-ng: | ||
Line 139: | Line 133: | ||
* All tools: Ability to specify all four address fields on the command line | * All tools: Ability to specify all four address fields on the command line | ||
* aireplay-ng: | * aireplay-ng: | ||
- | * aireplay-ng: | + | * aireplay-ng: |
Line 173: | Line 167: | ||
The existing aircrack-ng tools can capture this and break the WEP key. | The existing aircrack-ng tools can capture this and break the WEP key. | ||
- |
wds.1202571269.txt.gz · Last modified: 2008/02/09 16:34 by darkaudax