User Tools

Site Tools


shared_key

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
shared_key [2008/02/03 19:40] – Corrected SKA reference error and screenshot. darkaudaxshared_key [2018/03/11 20:19] (current) – Removed link to trac mister_x
Line 1: Line 1:
 ====== Tutorial: How to do shared key fake authentication ? ====== ====== Tutorial: How to do shared key fake authentication ? ======
-Version: 1.07 February 3, 2008\\+Version: 1.08 November 7, 2008\\
 By: darkAudax By: darkAudax
  
 File linked to this tutorial: [[http://download.aircrack-ng.org/wiki-files/other/wep.shared.key.authentication.cap|wep.shared.key.authentication.cap]] File linked to this tutorial: [[http://download.aircrack-ng.org/wiki-files/other/wep.shared.key.authentication.cap|wep.shared.key.authentication.cap]]
- 
- 
  
 ===== Introduction ===== ===== Introduction =====
Line 19: Line 17:
 It is recommended that you experiment with your home wireless access point to get familiar with these ideas and techniques. If you do not own a particular access point, please remember to get permission from the owner prior to playing with it. It is recommended that you experiment with your home wireless access point to get familiar with these ideas and techniques. If you do not own a particular access point, please remember to get permission from the owner prior to playing with it.
  
-I would like to acknowledge and thank the [[http://trac.aircrack-ng.org/wiki/Team|Aircrack-ng team]] for producing such a great robust tool. +I would like to acknowledge and thank the Aircrack-ng team for producing such a great robust tool. 
  
 Please send me any constructive feedback, positive or negative. Additional troubleshooting ideas and tips are especially welcome. Please send me any constructive feedback, positive or negative. Additional troubleshooting ideas and tips are especially welcome.
Line 32: Line 30:
  
 Ensure all of the above assumptions are true, otherwise the advice that follows will not work.  In the examples below, you will need to change "ath0" to the interface name which is specific to your wireless card. Ensure all of the above assumptions are true, otherwise the advice that follows will not work.  In the examples below, you will need to change "ath0" to the interface name which is specific to your wireless card.
- 
-In the examples, the option "double dash bssid" is shown as "- -bssid" Remember to remove the space between the two dashes when using it in real life. 
  
 ===== Equipment used ===== ===== Equipment used =====
Line 62: Line 58:
 ==== Solution Overview ==== ==== Solution Overview ====
  
-In order to do a shared key fake authentication, you need to have a PRGA (pseudo random genration algorithm) xor file to feed into it.  We will look at the detailed steps to obtain this in a typical scenario.  Then use the PRGA xor file to do a fake authentication.+In order to do a shared key fake authentication, you need to have a PRGA (pseudo random generation algorithm) xor file to feed into it.  We will look at the detailed steps to obtain this in a typical scenario.  Then use the PRGA xor file to do a fake authentication.
  
 Here are the basic steps we will be going through: Here are the basic steps we will be going through:
Line 111: Line 107:
 In the response above, you can see that ath0 is in monitor mode, on the 2.452GHz frequency which is channel 9 and the Access Point shows the MAC address of your wireless card.  Only the madwifi-ng drivers show the MAC address of the card in the AP field, other drivers do no.  So everything is good.   It is important to confirm all this information prior to proceeding, otherwise the following steps will not work properly. In the response above, you can see that ath0 is in monitor mode, on the 2.452GHz frequency which is channel 9 and the Access Point shows the MAC address of your wireless card.  Only the madwifi-ng drivers show the MAC address of the card in the AP field, other drivers do no.  So everything is good.   It is important to confirm all this information prior to proceeding, otherwise the following steps will not work properly.
  
-To match the frequency to the channel, check out: +To match the frequency to the channel, check out: http://www.cisco.com/en/US/docs/wireless/technology/channel/deployment/guide/Channel.html#wp134132 .  This will give you the frequency for each channel.
-http://www.rflinx.com/help/calculations/#2.4ghz_wifi_channels then select the "Wifi Channel Selection and Channel Overlap" tab.  This will give you the frequency for each channel.+
  
 === Troubleshooting Tips === === Troubleshooting Tips ===
Line 127: Line 122:
 Where: Where:
   *-c 9 is the channel for the wireless network   *-c 9 is the channel for the wireless network
-  *- -bssid 00:14:6C:7E:40:80 is the access point MAC address.  This eliminate extraneous traffic.+  *-''''-bssid 00:14:6C:7E:40:80 is the access point MAC address.  This eliminate extraneous traffic.
   *-w sharedkey is file name prefix for the file which will contain the PRGA xor data.   *-w sharedkey is file name prefix for the file which will contain the PRGA xor data.
   *ath0 is the interface name.   *ath0 is the interface name.
Line 143: Line 138:
     00:14:6C:7E:40:80  00:0F:B5:34:30:30   61            7            00:14:6C:7E:40:80  00:0F:B5:34:30:30   61            7       
  
-Once "PSK" appears on the airodump-ng screen, do  file listing and it will look something like:+Once "SKA" appears on the airodump-ng screen like in example above, do  file listing and it will look something like:
  
    sharedkey-01-00-14-6C-7E-40-80.xor  sharedkey-01.cap  sharedkey-01.txt    sharedkey-01-00-14-6C-7E-40-80.xor  sharedkey-01.cap  sharedkey-01.txt
Line 165: Line 160:
 Where: Where:
   * -0 means deauthentication   * -0 means deauthentication
-  * 1 is the number of deauths to send (you can send muliple if you wish)+  * 1 is the number of deauths to send (you can send multiple if you wish)
   * -a 00:14:6C:7E:40:80 is the MAC address of the access point   * -a 00:14:6C:7E:40:80 is the MAC address of the access point
   * -c 00:0F:B5:34:30:30 is the MAC address of the client you are deauthing   * -c 00:0F:B5:34:30:30 is the MAC address of the client you are deauthing
Line 174: Line 169:
    11:09:28  Sending DeAuth to station   -- STMAC: [00:0F:B5:34:30:30]    11:09:28  Sending DeAuth to station   -- STMAC: [00:0F:B5:34:30:30]
  
-Prior to executing the command above, open another console and start airodump-ng in the same way as you did earlier "airodump-ng -c 9 - -bssid 00:14:6C:7E:40:80 -w sharedkey ath0".+Prior to executing the command above, open another console and start airodump-ng in the same way as you did earlier "airodump-ng -c 9 -''''-bssid 00:14:6C:7E:40:80 -w sharedkey ath0".
  
 Once you run the deauthentication command, see if airodump-ng has output the PRGA xor file.  If not, try another deauthentication or against another client. Once you run the deauthentication command, see if airodump-ng has output the PRGA xor file.  If not, try another deauthentication or against another client.
shared_key.1202064027.txt.gz · Last modified: 2008/02/03 19:40 by darkaudax