Firstly some Definations/Terms used:
Tools needed : aircrack-ng package (comes pre-installed in Backtrack but u can install it in your linux)
Some notes:
i) Ill be using BackTrack as my OS.
ii) wlan0 is the name of my wireless adapter interface ( Type iwconfig to know
the name of ur wireless adapter ) and mon0 is the name of my adapter
in monitor mode [will get to this later].
NOTE:
Part I
This will recognise your card and show its driver.
if nothing shows up, like the image shown below then either ur WLAN card is
not compaitable or it needs to be patched.
Firstly we will look for patches, u can go to
http://www.aircrack-ng.org/doku.php?id=install_drivers .
If there is no patch then ur card cant go into monitor mode.
You can buy a card from the list of comapitable cards that are supported
by aircrack.
Now if it recognises something like this will be shown (Note values may
vary from card to card).
(Note this image this has been taken of the internet just to show u , my
card has a different chipset and driver.)
after this check we put our card in monitor mode
# airmon-ng start wlan0
This will create an adapter interface in monitor mode.
[Note i have blacked out the chipset and driver, you will have will have
values that relate to ur card ]
(Note that monitor mode is enabled on mon0, you can do an iwconfig and see
a new interface by the name of mon0.)
Now to check if ur card supports packet injection :
# aireplay-ng -9 mon0
(if the injection is working u'll see "Injection is working" written in the
output.)
Part II
Once u set up ur card in monitor mode proceed with following part.
# airodump-ng mon0
- WEP - Wired equivalent privacy.
- WPA - Wi-Fi Protected Access. WPA is subset of the IEEE's 802.11i wireless security specification.To use WPA, all computers, access points, and wireless adapters must have WPA software. WPA computers will use WEP if a it doesnt support WPA.
- Access Point (AP) : basically these are the networks providing u internet access.
Tools needed : aircrack-ng package (comes pre-installed in Backtrack but u can install it in your linux)
Some notes:
i) Ill be using BackTrack as my OS.
ii) wlan0 is the name of my wireless adapter interface ( Type iwconfig to know
the name of ur wireless adapter ) and mon0 is the name of my adapter
in monitor mode [will get to this later].
NOTE:
- Information provided is only for educational purposes only and you will be responsible for whatever you do with it and i take no responsibility. ;)
- For all this to work your card must support packet injection. (Ill show u how to do this)
- Aircrack needs root privileges to run. So run it as root.
- Pictures are just to show u whether u are going in the right direction, they are taken from different sources.
Firstly, we will put our wireless card in monitor mode.
What is monitor/Promiscuous mode? Usually in normal mode ur card allows
traffic that is addressed to ur pc and rejects all other packets but in
monitor mode its accepts all the packets.
# airmon-ng traffic that is addressed to ur pc and rejects all other packets but in
monitor mode its accepts all the packets.
This will recognise your card and show its driver.
if nothing shows up, like the image shown below then either ur WLAN card is
not compaitable or it needs to be patched.
Firstly we will look for patches, u can go to
http://www.aircrack-ng.org/doku.php?id=install_drivers .
If there is no patch then ur card cant go into monitor mode.
You can buy a card from the list of comapitable cards that are supported
by aircrack.
Now if it recognises something like this will be shown (Note values may
vary from card to card).
card has a different chipset and driver.)
after this check we put our card in monitor mode
# airmon-ng start wlan0
This will create an adapter interface in monitor mode.
[Note i have blacked out the chipset and driver, you will have will have
values that relate to ur card ]
a new interface by the name of mon0.)
Now to check if ur card supports packet injection :
# aireplay-ng -9 mon0
(if the injection is working u'll see "Injection is working" written in the
output.)
Part II
Once u set up ur card in monitor mode proceed with following part.
# airodump-ng mon0
This will start the wifi card to gather info. regarding the access points
around . Let this run for a minute or two.
Outcome will be a table something like this:
Lets first understand wat information these fields provide u with.
PWR(power) - is signal strength
Beacon - represent signal quality more beacons means higher signal quality
BSSID - access point of the router
data - in the no. data frames recieved
CH (channel) : channel on which Access point is operating.
MB - is speed of access points
ESSID - name of network
ENC - is the encryption type
copy BSSID and CHANNEL of the Access point u want to crack password of.
[ Now we are going to target the wep connection we want to crack ]
(for eg. network named ourho has BSSID 00:18:39:7C:3F:D6 and CH (channel) as 6 )
around . Let this run for a minute or two.
Outcome will be a table something like this:
Lets first understand wat information these fields provide u with.
PWR(power) - is signal strength
Beacon - represent signal quality more beacons means higher signal quality
BSSID - access point of the router
data - in the no. data frames recieved
CH (channel) : channel on which Access point is operating.
MB - is speed of access points
ESSID - name of network
ENC - is the encryption type
copy BSSID and CHANNEL of the Access point u want to crack password of.
[ Now we are going to target the wep connection we want to crack ]
(for eg. network named ourho has BSSID 00:18:39:7C:3F:D6 and CH (channel) as 6 )
Now we will capture data frames so as to crack the wep key
# airodump-ng -w passwd -c [CHANNEL NO.] --bssid [BSSID] mon0
(eg. airodump-ng -w passwd -c 6 --bssid 00:18:39:7C:3F:D6 mon0 )
-w : specifies name of dump file in which data frames will be stored.
i named it passwd, u can name it anything.
Note Let the data frames reach a value greater than 20,000 for 64-bit
encryption, and 60-70,000 for 128-bit encryption.
NOW go have a DRINK, cool off , it will take some time :)
when u see that enough data packets are collected PRESS "ctrl c" to stop
the scan.
check the directory in which ur are and u'll see the files present, with
name passwd and different extensions. What we require is the name
of the file with .cap extension
# aircrack-ng -a 1 -b [BSSID] [filename of file with .cap extension]
eg. # aircrack-ng -a 1 -b 00:18:39:7C:3F:D6 passwd.cap
[ -a : sets the mode, for wep it is 1 ]
[ -b : bssid ]
key will be displayed as... eg. "Key found! [12:34:56:78:90]"
so the key is "1234567890" (ommit the colon)
wola! u have the passwd :)
(eg. airodump-ng -w passwd -c 6 --bssid 00:18:39:7C:3F:D6 mon0 )
-w : specifies name of dump file in which data frames will be stored.
i named it passwd, u can name it anything.
Note Let the data frames reach a value greater than 20,000 for 64-bit
encryption, and 60-70,000 for 128-bit encryption.
NOW go have a DRINK, cool off , it will take some time :)
when u see that enough data packets are collected PRESS "ctrl c" to stop
the scan.
check the directory in which ur are and u'll see the files present, with
name passwd and different extensions. What we require is the name
of the file with .cap extension
# aircrack-ng -a 1 -b [BSSID] [filename of file with .cap extension]
eg. # aircrack-ng -a 1 -b 00:18:39:7C:3F:D6 passwd.cap
[ -a : sets the mode, for wep it is 1 ]
[ -b : bssid ]
key will be displayed as... eg. "Key found! [12:34:56:78:90]"
so the key is "1234567890" (ommit the colon)
wola! u have the passwd :)
Comments
Post a Comment