WEP and WPA cracking

stratus février 17, 2009 Leave a Comment

3. Capture Data (airodump-ng)

To capture data into a file, we use the airodump-ng tool again, with some additional switches to target a specific AP and channel. Most importantly, you should restrict monitoring to a single channel to speed up data collection, otherwise the wireless card has to alternate between all channels. Assuming our wireless card is mon0, and we want to capture packets on channel 6 into a text file called data:

airodump-ng -c6 bssid 00:0F:CC:7D:5A:74 -w data mon0 (-c6 switch would capture data on channel 6, bssid 00:0F:CC:7D:5A:74 is the MAC address of our target access point, -w data specifies that we want to save captured packets into a file called “data” in the current directory, mon0 is our wireless network adapter)

Running airodump-ng on a single channel targeting a specific access point

Notes:
You typically need between 20,000 and 40,000 data packets to successfully recover a WEP key.
One can also use the “–ivs” switch with the airodump-ng command to capture only IVs, instead of whole packets, reducing the required disk space. However, this switch can only be used if targeting a WEP network, and renders some types of attacks useless.

4. Increase Traffic (aireplay-ng) – optional step for WEP cracking

An active network can usually be penetrated within a few minutes. However, slow networks can take hours, even days to collect enough data for recovering the WEP key.

This optional step allows a compatible network interface to inject/generate packets to increase traffic on the wireless network, therefore greatly reducing the time required for capturing data. The aireplay-ng command should be executed in a separate terminal window, concurrent to airodump-ng. It requires a compatible network card and driver that allows for injection mode.

Assuming your network card is capable of injecting packets, in a separate terminal window try:

aireplay-ng -3 -b 00:0F:CC:7D:5A:74 -h 00:14:A5:2F:A7:DE -x 50 wlan0
-3 –> this specifies the type of attack, in our case ARP-request replay
-b ….. –> MAC address of access point
-h ….. –> MAC address of associated client from airodump
-x 50 –> limit to sending 50 packets per second
wlan0 –> our wireless network interface

aireplay-ng allows for injecting packets to greatly reduce the time required to recover a WEP key

Notes:
To test whether your nic is able to inject packets, you may want to try: aireplay-ng -9 wlan0. You may also want to read the information available -here-.
To see all available replay attacks, type just: aireplay-ng

Pages: 1 2 3 4

Tagged Linux, Network, Wireless

Author: stratus

Navigation de l’article

← Encore plein de Tuxxxerie ce jour-ci
Eeepc Video Mode →

Laisser un commentaire Annuler la réponse
Vous devez être connecté pour publier un commentaire.

Menu

Connexion

Flux RSS des articles

RSS des commentaires

Site de WordPress-FR

Website Categories
  Apache (2)

  Apple (1)

  backup (4)

  Desktop (4)

  Dev (26)

  Arduino (4)

  PHP (1)

  écologie (2)

  EeePC (8)

  Electronique (6)

  Exploitation (21)

  freebsd (4)

  GNOME (3)

  Keyboard (2)

  Linux (50)

  MediaCenter (2)

  Network (7)

  NX (2)

  Perso (9)

  Humour (2)

  PhotoVoltaïque (2)

  Uncategorized (4)

  WordPress (4)

  Xorg (5)

Tags
Linux Vi console versionning Vim Arduino editeur Network Virtualisation freebsd Xorg EeePC Harddisk blog WordPress VESA regex sed freenas jails SVN X11 windows manager Apache backuppc SATA GPL FileSystem DevOps Keyboard youtube WebDav Video SSD compiz gallery unionfs PHP UTF-8 Encoding geometry NX Wireless bootparm KDE iptables firewall grub firefox Aquarium Discus Performance Memory kernel awk System grep balnéo AIX debian geom Lithium battery gitlab snapshot zfs postfix Serial ERDF transistor NPN Relais optocoupleur sonde eau détente aviation Vdm blagues compression transport dirigeable CVS Bacula sauvegarde reiserfs diff voiture Xbox Java Privacy Password Keepass Syslog Log4j Xbmc hdparm Power Management APM ACPI
Show More Show Less
mai 2024

L M M J V S D

« Mar

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30 31

Archives
2024 (1)

mars (1)

2021 (2)

juillet (1)

janvier (1)

2020 (1)

décembre (1)

2018 (1)

mars (1)

2017 (3)

juin (2)

avril (1)

2015 (7)

novembre (1)

janvier (6)

2014 (2)

mars (1)

février (1)

2013 (1)

mars (1)

2011 (20)

décembre (1)

octobre (1)

septembre (2)

juillet (1)

juin (3)

mai (1)

avril (1)

mars (3)

février (3)

janvier (4)

2010 (26)

décembre (1)

novembre (2)

octobre (5)

septembre (2)

août (1)

juin (3)

mai (2)

avril (2)

mars (5)

février (1)

janvier (2)

2009 (22)

octobre (2)

août (2)

avril (2)

mars (4)

février (5)

janvier (7)