Otras agarran paquetes rapidamente. Muchas gracias. Publicar un comentario. Adapter list MAC changer Aca puedes cambiar la MAC de tu tarjeta de red, por si quieres probar la seguridad de forma anonima, por decirlo asi : Monitor mode Aqui ponemos la tarjeta en modo monitor, seleccionamos las redes y captamos paquetes AP details and Airodump Aca miendian airodump captamos los paquetes de la red que hemos seleccionado como nuestro objetivo Authentication and packet replay injection.
Esta parte es para realizar ciertas tecnicas mas avanzadas como inyeccion de paquetes, falsa autentificacion, etc, la verdad yo no los utilizo.
If there ARP requests being broadcast from the wire side, then the standard fake authentication combined with ARP request replay technique may be used.
It is recommended that you experiment with your home wireless access point to get familiar with these ideas and techniques. If you do not own a particular access point, please remember to get permission from the owner prior to playing with it. Please send me any constructive feedback, positive or negative. Additional troubleshooting ideas and tips are especially welcome. Ensure all of the above assumptions are true, otherwise the advice that follows will not work.
You should gather the equivalent information for the network you will be working on. Then just change the values in the examples below to the specific network. This is because the madwifi-ng drivers are being used. For other drivers, use the actual interface name. In the response above, you can see that ath0 is in monitor mode, on the 2. So everything is good. It is important to confirm all this information prior to proceeding, otherwise the following steps will not work properly.
Note: If you are using a driver other than madwifi, then the Access Point field will be either invisible or show something other than your card's MAC address. This is normal. This will give you the frequency for each channel. In order for an access point to accept a packet, the source MAC address must already be associated. In this state, no new IVs are created because the AP is ignoring all the injected packets. Do not proceed to the next step until you have the fake authentication running correctly.
Meaning, the AP will not process or accept the injected packets. The objective of the chopchop and fragmentation attacks is to obtain a PRGA pseudo random generation algorithm file.
However, it can be used to create new packets for injection. The creation of new packets will be covered later in the tutorial. Either chopchop or fragmentation attacks can be to obtain the PRGA bit file. The result is the same so use whichever one works for you. The pros and cons of each attack are described on the aircrack-ng page.
You may need to try a few different packets from the AP to be successful. If the fragmentation attack was not successful, you can then try the chopchop technique next. In the previous step, we obtained PRGA.
It does not matter which attack generated the PRGA, both are equal. We can then use this PRGA to generate a packet for injection. We will be generating an arp packet for injection. The objective is to have the access point rebroadcast the injected arp packet. When it rebroadcasts it, a new IV is obtained. Since you are testing against your own AP you are, right?
These steps are not required, they just prove to yourself that you have generated the correct packet. The system responds by showing how many packets it is injecting and reminds you to start airodump-ng if it has not already been started:. You will notice that only one access point is being display since we included an airodump-ng filter to limit the capture to a single BSSID. This means injection is working well. Also notice the data rate of packets per second which is also an indicator that the injection is working well.
You can run this while generating packets. In a short time, the WEP key will be calculated and presented. As a reminder, the requirement is that you capture the full packet with airodump-ng. There is a neat trick which simplifies cracking WEP with no clients. Essentially it takes any packet broadcast by the access point and converts it to a broadcast packet such that the access point generates a new IV.
OK, at this point you are asking why didn't you show me this technique right at the start? The reason is that this technique rebroadcasts whatever size packet you receive. So if you receive a byte packet you then rebroadcast bytes. This potentially slows down the packets per second rate considerably.
However, on the good news side, it is simple and easy to use. You might also get lucky and receive a very small packet for rebroadcasting. In this case, the performance is comparable to the solution described above. Remember, the smaller the packet, the better.
You then start injecting:. If you have not already started airodump-ng, be sure to start it now. Another variation of this attack is to use packets from a previous capture.
You must have captured the full packets, not just the IVs. If this is not the case, then you need to change the process used. Since this is an advanced topic, I will provide the general guidelines and not the specific detail. User Tools Log In. Site Tools Search. Step 1 - Set the wireless card MAC address. Step 2 - Start the wireless interface in monitor mode on AP channel. Step 3 - Use aireplay-ng to do a fake authentication with the access point.
0コメント