Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Cracking By: Christopher Zacky. aircrack-ng Suite airodump-ng  Capture packets airmon-ng  Put your wireless card.

Similar presentations


Presentation on theme: "Wireless Cracking By: Christopher Zacky. aircrack-ng Suite airodump-ng  Capture packets airmon-ng  Put your wireless card."— Presentation transcript:

1 Wireless Cracking By: Christopher Zacky

2 aircrack-ng Suite airodump-ng  Capture packets airmon-ng  Put your wireless card into monitor mode  I just use iwconfig for this aireplay-ng  Do fake authentications  ARP replay requests  De-authenticate other clients aircrack-ng  To crack the key

3 WEP and WPA WEP key... relatively easy to crack  Don't use WEP, wtf is wrong with you  ARP replay request WPA key... not as easy, but still possible especially if your password is lame  You need to capture a handshake  Can only be done with brute force, which is a dictionary-based attack

4 What do you need? aircrack-ng  It's free and open source  Some linux distributions come with it installed (like backtrack, or pentoo) Wireless card  Needs to be able to go into monitor mode (sometimes Windows has a problem with that)  Needs to be capable of wireless injection  Just because you are close enough to receive wireless packets, does not mean you are close enough to send them

5 WEP Crack - Concepts id=simple_wep_crack Uses tens of thousands of initialization vectors (IVs) The process is sped up through injection aircrack-ng runs an algorithm on the captured IVs to crack the key

6 WEP Crack - Overview Find the essid, channel, and mac address of the access point using airodump-ng Put wireless card in monitor mode and begin listening on the correct channel  Your will be recording packets into a file Do a fake authentication with the access point Put aireplay-ng ARP replay request mode Capture lots of packets  I wait till I have 100,000 Run aircrack-ng and crack the key!

7 airodump-ng  airodump-ng wlan0 Write down the essid, channel, and mac address Using screen helps a lot Also, use ifconfig and write down your wireless card's mac address... you'll need it later

8 Monitor Mode Some people use airmon-ng... I don't  I use iwconfig You need to be on the right channel before you start capturing packets  Use airodump-ng to find the right channel Managed mode = regular mode Monitor mode = what we want to do WEP cracking iwconfig to change channel ifconfig to turn interface on/off

9 Enabling Monitor Mode on the Right Channel ifconfig wlan0 down iwconfig wlan0 mode managed ifconfig wlan0 up iwconfig wlan0 channel 6 ifconfig wlan0 down iwconfig wlan0 mode monitor ifconfig wlan0 up

10 The commands airodump-ng -c --bssid - w  Start capturing packets aireplay-ng e -a -h  Do a fake authentication aireplay-ng -3 -b -h  Begin packet injection aircrack-ng  Crack the WEP key

11 WPA Crack - Overview Can only be done via brute force You need to capture a handshake  Wait for someone to connect  Find someone who is connected and de-auth them Run the captured handshake against a dictionary You will only crack the key if it is in the dictionary you are using

12 WPA crack airodump-ng -c --bssid - w  Start capturing packets aireplay-ng a -c  De-authenticate the client aircrack-ng -w -b  Crack the WPA key


Download ppt "Wireless Cracking By: Christopher Zacky. aircrack-ng Suite airodump-ng  Capture packets airmon-ng  Put your wireless card."

Similar presentations


Ads by Google