Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Cracking By: Christopher Zacky.

Similar presentations

Presentation on theme: "Wireless Cracking By: Christopher Zacky."— Presentation transcript:

1 Wireless Cracking By: Christopher Zacky

2 aircrack-ng Suite airodump-ng
Capture packets airmon-ng Put your wireless card into monitor mode I just use iwconfig for this aireplay-ng Do fake authentications ARP replay requests De-authenticate other clients aircrack-ng To crack the key

3 WEP and WPA WEP key... relatively easy to crack
Don't use WEP, wtf is wrong with you ARP replay request WPA key... not as easy, but still possible especially if your password is lame You need to capture a handshake Can only be done with brute force, which is a dictionary-based attack

4 What do you need? aircrack-ng Wireless card It's free and open source
Some linux distributions come with it installed (like backtrack, or pentoo) Wireless card Needs to be able to go into monitor mode (sometimes Windows has a problem with that) Needs to be capable of wireless injection Just because you are close enough to receive wireless packets, does not mean you are close enough to send them

5 WEP Crack - Concepts id=simple_wep_crack Uses tens of thousands of initialization vectors (IVs) The process is sped up through injection aircrack-ng runs an algorithm on the captured IVs to crack the key

6 WEP Crack - Overview Find the essid, channel, and mac address of the access point using airodump-ng Put wireless card in monitor mode and begin listening on the correct channel Your will be recording packets into a file Do a fake authentication with the access point Put aireplay-ng ARP replay request mode Capture lots of packets I wait till I have 100,000 Run aircrack-ng and crack the key!

7 airodump-ng airodump-ng <device_name>
airodump-ng wlan0 Write down the essid, channel, and mac address Using screen helps a lot Also, use ifconfig and write down your wireless card's mac address... you'll need it later

8 Monitor Mode Some people use airmon-ng... I don't
I use iwconfig You need to be on the right channel before you start capturing packets Use airodump-ng to find the right channel Managed mode = regular mode Monitor mode = what we want to do WEP cracking iwconfig to change channel ifconfig to turn interface on/off

9 Enabling Monitor Mode on the Right Channel
ifconfig wlan0 down iwconfig wlan0 mode managed ifconfig wlan0 up iwconfig wlan0 channel 6 iwconfig wlan0 mode monitor

10 The commands airodump-ng -c <channel> --bssid <network_name> - w <file_name> <device_name> Start capturing packets aireplay-ng e <essid> -a <bssid> -h <my_mac_address> <device_name> Do a fake authentication aireplay-ng -3 -b <bssid> -h <my_mac_address> <device_name> Begin packet injection aircrack-ng <file_name> Crack the WEP key

11 WPA Crack - Overview Can only be done via brute force
You need to capture a handshake Wait for someone to connect Find someone who is connected and de-auth them Run the captured handshake against a dictionary You will only crack the key if it is in the dictionary you are using

12 WPA crack airodump-ng -c <channel> --bssid <network_name> - w <file_name> <device_name> Start capturing packets aireplay-ng a <bssid> -c <client_mac_address> <device_name> De-authenticate the client aircrack-ng -w <password_list> -b <bssid> <file_name> Crack the WPA key

Download ppt "Wireless Cracking By: Christopher Zacky."

Similar presentations

Ads by Google