flowchart
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
flowchart [2007/08/19 16:59] – matts | flowchart [2009/08/14 19:11] – use dokuwiki internal links mister_x | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | =====Simple Wep Cracking with a flowchart===== | + | ======Simple Wep Cracking with a flowchart====== |
- | ==== Foreword ==== | + | Last update: May 9, 2008 \\ |
- | Aircrack is very simple to use once you know the concept. | + | Author: matts |
- | Read the flowchart, read the wiki entries for the different tools I've listed, | + | =====Foreword===== |
+ | Aircrack is very simple to use once you know the concept. | ||
- | ==Flow Chart== | + | Basically: |
+ | |||
+ | =====Flow Chart===== | ||
{{http:// | {{http:// | ||
- | ==Links to the different tools needed for simple cracking== | + | =====Links to the different tools needed for simple cracking===== |
* [[aircrack-ng]] | * [[aircrack-ng]] | ||
* [[aireplay-ng]] | * [[aireplay-ng]] | ||
Line 15: | Line 18: | ||
* [[packetforge-ng]] | * [[packetforge-ng]] | ||
- | ==Section 1: Singling out the AP you are cracking.== | + | =====The following sections correspond to the flow chart' |
+ | Read the flowchart to understand where the section is in the flowchart so you get a better understanding on the flow. The section numbers do not correlate to the procedure for cracking. | ||
+ | |||
+ | |||
+ | =====Section 1: Singling out the AP you are cracking.===== | ||
Running airodump-ng with no parameters will show you every AP in your area. You will want to use a few parameters to single out the AP you are trying to crack, so you only collect the information you need. | Running airodump-ng with no parameters will show you every AP in your area. You will want to use a few parameters to single out the AP you are trying to crack, so you only collect the information you need. | ||
+ | |||
aircrack-ng -c 6 --bssid 11: | aircrack-ng -c 6 --bssid 11: | ||
^-c 6|Sets channel to 6, change the number to whatever channel your AP is on. Very important, so you are not chan hopping.| | ^-c 6|Sets channel to 6, change the number to whatever channel your AP is on. Very important, so you are not chan hopping.| | ||
- | ^--bssid 11: | + | ^-'''' |
^-w output|Sets the output file, this will start outputting data to output-## | ^-w output|Sets the output file, this will start outputting data to output-## | ||
- | ==Section 2: Ensure your drivers are patched and compatible== | + | |
+ | =====Section 2: Ensure your drivers are patched and compatible===== | ||
See the following URL's for compatibility information: | See the following URL's for compatibility information: | ||
- | ^Cards|http:// | + | ^Cards|[[compatible_cards]]| |
- | ^Drivers|http:// | + | ^Drivers|[[compatibility_drivers]]| |
+ | ^Patching|[[install_drivers]]| | ||
- | ==Section 3: | + | =====Section 3: |
- | If you can not associate to your AP, you need to turn off WPA filtering, or make sure you have turned off mac filtering. | + | If you can not associate to your AP, you need to turn off WPA/WPA2 encryption, or make sure you have turned off MAC filtering. |
- | ==Section 4: Clients are connected, run deauth and arpinteractive attacks== | + | =====Section 4: Clients are connected, run deauth and arpinteractive attacks===== |
Since clients are connected, you will first want to run the arp interactive (-3) attack, and leave it running so it can listen for the ARP packet which will be generated when you deauth the client who is connected. | Since clients are connected, you will first want to run the arp interactive (-3) attack, and leave it running so it can listen for the ARP packet which will be generated when you deauth the client who is connected. | ||
- | ==Section 5: Is the AP sending out ANY data?== | + | =====Section 5: Is the AP sending out ANY data?===== |
- | In order to crack anything, the AP has to send out atleast | + | In order to crack anything, the AP has to send out at least 1 packet. |
- | ==Section 6: Generate an XOR file (chopcop or fragmentation attack)== | ||
- | The point of cracking is to generate data. You can generate data in Section 4, but sometimes there are no clients connected to wifi, but the AP is still sending out data. In this case, you will want to capture the data that the AP is sending out, and use it to determine a valid XOR keystream (basically a file which allows you to create a packet with out knowing the key). The two attacks for this are " | ||
- | ==Section 7: Frag / Chop-chop failed== | ||
- | For fragmetnation: | ||
- | For the Chop-Chop attack, you really need to have a good connection to the AP, you have to be close. | + | =====Section 6: Generate an XOR file (chopcop or fragmentation attack)===== |
+ | The point of cracking is to generate data. You can generate data in Section 4, but sometimes there are no clients connected to wifi, but the AP is still sending out data. In this case, you will want to capture the data that the AP is sending out, and use it to determine a valid XOR keystream (basically a file which allows you to create a packet with out knowing the key). The two attacks for this are " | ||
+ | |||
+ | |||
+ | =====Section 7: Frag / Chop-chop failed===== | ||
+ | For fragmentation: | ||
+ | |||
+ | For the Chop-Chop attack, you really need to have a good connection to the AP, you have to be close. | ||
+ | |||
* You have to be associated to the AP. | * You have to be associated to the AP. | ||
* Some AP's will start to ignore you if you flood it too fast, so use the -x switch to throttle the speed of your packet sending. | * Some AP's will start to ignore you if you flood it too fast, so use the -x switch to throttle the speed of your packet sending. | ||
* Most AP's are ok with 30-50 packets per second (-x 30 or -x 50), if they are the type that ignore you for sending packets too fast. | * Most AP's are ok with 30-50 packets per second (-x 30 or -x 50), if they are the type that ignore you for sending packets too fast. | ||
* The AP may ignore you if your MAC address is not the same as the packet' | * The AP may ignore you if your MAC address is not the same as the packet' | ||
+ | * Some APs don't discard corrupted packets correctly. Such APs are not vulnerable to chopchop. | ||
- | ==Section 8: Success! | + | =====Section 8: Success! |
- | We have an XOR keystream meaning we can make any packet we want, as long as we have enough bytes in the keystream. | + | We have an XOR keystream meaning we can make any packet we want, as long as we have enough bytes in the keystream. |
- | ==Section 9: Running aircrack-ng on the collected data== | + | =====Section 9: Running aircrack-ng on the collected data===== |
If you have done things right, you should start to see the #/s and " | If you have done things right, you should start to see the #/s and " | ||
+ | |||
aircrack-ng output-*.cap | aircrack-ng output-*.cap | ||
+ | |||
This will open up any file starting with " | This will open up any file starting with " | ||
- | ==Section 10: Attack wont work at this time== | + | |
+ | =====Section 10: Attack wont work at this time===== | ||
There are many reason that you wont be able to. | There are many reason that you wont be able to. | ||
- | | + | |
- | * Turn off MAC filtering and WPA. | + | |
+ | * Turn off MAC filtering and WPA/WPA2. | ||
* The AP isn't sending out any data, you will have to wait, or manually generate some data on your network. | * The AP isn't sending out any data, you will have to wait, or manually generate some data on your network. | ||
- | * Frag/ | + | * Frag/ |
- | ==EOF== | + | =====EOF===== |
- | I hope you have found this tutorial helpful. Originally written by " | + | I hope you have found this tutorial helpful. |
flowchart.txt · Last modified: 2012/04/02 14:33 by wims