fragmentation
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
fragmentation [2007/01/26 23:46] – PRAGA -> PRGA mister_x | fragmentation [2007/04/13 16:35] – raimund | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Fragmentation Attack ====== | ====== Fragmentation Attack ====== | ||
+ | |||
===== Description ===== | ===== Description ===== | ||
- | This attack, when successful, can obtain 1500 bits of PRGA (pseudo random | + | This attack, when successful, can obtain 1500 bytes of PRGA (pseudo random |
- | Basically, the program | + | Basically, the program |
- | The original paper by Andrea Bittau at http:// | + | The original paper by Andrea Bittau at http:// |
===== Usage ===== | ===== Usage ===== | ||
Line 33: | Line 34: | ||
*-k IP : set destination IP in fragments - defaults to 255.255.255.255 | *-k IP : set destination IP in fragments - defaults to 255.255.255.255 | ||
*-l IP : set source IP in fragments - defaults to 255.255.255.255 | *-l IP : set source IP in fragments - defaults to 255.255.255.255 | ||
+ | |||
===== Usage Example ===== | ===== Usage Example ===== | ||
- | Notes: | ||
- | *The source MAC address used in the attack must be associated with the access point. | ||
- | *For madwifi-ng drivers (Atheros chipset), you must change MAC address of your card to the MAC address you will injecting with otherwise the attack will not work. | ||
Essentially you start the attack with the following command then select the packet you want to try:\\ | Essentially you start the attack with the following command then select the packet you want to try:\\ | ||
- | aireplay-ng -5 -b 00: | + | |
Waiting for a data packet... | Waiting for a data packet... | ||
Read 96 packets... | Read 96 packets... | ||
+ | | ||
Size: 120, FromDS: 1, ToDS: 0 (WEP) | Size: 120, FromDS: 1, ToDS: 0 (WEP) | ||
+ | | ||
| | ||
Dest. MAC = 00: | Dest. MAC = 00: | ||
Source MAC = 00: | Source MAC = 00: | ||
+ | | ||
0x0000: | 0x0000: | ||
0x0010: | 0x0010: | ||
Line 61: | Line 60: | ||
0x0060: | 0x0060: | ||
0x0070: | 0x0070: | ||
+ | | ||
Use this packet ? y | Use this packet ? y | ||
Line 80: | Line 79: | ||
Now you can build a packet with packetforge-ng out of that 1500 bytes keystream | Now you can build a packet with packetforge-ng out of that 1500 bytes keystream | ||
- | You have successfully obtained the PRAGA which is stored in the file named by the program. | + | You have successfully obtained the PRGA which is stored in the file named by the program. |
+ | |||
+ | ===== Usage Tips ===== | ||
+ | |||
+ | *The source MAC address used in the attack must be associated with the access point. | ||
+ | |||
+ | *For madwifi-ng drivers (Atheros chipset), you must change MAC address of your card to the MAC address you will injecting with otherwise the attack will not work. | ||
+ | |||
+ | ===== Usage Troubleshooting ===== | ||
+ | |||
+ | Also see the general aireplay-ng troubleshooting ideas: [[aireplay-ng# | ||
fragmentation.txt · Last modified: 2009/09/05 23:32 by mister_x