how_to_crack_wep_with_no_clients
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
how_to_crack_wep_with_no_clients [2009/08/14 19:23] – use dokuwiki internal link mister_x | how_to_crack_wep_with_no_clients [2009/09/26 14:34] – Fixed typos darkaudax | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Tutorial: How to crack WEP with no wireless clients ====== | ====== Tutorial: How to crack WEP with no wireless clients ====== | ||
- | Version: 1.14 March 24, 2008 \\ | + | Version: 1.15 September 26, 2009 \\ |
By: darkAudax \\ | By: darkAudax \\ | ||
Video: [[http:// | Video: [[http:// | ||
Line 23: | Line 23: | ||
*There are some data packets coming from the access point. | *There are some data packets coming from the access point. | ||
* The access point uses WEP "open authentication" | * The access point uses WEP "open authentication" | ||
- | * You use the native MAC address of your wireless card for all the steps and do not change it. Do NOT use any other MAC address as the source for transmiting | + | * You use the native MAC address of your wireless card for all the steps and do not change it. Do NOT use any other MAC address as the source for transmitting |
* You are using v0.9 of aircrack-ng. If you use a different version then some of the command options may have to be changed. | * You are using v0.9 of aircrack-ng. If you use a different version then some of the command options may have to be changed. | ||
Line 50: | Line 50: | ||
*2 - Start the wireless interface in monitor mode on the specific AP channel | *2 - Start the wireless interface in monitor mode on the specific AP channel | ||
*3 - Use aireplay-ng to do a fake authentication with the access point | *3 - Use aireplay-ng to do a fake authentication with the access point | ||
- | *4 - Use aireplay-ng chopchop or fragmenation | + | *4 - Use aireplay-ng chopchop or fragmentation |
*5 - Use packetforge-ng to create an arp packet using the PRGA obtain in the previous step | *5 - Use packetforge-ng to create an arp packet using the PRGA obtain in the previous step | ||
*6 - Start airodump-ng on AP channel with filter for bssid to collect the new unique IVs | *6 - Start airodump-ng on AP channel with filter for bssid to collect the new unique IVs | ||
Line 135: | Line 135: | ||
*-e teddy is the wireless network name | *-e teddy is the wireless network name | ||
*-a 00: | *-a 00: | ||
- | *-h 00: | + | *-h 00: |
*ath0 is the wireless interface name | *ath0 is the wireless interface name | ||
Line 350: | Line 350: | ||
=== Helpful Tips === | === Helpful Tips === | ||
- | *Be sure the packet is 68 or more bytes otherwise you may not have enough PRGA data to subsquently | + | *Be sure the packet is 68 or more bytes otherwise you may not have enough PRGA data to subsequently |
- | *At home, to generate some packets to force chopchop to start, ping a non-existant | + | *At home, to generate some packets to force chopchop to start, ping a nonexistent |
*You can check the decrypted packet by running " | *You can check the decrypted packet by running " | ||
| | ||
Line 368: | Line 368: | ||
==== Step 5 - Use packetforge-ng to create an arp packet ==== | ==== Step 5 - Use packetforge-ng to create an arp packet ==== | ||
- | In the previous step, we obtained PRGA. It does not matter which attack generated the PRGA, both are equal. | + | In the previous step, we obtained PRGA. It does not matter which attack generated the PRGA, both are equal. |
But first, lets generate the arp packet for injection by entering: | But first, lets generate the arp packet for injection by entering: |
how_to_crack_wep_with_no_clients.txt · Last modified: 2018/03/11 20:15 by mister_x