newbie_guide
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
newbie_guide [2018/11/21 23:27] – [Discovering Networks] Refresh and fixes/improvements mister_x | newbie_guide [2018/11/21 23:29] – [The lazy way] Update interface name + small updates mister_x | ||
---|---|---|---|
Line 119: | Line 119: | ||
Because of the channel hopping you won't capture all packets from your target net. So we want to listen just on one channel and additionally write all data to disk to be able to use it for cracking: | Because of the channel hopping you won't capture all packets from your target net. So we want to listen just on one channel and additionally write all data to disk to be able to use it for cracking: | ||
- | airodump-ng -c 11 --bssid 00: | + | airodump-ng -c 11 --bssid 00: |
With the -c parameter you tune to a channel and the parameter after -w is the prefix to the network dumps written to disk. The " | With the -c parameter you tune to a channel and the parameter after -w is the prefix to the network dumps written to disk. The " | ||
Line 151: | Line 151: | ||
Try to connect to your AP using [[aireplay-ng]]: | Try to connect to your AP using [[aireplay-ng]]: | ||
- | aireplay-ng --fakeauth 0 -e "your network ESSID" -a 00: | + | aireplay-ng --fakeauth 0 -e "your network ESSID" -a 00: |
The value after -a is the BSSID of your AP. | The value after -a is the BSSID of your AP. | ||
Line 185: | Line 185: | ||
Wait for a client to show up on the target network. Then start the attack: | Wait for a client to show up on the target network. Then start the attack: | ||
- | aireplay-ng --arpreplay -b 00: | + | aireplay-ng --arpreplay -b 00: |
-b specifies the target BSSID, -h the MAC of the connected client. | -b specifies the target BSSID, -h the MAC of the connected client. | ||
Line 200: | Line 200: | ||
the -r < | the -r < | ||
- | When using the arp injection technique, you can use the PTW method to crack the WEP key. This dramatically reduces the number of data packets you need and also the time needed. | + | When using the ARP injection technique, you can use the PTW method to crack the WEP key. This dramatically reduces the number of data packets you need and also the time needed. |
If the number of data packets received by airodump-ng sometimes stops increasing you maybe have to reduce the replay-rate. You do this with the -x <packets per second> option. I usually start out with 50 and reduce until packets are received continuously again. Better positioning of your antenna usually also helps. | If the number of data packets received by airodump-ng sometimes stops increasing you maybe have to reduce the replay-rate. You do this with the -x <packets per second> option. I usually start out with 50 and reduce until packets are received continuously again. Better positioning of your antenna usually also helps. |
newbie_guide.txt · Last modified: 2018/11/21 23:31 by mister_x