Skip to main content

Secure Your WLAN With Aircrack-ng - PART III

Audit Wireless Access Points
If you find any rogue access points, at this point you can take steps to find their owners and make sure they are closed down. But what about your official ones? How secure are they?
Here's how to find out.
Firstly, if they wireless networks are secured by WEP, then as mentioned above the answer is "not secure at all." Here's proof:
First, make a note of the channel of the WEP protected access point you want to test from the Airodump-ng window. In the case above the channel (CH) is channel 1.
Next, quit airodump-ng by doing a control-c , then restart it by typing: airodump-ng -c X -w mycapture ath0
changing the X for the channel number of your access point. This will start capturing data which you will use to crack the WEP key, in a file called mycapture-01.cap in your home directory.
Next you'll need to inject some traffic onto the network. To do this you can use Aircrack-ng's packet injection tool, Aireplay-ng, to monitor the network and wait for an ARP request, and then re-inject (or replay) this ARP request over and over again. This stimulates a response from the access point, until enough packets have been collected to crack the WEP key.
How many is enough? 40,000 packets will be enough 50 per cent of the time, while 85,000 packets gives you a 95% chance of success.
To inject the ARP requests onto the network, you'll first need to look in the Airodump-ng window and make a note of the MAC addresses of the base station and a connected client.
Then start aireplay, by typing: aireplay-ng -3 –b [base station MAC address] –h [client Mac address] ath0
The -3 in the command tells aireplay-ng to search for ARP requests and then replay them)
As soon as an ARP request is received, aireplay-ng will start injecting it back onto the network, and airodump-ng will start collecting packets in the file mycapture-01.cap. (see Figure 2.)
To crack the key, all that's required is to start Aircrack-ng, and tell it to work on the data in mycapture-01.cap using a statistical attack known as PTW, which is activated using the –z option: aircrack-ng –z mycapture-01.cap
Wait a minute or two, and in most cases you'll have the WEP key to the network. If you can do that, then so can a hacker. The moral of the story is never, ever rely on WEP for any sort of network protection.

Popular posts from this blog

Test New ALFA-AWUS036H v.2 (1.000mW) VS ALFA-AWUS036H v.1 (500mW)

- Recently emerged the New ALFA-AWUS036H v.2 (1.000mW), and these are the tests. TEST WITH NETSTUMBLER 1) usb da 100mW chipset railink 2) usb da 200mW chipset railink rt73 3) intel 2200 b/g con connettore esterno rp-sma 4) Alfa-AWUS036H 500mW 5) New Alfa-AWUS036H V2 da 1.000mW

Creating A Cheap Bluetooth Sniffer

Many papers and posts on internet forums have commented on the success of turning normal everyday bluetooth USB dongles ($10), into their more powerful counterparts that allow the capturing of packets from the airwaves. These more powerful USB dongles are usually sold at a much higher price ($10,000) together with the software to drive and control these devices. The problems associated with BlueTooth sniffing You cant simply just purchase the dongle with the alternate firmware. There is next to no real opensource packet capture program for the bluetooth protocol. Hardware & Limitations Chipsets: Whats the difference? The chipset of the Bluetooth USB Dongles are very important. Broadcom chipsets are cheap hardware and are deemed unsuitable devices for this paper. But unfortunalty nowadays, every manufacturer seems to prefer putting these chips in their products compared to the more reliable Cambridge Silicon Radio (CSR) chipset. If your lucky enough to find a dongle with a CSR chips...

ALFA-­AWUS036H & ALFA-­AWUS050NH INSTALLING/UPDATING DRIVERS RTL8187, r8187, RT2800usb on UBUNTU

NOTE: For surfing Internet with ALFA-AWUS050NH on Ubuntu Jaunty with rt2870sta driver, you must use the Kernel "2.6.28-11-generic #42-Ubuntu", without change or updates the drivers modules. NOTE: The tutorial is not related to Ubuntu karmic. Driver RTL8187/Stacks-­mac80211 (ref. ALFA-­AWUS036h) ­- These drivers, for surfing Internet, are more stable than r8187, and fully compatible with Network-Manager 0.7 installed by default on Ubuntu 9.04. Network-Manager 0.7 installed by default on Ubuntu 9.04. ­- Supports all encryption without problems. (OPEN, WEP and WPA/WPA2) ­- With Compat-Wireless, the "injection" working, but for support “Fragmentation attack” (opt. -5) you need to install one patch. - The RX sensitivity and packets injection is less, related to drivers r8187. Driver r8187/Stacks-ieee80211 (ref. ALFA-AWUS036h) - This driver is recommended for use with the Suite of Aircrack-ng, but not particularly suitable for Internet connections, as less stable and disc...