This can be done with GRIMWEPA using Backtrack (see below for how to get backtrack)
This method of attack will work with clients or without clients.
Its located at:
radio network analysis > 80211 > cracking > Grimwepa.
After you execute the program you should get something like this. Select the wireless you want to put into monitor mode.
Okay now that we have a wireless interface in monitor mode lets begin. Under the black box you will see the word Channel and on the other side All Channels with a box checked in front if it I recommend you keep the box check unless you now what channel you want. Now lets scan for our targets we can do this with the Refresh Targets command I recommend letting it refresh about two times before stopping it. As you can see below we found our target with a WEP encryption perfect.
So now we have acquired our target nest step is testing our wireless interface's injection capability with the Test Injection command. Now after running the Test Injection command look at the bottom of the windows and you will see something like
""Status: [Injection test results: 25/30: 83%]"
This is good enough but I recommend running it a couple more times to try to get 100%.
NOW ATTACK METHOD
For the Attack Method we are going to be using Fragmentation.
Fragmentation is a good attack against WEP is because it only requires on data packet to be received from the access point in order to initiate the attack.
Okay so for attack method select fragmentation if you haven't already. Now look at the Injection rate (pps): and you will see a scale from 100 to 1000. What this means is how many ARP packets you want to inject a second. What is recommend is the farther away you are the slower you want it to be and the closer you are the faster. I usually use it from 600 to 800. Oh almost forgot leave the Choose Client unchecked I will explains this later on but for now you don't need it. Now let's start the attack we can do this by clicking on the Start Attack.
Now we wait for it to capture the data packet. To make a specially crafter ARP Packet to inject. Once it done capturing and creates the ARP Packet it will start injecting and it will look something like this.
Status [Re-playing spoofed arp; Auto-Crack at 10,000+ IVS]
And it will open a new windows but it will be minimized so look at you task bar and open it and it will look like this.
Now once it has captured enough IV's it will start cracking the pass on it's own. Status [Cracking WEP..]
Once it has cracked the password it will display at the bottom of the screen you can easily miss it if your where not paying any attention.
Status: [WEP Key: 4DAE1FC1ED | saved: '/pentest/wireles....]
Still going to update this / make it easier to read and understand.
No comments:
Post a Comment