|
Fire7
Membru Freak
Inregistrat: acum 18 ani
Postari: 113
|
|
Cracks wireless networks using packet-ng aircrack win 0.6.2 and OS Windows XP
As we have noted in the beginning of this article, there's a version of the package aircrack-ng 0.6.2 win, which is supported by Windows XP operating system. Immediately note that the package is not possible so vast compared to its Linux-analogue, but because if there is no bias against resistant Linux, it is best to use disk version of BackTrack.
First, it will have to face in the case of a Windows version of aircrack-ng - is the need to replace the established drivers from the manufacturer of wireless network adapter for special drivers, which support the regime of monitoring and intercepting the packages. And, as with the Linux version of the programme, a specific version of the driver is dependent on the chip, which built a network adapter. For example, using our wireless PCMCIA adaptor Gigabyte GN-WMAG-based chip Atheros AR5004, we used driver 5.2.1.1 from WildPackets.
Same procedure hacking wireless network using the Windows version of the package aircrack-ng conceptually quite simple and repeats the procedure hacking wireless networks through a Linux version of the package. It is traditionally performed in three phases: collection of information about the network, and allowing the packages and analysis.
To start working with the utility should be run Aircrack-ng GUI.exe with a convenient graphical interface and represents, in fact, the GUI for all utilities, included in the package aircrack-ng 0.6.2 win. In the main program window (Figure 1) there are several tabs, switching between which can be activated necessary utilities.
In order to collect the required information about the network, go to a bookmark airdump-ng, after which launches in a separate window utility airdump-ng 0.6.2.
When launching the programme airdump-ng 0.6.2 (Fig. 2), a dialogue box, which need a wireless network adapter (Network interface index number), the type of network adapter chip (Network interface type (o / a)), the number of wireless channel Communications (Channel (s): 1 to 14, 0 = all) (if the channel number is not known, it is possible to scan all channels). In addition, the output file sets, which are stored intercepted packages (Output filename prefix), and indicate whether seizing all packages entirely (CAP files), or only part covenants initialization vector (IVS) (files Only write WEP IVs (y / n)). With WEP-encryption key secret to recruiting is more than enough to form IVS-only file, and when using WPA-PSK encryption required cap-file. By default, or IVS-AP-X files created in the same directory as the program airdump-ng 0.6.2.
Fig. 2. Setting up utilities airdump-ng 0.6.2
After setting all options utilities airodump-ng 0.6.2 opens information window, which displays information about detected wireless access points, information about customers and network statistics intercepted packages (Fig. 3).
Fig. 3. Information window utility airodump-ng 0.6.2
If multiple access points, the statistics will be issued for each of them.
The first step is to write the MAC address of the access point, wireless network SSID and MAC address connected to one of its customers (if there are more than one). Then you need to wait until a sufficient number of intercepted packages. To stop the process hostage packages (utility work) is a key combination Ctrl + C. Meanwhile, the Windows version of the package-no way to force more traffic between the access point and the client network (recall that in the Linux version of the package that provides utility aireplay-ng).
The main problem the attacker WPA-PSK-networks using the Windows version of Aircrack-ng GNU 0.6.2 is that the CAP in the file itself must seize initialization procedure client on the network, will have to sit in the "ambush" in the running airodump program-ng. Since the CAP-file captured customer network initialization procedure, you can stop the program airodump and begin the process of decryption. Actually, accumulate intercepted packages in this case is unnecessary as the secret key for calculating the applicable only packets transmitted between client and access point during initialization.
In the case of WEP encryption-IVS after the formation of the output file to begin its analysis by using aircrack-ng 0.6.2, which to start again need to open the main program window Aircrack-ng GUI on the appropriate tab, and set up utility aircrack-ng. When WEP encryption-tuning utilities is to set long-WEP key point ESSID wireless network, set the MAC address of the access point, exclude certain types of attacks (RoreK-attack), if necessary, ask the character set used for the key, and etc. Here, all the same configuration as in the case of a Linux version of this utility. The only difference is that in Linux versions all settings specified in the form of options on the command line, and the Windows version is used to configure the utility convenient graphical user interface (Figure 4).
Fig. 4. Result analysis IVS-File
aircrack utility-ng 0.6.2
Result analysis IVS file shown in Fig. 4. Hardly line KEY FOUND! needed in the comments. Note: The secret key was calculated with just 1!
When WPA-PSK encryption-configured utilities aircrack-ng 0.6.2 as the output file it is necessary to use CAP-rather than IVS file. In addition, you need to specify the path to the dictionary used to hacking, which is tentatively set to the directory with the program aircrack-ng 0.6.2 (Figure 5).
Fig. 5. Result analysis ivs file
aircrack utility-ng 0.6.2
Result analysis CAP-file shown in Fig. 6. However, it should be borne in mind that a positive result key finding possible only if the password is analyzed in the dictionary.
Bypassing protection filter MAC addresses
At the very beginning of this article, we noted that in addition to WEP and WPA-PSK encryption often-used functions such as the treatment of the hidden network ID and filtering on MAC addresses. They traditionally belong to the security features of wireless connection.
As we have demonstrated by the example of the package aircrack-ng, rely on the hidden mode network identifier generally not allowed. That we utility airodump-ng will still show you SSID network, which subsequently can be used to create a profile of connection (unauthorized!) To the network.
But when it comes to security measures such as filtering on MAC addresses, it is generally a very simple matter. On the Internet, you can find quite a lot of variety and utilities for Linux and for Windows, which allows a substitute for the MAC address of the network interface. An example is the following-Windows utilities: SMAC 2.0 (utility fee,), MAC MakeUP (free utility, / publicprj / macmakeup / macmakeup.asp - Figure . 7), or MAC Spoofer 2006 (free utility).
By supplanting such, it is possible to pretend to be her and realize unauthorized access to the wireless network. And both the client (currently, and unsolicited) will be quite comfortable to exist in the same network with a single MAC address, in fact - in that case neproshenomu guests will be given exactly the same IP address as that of the present customer network.
So, to overcome all security system wireless network-based WEP encryption is not any work. Perhaps many will say that this is irrelevant, since WEP protocol died too long ago - it is not used. To replace him came stronger WPA protocol. But do not rush to conclusions. That is true, but only in part. The fact is that, in some cases, to increase the range of wireless network deployed so-called distributed wireless network (WDS) on the basis of several access points. The most interesting is that these networks do not support WPA protocol, and the only permissible security measure in this case is an application-WEP encryption. This forced WDS network is the same as network based on one access point. In addition, the device equipped with a wireless module, also does not support WPA protocol, so the inclusion of customer-based device in a wireless network to use it WEP protocol. Consequently, the WEP protocol for a long time to be in demand in the wireless networks.
|
|
