|
Fire7
Membru Freak
Inregistrat: acum 18 ani
Postari: 113
|
|
Cracks wireless networks
Reading the main methods of protecting networks 802.11a/b/g standards, we will look at ways of overcoming them. Note that for hacking WEP and WPA networks using the same tools, so the first explain that the arsenal is the attacker.
First, we will need a laptop with a wireless adapter. The main problem that arises in the process of recruiting tools for hacking wireless networks - is to ensure interoperability between chip wireless adapter used software, and operating system.
Choosing a wireless adapter
The fact is that most of the utilities to crack wireless networks, "sharpened" under the Linux system. There are versions of some utilities and under Windows XP. However, depending on the chip wireless transceiver that certain wireless cards can be used with utilities for Linux-as well as on Windows XP system, and some wireless adapters can be used only with utilities under Linux or only under Windows XP system. There are wireless adapters that are not supported by either the Linux or Windows XP-utilities. In addition, there are chips, which, although supported by the utilities, are working extremely slowly (in the sense of capture and analyze packets).
The fact is that for the task of hacking wireless networks require special (non-standard) drivers for wireless network adapters. Established regimes considered to be any wireless adapter Infrastructure (Basic Service Set, BSS), and ad-hoc (Independent Basic Service Set, IBSS). In Infrastructure mode, each customer is connected to the network via an access point, and in ad-hoc mode wireless adapters can communicate with each other directly, without the use of an access point. But both the regime does not allow wireless adapter to listen to broadcasts and intercept packets. Either way, in another case of a network adapter will catch packages, which are intended only for the network on which it is set. In order to be able to see the other networks (with a hidden ID ESSID), and grab bags, there is a special regime for monitoring (Monitor mode), with the conversion adapter which is not associated with any particular network, and catch all of the available packages. Normally, drivers supplied by the manufacturer of wireless adapter, do not support the regime of monitoring, and to engage him, it is necessary to install special drivers, often written by a group of third-party developers. It should be noted that, for the Windows operating systems such special drivers exist only for the wireless adapter based on the Hermes chips, Realtek, Aironet and Atheros. Driver support for the regime operating systems Linux / BSD is largely determined by open specifications at stake, but the list of supported devices is much greater than for a family of Windows. Drivers systems on Linux / BSD and for monitoring treatment can be found for wireless adapters based on the following chipsets: Prism, Orinoco, Atheros, Ralink, Aironet, Realtek, Hermes and Intel, the drivers based on Intel chips are not suitable for all devices.
Currently, all notebooks based on Intel Centrino mobile technology, wireless adapters are built based on chips from Intel (IPW2100 chips, IPW2200, IPW2915, IPW3945), but for our purposes, these adapters fit poorly - even though they are compatible with the Linux utilities used in the burglary, these chips are working extremely slowly, with a Windows-compatible utilities in general.
A good choice can be considered a wireless PCMCIA adapters for Atheros chip series, or 2 Prism Prism 3 (Gigabyte wireless adapters and D-Link).
The choice of operating system
Regarding the choice of operating system can be given the following recommendations. Linux system for this purpose preference in the use of Linux as a set of tools is much wider, and the Linux operating utilities significantly faster. But this does not mean that you can not use Windows XP, along with Windows utilities. In the future, we will consider both options hacking wireless networks - that is, using and Linux, and Windows utilities. In doing so, we are well aware that not all users slow to switch from Windows to Linux. For all its shortcomings of Windows distributed much more widely, and often for a new user, it is much easier to harness. Therefore, the optimal, in our view, is the option to use your laptop as a primary operating system Windows XP, and targets for hacking a wireless network - OS Linux Live CD, zapuskayuscheysya with CD-ROM and does not require installing computer's hard disk. The best solution in this case would drive BackTrack, which is based on the Linux operating system (kernel version 2.6.18.3), and contains all the necessary tools for hacking packages networks. The image of the disc can be downloaded from the website at:
Code:
Code:
/ * is the latest version * /
offsayt
Code:
A set of software
Traditionally for hacking wireless networks used software package aircrack that exists in versions for Windows XP (aircrack-ng 0.6.2 win), and for Linux (aircrack-0.7 ng). This package is distributed completely free of charge and can be downloaded from the official site. Search for any of the other utilities simply is not meaningful, because the package is the best solution in its class. In addition, he (of course, the Linux version) is a disc BackTrack.
Cracks wireless networks using Live CD-ROM BackTrack
So, regardless of which operating system you are running on the notebook, for hacking a wireless network, we use the bootable disk BackTrack. Note that in addition to the toolkit, you want us to hacking wireless network, the CD contains a host of other utilities that enable auditing networks (port scanners, switches, etc.). Incidentally, this disc is useful to have any system administrator dealing with auditing networks.
Cracks any wireless network using disk BackTrack is done in three stages (Table 1):
c ollection information on the wireless network;
seizing packages;
analysis packages.
The first step was to gather detailed information about the wireless network, which is subject to hacking: the MAC address of the access point and the active client wireless network, the name of the network (network identifier), and the type of encryption used. To do this, apply utilities airmon-ng, ng-airodump and Kismet - the first of which is necessary for the driver wireless network adapter for wireless network monitoring mode, and the remaining two will give the necessary information on the wireless network. All these utilities are already on the disk BackTrack.
Table 1. Stages of hacking a wireless network using Live CD-ROM BackTrack
Number phase
Description
Used utilities
Result
WEP
WPA-PSK
1 Collection of information on wireless network
airmon-ng airodump-ng Kismet
MAC address of the access point, the MAC address of the active customer, the type of network, the network identifier, the type of encryption (WEP, WPA-PSK), the number of communication channel
2
Intercepting packages
airodump-ng Kismet airoplay-ng
A file containing the IV-bags
A file containing packets with information about customer authentication in a network
3
Analysis packages
aircrack-ng
Key Finder
Selection of the password
In the next stage the capture packets using utilities airodump-ng. In the case where the network is WEP encryption, it is necessary to collect IV-bags containing initialization vectors. If traffic is low in the network (for example, the client is not active), then further to increase traffic between the client and an access point, you can use a utility airoplay-ng.
If the network is WPA-PSK encryption, it is necessary to collect packets, which contain information on the procedure for authentication in a network client (procedure handshake). In order to induce the client to follow the procedure of authentication in the network, using the utilities airoplay-ng forced him to initiate a process of disconnection from the network, followed by the restoration of the connection.
In the final phase, an analysis of intercepted information by utilities aircrack-ng. In the case of WEP encryption-key selection probability depends on the number of IV-assembled packages, and WPA-PSK-encryption - from the dictionary used to select a password.
|
|
