background preloader

Airmon-ng

Airmon-ng
Description This script can be used to enable monitor mode on wireless interfaces. It may also be used to go back from monitor mode to managed mode. Entering the airmon-ng command without parameters will show the interfaces status. Usage usage: airmon-ng <start|stop><interface> [channel] or airmon-ng <check|check kill> Where: <start|stop> indicates if you wish to start or stop the interface. Usage Examples Typical Uses Check status and/or listing wireless interfaces ~# airmon-ng PHY Interface Driver Chipset phy0 wlan0 ath9k_htc Atheros Communications, Inc. Checking for interfering processes When putting a card into monitor mode, it will automatically check for interfering processes. ~# airmon-ng check Found 5 processes that could cause trouble. Killing interfering processes This command stops network managers then kill interfering processes left: ~# airmon-ng check kill Killing these processes: PID Name 870 dhclient 1115 wpa_supplicant Enable monitor mode Disable monitor mode Enter “iwconfig”: Then:

Cracking WEP Using Backtrack: A Beginner’s Guide This tutorial is intended for user’s with little or no experience with linux or wifi. The folks over at remote-exploit have released “Backtrack” a tool which makes it ridiculously easy to access any network secured by WEP encryption. This tutorial aims to guide you through the process of using it effectively. Required Tools You will need a computer with a wireless adapter listed hereDownload Backtrack and burn it’s image to a CD BACKTRACK is a bootable live cd with a myriad of wireless and tcp/ip networking tools. Tools Overview Kismet – a wireless network detector and packet snifferairmon – a tool that can help you set your wireless adapter into monitor mode (rfmon)airodump – a tool for capturing packets from a wireless router (otherwise known as an AP)aireplay – a tool for forging ARP requestsaircrack – a tool for decrypting WEP keysiwconfig – a tool for configuring wireless adapters. Glossary of Terms Monitoring Wireless Traffic With Kismet kismet NOTE: We use kismet for two reasons.

How to Setting IP address in Backtrack 4 | Complete note | Tips and Tricks Linux Back Track 4 already released, as a beginner in Back Track i want to set my ip address for ethernet card. In windows operating system we can edit our ip address through GUI (graphical user interface), but in Back Track i can not do that. After searching back track tutorial for beginner, i found that in back track we can set ip address by using command line in console. compatibility_drivers Introduction Microsoft Windows is only supported by Airpcap for now. See this section for more details. See this FAQ entry if your question is “What is the best wireless card to buy?”. This section deals with two related areas: Determine the chipset of a wireless card Determine the driver for a wireless card The previous version of this page can found here. Determine the chipset There are two manufacturers involved with wireless cards. The second manufacturer is who makes the wireless chipset within the card. You first need to determine what wireless chipset your card uses. Search the internet for “<your card model> chipset” or “<your card model> linux” or “<your card model> wikidevi”. Here are some other resources to assist you in determine what chipset you have: WikiDevi in general is a great resource for wireless devices/drivers/etc but if you are looking by device ID, check out this page. Once you have determined the chipset, chances are you already have identified the driver on Linux.

fake_authentication Description The fake authentication attack allows you to perform the two types of WEP authentication (Open System and Shared Key) plus associate with the access point (AP). This is only useful when you need an associated MAC address in various aireplay-ng attacks and there is currently no associated client. It should be noted that the fake authentication attack does NOT generate any ARP packets. Usage aireplay-ng -1 0 -e teddy -a 00:14:6C:7E:40:80 -h 00:09:5B:EC:EE:F2 -y sharedkeyxor ath0 Where: -1 means fake authentication0 reassociation timing in seconds-e teddy is the wireless network name-a 00:14:6C:7E:40:80 is the access point MAC address-h 00:09:5B:EC:EE:F2 is our card MAC address-y sharedkeyxor is the name of file containing the PRGA xor bits. Or another variation for picky access points: aireplay-ng -1 6000 -o 1 -q 10 -e teddy -a 00:14:6C:7E:40:80 -h 00:09:5B:EC:EE:F2 ath0 6000 - Reauthenticate very 6000 seconds. Usage Examples Success looks like: Usage Tips Setting MAC address

deauthentication Description This attack sends disassocate packets to one or more clients which are currently associated with a particular access point. Disassociating clients can be done for a number of reasons: Recovering a hidden ESSID. This is an ESSID which is not being broadcast. Of course, this attack is totally useless if there are no associated wireless client or on fake authentications. Usage aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 ath0 Where: -0 means deauthentication 1 is the number of deauths to send (you can send multiple if you wish); 0 means send them continuously -a 00:14:6C:7E:40:80 is the MAC address of the access point -c 00:0F:B5:34:30:30 is the MAC address of the client to deauthenticate; if this is omitted then all clients are deauthenticatedath0 is the interface name Usage Examples Typical Deauthentication First, you determine a client which is currently connected. aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:AE:CE:9D ath0 Here is typical output: Usage Tips General

Related: