byront93
asked on
Ipw2200 injection problem
i cannot inject packets in backtrack 3,aircrack-ng,aireplay-ng using my laptop's wireless NIC ipw2200b/g.i have tried following tutorials but nothing work.plz help!!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Remember its not "cracking" its testing wep. :)
Disclaimer: All instructions are intended for security auditing or educational purposes only!! Should never be used for cracking a network you do not have permission to test. (I got banned from yahoo groups for a post similar to this; why I use google now:)
WPA psk (typically wrongly known as tkip) is somewhat crackable with dictionary / brute force. Like any brute force, if there using a English word, it will only take minutes. Otherwise... You need to generate a rainbow table, etc, etc...
WPA AES is completely untouchable at this point...
Basically same idea, authenticate with base station / access point:
Then
download a word list
http://ftp.se.kde.org/pub/security/tools/net/Openwall/wordlists/
generate word list
# zcat all.gz | egrep -v '^#' > dictionary
Start aircrack
# aircrack-ng -w dictonary -0 wpaout.cap
Opening wpaout.cap
Read 15683 packets.
# BSSID ESSID Encryption
1 00:A1:B0:30:5C:84 HOGE WPA (1 handshake)
Index number of target network ? 1
Disclaimer: All instructions are intended for security auditing or educational purposes only!! Should never be used for cracking a network you do not have permission to test. (I got banned from yahoo groups for a post similar to this; why I use google now:)
WPA psk (typically wrongly known as tkip) is somewhat crackable with dictionary / brute force. Like any brute force, if there using a English word, it will only take minutes. Otherwise... You need to generate a rainbow table, etc, etc...
WPA AES is completely untouchable at this point...
Basically same idea, authenticate with base station / access point:
Then
download a word list
http://ftp.se.kde.org/pub/security/tools/net/Openwall/wordlists/
generate word list
# zcat all.gz | egrep -v '^#' > dictionary
Start aircrack
# aircrack-ng -w dictonary -0 wpaout.cap
Opening wpaout.cap
Read 15683 packets.
# BSSID ESSID Encryption
1 00:A1:B0:30:5C:84 HOGE WPA (1 handshake)
Index number of target network ? 1
Also chop, chop attack... which is fairly useless... more of a proof of concept.
First needs to be PSK / TKIP, QOS needs to be on, then you can run chop chop...
All you can do is inject arp packets, syns, dns, other small stuff...
First needs to be PSK / TKIP, QOS needs to be on, then you can run chop chop...
All you can do is inject arp packets, syns, dns, other small stuff...
ASKER