#How to use gerix wifi cracker mac
Take note of the MAC address, channel, and ESSID of the access point, as well as the MAC address of the associated client, which will be needed soon. The top section shows the information for the access point, and the bottom section shows the information for the client that we associated and started the continuous ping. “donthackme” looks like a good ESSID to play with. Next, we use “airodump-ng” to enumerate any wireless networks in the area, utilizing the “-t” switch to only enumerate the WEP networks. Mon0 IEEE 802.11bg Mode:Monitor Tx-Power=20 dBm Retry long limit:7 RTS thr:off Fragment thr:off Mode:Managed Frequency:2.437 GHz Access Point: Not-Associated aircrack-ng – used to recover the WEP key from the captured packetsįirst, we put our NIC into monitor mode, using “airmon-ng” and verify it with “iwconfig”.aireplay-ng – used for packet injection.airmon-ng – used to configure the wireless NIC for monitor mode.Now, on to the cracking! Here are the tools we are going to use: To recover a WEP key, we first need to be able to capture an ARP request, so we’re going to create a continuous stream of ARP requests by connecting another computer to the access point and simply starting a ping loop to a non-existent address. I used an old Linksys WRT54GL that was laying around, and configured it to use WEP with a “ ”. There are also some good troubleshooting steps on his site if you have any problems with the exercise.įirst we need to setup a wireless router that we can practice on.
X’s site (the man who wrote the aircrack-ng tools) anyway. Now, I don’t think I can do any better than the thousands of other WEP cracking tutorials out there, but I’m going to loosely walk through a tutorial on Mr. If you have any trouble getting your NIC to work properly, there are some workarounds to try on Offenseive Security’s site. This NIC also has quite an extended range compared to any built-in wireless NIC you may have.
#How to use gerix wifi cracker drivers
A USB Wireless NIC is required for hacking wireless networks using a VM because the wireless NIC drivers on the PCI bus of the host system are virtualized drivers that are shared with the guest system, so there is no direct access to the radio. My USB Wireless NIC of choice is an Alpha Network, Model: AWUS036h. As usual, I’m using BackTrack (BT5 R2, 64-bit) in a Virtual Machine (VM) as my preferred hacking environment. It’s been a while since I’ve updated this blog, and since one of the last subjects we covered last year at OSOC was wireless hacking, I figured I would start back up with a simple WEP cracking walkthrough. Now that was even easier than last time -) Then, under the WEP cracking tab, simply click “Aircrack-ng – Decrypt WEP password”. Once we hit at least 10,000, we can go to the Cracking tab. Another terminal session will open, displaying the progress.Īs we did in the previous post, we keep the ARP replay injection session running until the “Data” column of the capture session reaches at least 10,000. Next, click “ARP request replay” to inject the captured ARP requests back to the access point to generate enough IV’s for cracking. Select “Associate with AP using fake auth” and you should see your capture session jump with connected clients. Then, select the “WEP Attacks (with clients)” section. Next click “Performs a test of injection AP” to verify that we are close enough to the access point. A new terminal session will open showing a summary of the capture interface. Under the “General functionalities” section, click “Start Sniffing and Logging” to start capturing packets.
Now, select the “donthackme” Essid and go to the WEP tab. Then, click “Rescan networks” to display all nearby wireless networks. Go to the Configuration tab, click “Reload wireless interfaces”, select your interface, then click “Enable/Disable Monitor Mode”. You can find Gerix under Applications – Exploitation Tools – Wireless Exploitation Tools – WLAN Exploitation – gerix-wifi-cracker-ng. If you’re using a VM like me, you can attach the host system to the access point for your pinging client, and use your wireless USB NIC connected to your guest VM for the attack.Īs a summary from last time, here are the steps we are going to complete: With our hacking environment setup the same as before, we setup our access point, attach a client to it, and start a continuous ping to a non-existent address to generate a steady stream of ARP requests. Now that we know the basic steps for cracking WEP, from our last post, lets try a pointy-clicky GUI that’s included in the BackTrack distribution named Gerix Wifi Cracker.
0 kommentar(er)
