Teología 101

Porque no es tan difícil...

Herramientas de usuario

Herramientas del sitio

Estás aquí: intro » hack
hack

Diferencias

Muestra las diferencias entre dos versiones de la página.

Enlace a la vista de comparación

Ambos lados, revisión anteriorRevisión previa
Próxima revisión		Revisión previa
hack [2020/04/17 14:10] – [Targeted Sniffing] gregkedrohack [2020/04/17 16:21] (actual) gregkedro
Línea 2: Línea 2:
  
 **Adapters:** Built-in wireless adapters in retail computers will not perform for what you need. You need a wireless adapter that will support: Monitor Mode & Packet Injection ([[https://youtu.be/0lqRZ3MWPXY|Explanation]]). **Adapters:** Built-in wireless adapters in retail computers will not perform for what you need. You need a wireless adapter that will support: Monitor Mode & Packet Injection ([[https://youtu.be/0lqRZ3MWPXY|Explanation]]).
 +  * Tools are found in the [[https://www.aircrack-ng.org/documentation.html|aircrack-ng]] suite.
  
 ===== Adapter Setup ===== ===== Adapter Setup =====
Línea 121: Línea 122:
  
 Do an ''iwconfig'' to check out ''wlan0'' (or whatever your interface name is): should be ''Mode: Managed'' (you need to change to ''Monitored'' in order to catch all network traffic). Do an ''iwconfig'' to check out ''wlan0'' (or whatever your interface name is): should be ''Mode: Managed'' (you need to change to ''Monitored'' in order to catch all network traffic).
 +  * **Important:** It is important that you use ''ifconfig'' (or ''ip'') here and not ''ifup''. ([[configs#ifupdown_vs_ifconfig|See explanation]].)
  
 1. Disable the interface. 1. Disable the interface.
Línea 131: Línea 133:
 <code>airmon-ng check kill</code> <code>airmon-ng check kill</code>
        
-3. Enable monitor mode.+3. Enable monitor mode [1].
 <code>iwconfig wlan0 mode monitor</code> <code>iwconfig wlan0 mode monitor</code>
  
Línea 141: Línea 143:
  
 Run ''iwconfig'' and you should see ''Mode:Monitor'' (capture any packet in range). Run ''iwconfig'' and you should see ''Mode:Monitor'' (capture any packet in range).
 +
 +[1] The ''mode'' sets the operating mode of the device:
 +  * ''ad hoc'' (network composed of only one cell and without access point)
 +  * ''managed'' (node connects to a network composed of many access points, with roaming)
 +  * ''master'' (the node is the synchronisation master or acts as an access point)
 +  * ''repeater'' (the node forwards packets between other wireless nodes)
 +  * ''secondary'' (the node acts as a backup master/repeater)
 +  * ''monitor'' (the node is not associated with any cell and passively monitor all packets on the frequency)
 +  * ''auto''
  
 ---- ----
Línea 176: Línea 187:
 **Target One Specific Network:** From the general sniff of all traffic you just did, copy the target BSSID and Channel number:  **Target One Specific Network:** From the general sniff of all traffic you just did, copy the target BSSID and Channel number: 
   * Run it without ''--write filename'' if you just want to see the network and clients on that network.   * Run it without ''--write filename'' if you just want to see the network and clients on that network.
 +  * You will see two sections: the top is the network, the bottom shows the clients ("stations") on the network.
  
 <code>airodump-ng --bssid XX:XX:XX:XX:XX:XX --channel X --write filename wlan0</code> <code>airodump-ng --bssid XX:XX:XX:XX:XX:XX --channel X --write filename wlan0</code>
Línea 194: Línea 206:
  
 <code> <code>
-aireplay-ng --deauth 10000000 -a XX:XX:XX:XX:XX:XX -c XX:XX:XX:XX:XX:XX wlan0+aireplay-ng --deauth=10000000 -a XX:XX:XX:XX:XX:XX -c XX:XX:XX:XX:XX:XX wlan0
 # program     repeat lots        MAC addr router      MAC addr client   wireless adpater # program     repeat lots        MAC addr router      MAC addr client   wireless adpater
 </code> </code>
  
 The ''-c'' argument is the MAC address of the client machine on the network you are deauthenticating. It is not the MAC address of your attack machine. The ''-c'' argument is the MAC address of the client machine on the network you are deauthenticating. It is not the MAC address of your attack machine.
 +  * Remember: to get a client MAC address, you run airodump-ng and specify the network in order to see all the clients. The clients show up in the second (lower) block of information, under STATION: 
  
-This still may fail unless you are also running ''airodump-ng'' against the target network.+<code>airodump-ng --bssid XX:XX:XX:XX:XX:XX --channel X wlan0</code> 
 + 
 +This still may fail unless you are also running ''airodump-ng'' against the target network (the command just above).
  
 ---- ----
Línea 262: Línea 277:
 ==== WPA & WPA2 ==== ==== WPA & WPA2 ====
  
-The only difference is the ecryption method: WPA uses TKIP WPA2 uses CCMP. The same methods will work with both WPA and WPA2.+The only difference is the ecryption method: WPA uses TKIP and WPA2 uses CCMP. The same methods will work with both WPA and WPA2.
  
 **Misconfiguration Exploit:** WPS (allows clients to connect without the password). **Misconfiguration Exploit:** WPS (allows clients to connect without the password).
Línea 271: Línea 286:
   * Check this first (since WPA/WPA2 are so difficult to crack).   * Check this first (since WPA/WPA2 are so difficult to crack).
  
-1. TOOL: ''wash'' (display all networks with WPS enable).+1. TOOL: ''wash'' (display all networks with WPS enable). You may need to put your wireless interface into auto mode instead of monitor mode.
  
-<code>wash --interface wlan0</code>+<code> 
 +wash --interface wlan0     # if this errors out, do the following... 
 +ifconfig wlan0 down        # or ifdown wlan0 
 +iwconfig wlan0 mode auto 
 +ifconfig wlan0 up          # or ifup wlan0 
 +wash --interface wlan0     # remember to change mode back to monitor for the hacks 
 +</code>
  
 2. Associate with the network (as above)... set this up but **//DO NOT RUN IT YET//**... 2. Associate with the network (as above)... set this up but **//DO NOT RUN IT YET//**...
hack.1587132625.txt.gz · Última modificación: por gregkedro