Do you think you're safe if you type https :// before gmail.com or paypal.com? I hope you'll think twice before you login from a computer connected to a wireless network after reading this guide. Let's start at the beginning. Let's say you have an evil neighbour who wants your paypal credentials. He buys himself a nice laptop with a wireless card and, if you are using a wep encryption, he cracks your wep code (click here to see how). After cracking the key he logs into your network. Maybe you always allowed him to use your network because you thought it can't do any harm to your computer. You aren't sharing any folders so what's the problem? Well, in the next few steps I'm going to describe the problem.
Guide
1. Let's assume your neighbour uses linux to crack your wep key. After cracking it, he installs ettercap (http://ettercap.sourceforge.net/) on his linux system. If you want to do this at home, I would recommend you to download BackTrack because it already has everything installed. If you want to install it on your own linux distribution, download the source and install it with the following commands:
2. After installing, you need to uncomment some code to enable SSL dissection. Open up a terminal window and type “nano /usr/local/etc/etter.conf”, without the quotes. Scroll down using your arrow keys until you find this piece of code:
if you use iptables:
You need to uncomment the last two lines.
3. Press CTRL+O, press enter to safe the file and then press CTRL+X.
4. Start Ettercap and click on Sniff > Unified Sniffing > type in your wireless interface and press ok.
5. Press CTRL+S to scan for hosts
6. Go to MITM > ARP poisoning, select sniff remote connections and press ok.
7. Now you (and your neighbour!) can start sniffing! Press start > start sniffing. Walk to another computer on your network and open up paypal or any other site where you need to type in an username/password (gmail, hotmail, digg.com, etc.). All credentials will appear on the computer running Ettercap!
8. When you're done, don't just close Ettercap, but go to Start > Stop Sniffing, and then go to MITM > Stop mitm attack(s).
But how does all this stuff work?
Look at the following scheme:
Normally when you type in a password, host 1 (your computer) directly connects to host 2 (your modem or router). But if someone launced Ettercap on your network, host 1 isn't sending it's passwords to host 2, but to the Attacking host, the host that's running Ettercap! The attacking host sends everything to Host 2. This means that host 1 isn't noticing anything! Exactly the same happens with everything that host 2 is sending. Host 2 doesn't send packets directly to host 1, but forst to the attacking host.
Summary only...
(3) Comments!
Any sort of suggestion for improvement is welcome. Aim is to keep this HOWTO as simple & comprehensive as possible as I believe the brevity is the soul of wit. Also note that you need formal permission from the owner of any wireless network you wish to audit. Under no circumstances must you compromise a network's security prior to obtaining approval from the owner of the network.
GENERAL INFORMATION:
Generally speaking there are 3 types of attacks:
HARDWARE:
I assume that you have successfully patched the driver for your wireless adapter (e.g. Ralink chipset), so I won't go into this. I have tested packet injection and decryption with:
PREREQUISITES:
1. This HOWTO was written for Aircrack-NG v0.9.1 & Aircrack-PTW v1.0.0 on Kubuntu Feisty Fawn 7.04 (32-bit).
2. '00:09:6B:D7:33:A9 is the MAC address of my network, so you need to replace it with your own.
3. '00:00:00:00:00:00' is the MAC address of the target client, NOT that of your own wireless card.
COMMAND LINE:
Please make sure that you stick to the exact sequence of actions (pay attention to #3 in particular as #4 won't yield any results if you skip it).
This is a summary based on information given here and there, respectively:
Credit to http://www.ubuntu-unleashed.com/search/label/Wifi%20Hacking
Guide
1. Let's assume your neighbour uses linux to crack your wep key. After cracking it, he installs ettercap (http://ettercap.sourceforge.net/) on his linux system. If you want to do this at home, I would recommend you to download BackTrack because it already has everything installed. If you want to install it on your own linux distribution, download the source and install it with the following commands:
$ tar -xzvf ettercap-version.tar.gz
$ make
$ make install
To install in Ubuntu simply click here within firefox or:
sudo apt-get install ettercap-gtk
2. After installing, you need to uncomment some code to enable SSL dissection. Open up a terminal window and type “nano /usr/local/etc/etter.conf”, without the quotes. Scroll down using your arrow keys until you find this piece of code:
if you use iptables:
# redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp -dport %port -j REDIRECT -to-port %rport”
# redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp -dport %port -j REDIRECT -to-port %rport”
You need to uncomment the last two lines.
redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp -dport %port -j REDIRECT -to-port %rport”
redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp -dport %port -j REDIRECT -to-port %rport”
3. Press CTRL+O, press enter to safe the file and then press CTRL+X.
4. Start Ettercap and click on Sniff > Unified Sniffing > type in your wireless interface and press ok.
5. Press CTRL+S to scan for hosts
6. Go to MITM > ARP poisoning, select sniff remote connections and press ok.
7. Now you (and your neighbour!) can start sniffing! Press start > start sniffing. Walk to another computer on your network and open up paypal or any other site where you need to type in an username/password (gmail, hotmail, digg.com, etc.). All credentials will appear on the computer running Ettercap!
8. When you're done, don't just close Ettercap, but go to Start > Stop Sniffing, and then go to MITM > Stop mitm attack(s).
But how does all this stuff work?
Look at the following scheme:
Normally when you type in a password, host 1 (your computer) directly connects to host 2 (your modem or router). But if someone launced Ettercap on your network, host 1 isn't sending it's passwords to host 2, but to the Attacking host, the host that's running Ettercap! The attacking host sends everything to Host 2. This means that host 1 isn't noticing anything! Exactly the same happens with everything that host 2 is sending. Host 2 doesn't send packets directly to host 1, but forst to the attacking host.
Summary only...
Howto: Aircrack-NG Quick And Simple Guide
This HOWTO is widely based on Aircrack's own documentation. In addition you'll find the latest version of "Aircrack Next Generation" here and Aircrack-PTW here.Any sort of suggestion for improvement is welcome. Aim is to keep this HOWTO as simple & comprehensive as possible as I believe the brevity is the soul of wit. Also note that you need formal permission from the owner of any wireless network you wish to audit. Under no circumstances must you compromise a network's security prior to obtaining approval from the owner of the network.
GENERAL INFORMATION:
Generally speaking there are 3 types of attacks:
1. Brute force attackBy exploiting several security weaknesses of the WEP protocol Aircrack NG makes use of a statistical method to recover WEP keys. Provided that you have collected a sufficient number of IVs (= Initialization Vectors) and depending on the length of the encryption key, determining the actual WEP key will take less than a minute on a common PC.
2. Dictionary attack
3. Statistical attack
HARDWARE:
I assume that you have successfully patched the driver for your wireless adapter (e.g. Ralink chipset), so I won't go into this. I have tested packet injection and decryption with:
1. Intel® PRO/Wireless 2200BG (IPW2200)I recommend "Linksys WUSB54G V4.0" as it has a decent reception and reasonable performance. If you need help patching & compiling from source, feel free to post your problems here as well.
2. Linksys WUSB54G V4.0 (RT2570)
PREREQUISITES:
1. This HOWTO was written for Aircrack-NG v0.9.1 & Aircrack-PTW v1.0.0 on Kubuntu Feisty Fawn 7.04 (32-bit).
2. '00:09:6B:D7:33:A9 is the MAC address of my network, so you need to replace it with your own.
3. '00:00:00:00:00:00' is the MAC address of the target client, NOT that of your own wireless card.
COMMAND LINE:
Please make sure that you stick to the exact sequence of actions (pay attention to #3 in particular as #4 won't yield any results if you skip it).
- 1. Enable monitoring with "airmon-ng" (screenshot #1):
Quote:sudo airmon-ng start
- 2. Packet capturing with "airodump-ng" (screenshot #2):
Alternatively, try this (to collect data from target network only and hence increase performance):Quote:sudo airodump-ng --channel --write
NOTE:Quote:sudo airodump-ng --channel --bssid 00:09:5B:D7:43:A8 --write
--channel... Select preferred channel; optional, however, channel hopping severely impacts and thus slows down collection process.
--bssid... MAC address of target access point; optional, however, specifying access point will improve performance of collection process.
--write... Preferred file name; mandatory field (in our case).
- 3. Deauthentication with "aireplay-ng" (screenshot #3):
NOTE:Quote:sudo aireplay-ng -0 5 -a 00:09:5B:D7:43:A8 -c 00:00:00:00:00:00
-0... Number of deauthentication attempts.
-a... MAC address of target access point.
-c... Client MAC address.
- 4. Packet Re-injection with "aireplay-ng" (screenshot #4):
You'll now see the number of data packets shooting up in 'airodump-ng'. This process can take up to five minutes before you start receiving any ARP requests. So be a little patient at this point.Quote:sudo aireplay-ng -3 -b 00:09:5B:D7:43:A8 -h 00:00:00:00:00:00
NOTE:
-3... Standard ARP-request replay.
-b... MAC address of target access point.
-h... Client MAC address.
- 5. Decryption with "aircrack-ng" & "aircrack-ptw" (screenshot #5):
Aircrack-ng:
Aircrack-PTW:Quote:sudo aircrack-ng .cap
Quote:./aircrack-ptw .cap
This is a summary based on information given here and there, respectively:
Aircrack-NG:
64-bit key: ~250,000 packets
128-bit key: ~1,500,000 packets
Aircrack-PTW:
64-bit key: ~20,000 packets [estimate]
128-bit key: ~85,000 packets
Credit to http://www.ubuntu-unleashed.com/search/label/Wifi%20Hacking
When on any kind of abusive materials within the system should
ReplyDeletebe directly consumed by humans. good cleanse diet diets though
are not for all and it is vitally important for us human to help us sleep,
too. Especially from you kidneys, liver and the digestive
system. Really make an effort to do this on a weekendbecause you
will be able to Good Cleanse Dietify the body. Continue this for the
stipulated period three to 10 days.
my website :: site