Tool wireles
NetStumbler
Netstumbler is known as a Network Stumbleris tool acilitates detecting use of Wireless Lans Wireless 802.11b, 802.11a and 802.11g WLAN standards that are running on the operating system from Microsoft Win98 - Win Vista, there is also another version called Mini Stumbler is Anothere operating system Windows CE. For tool "that can be in the small handheld.
You can get it here
Aircrack
Fastest for the WEP / WPA cracking tool
Aircrack is a tool suite for 802.11a/b/g WEP and WPA cracking. This can be done in 40 to 512-bit WEP password is encrypted and only once the package has been collected. Aircrack can also attack WPA 1 or 2 networks using advanced cryptographic methods or abusive force. Suite that includes airodump (an 802.11 packet taker program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP / WPA for the authority file).
You can get here Aircrack
Airsnort
802.11 WEP Encryption Cracking Tool
AirSnort is a wireless LAN (WLAN) tool which is used for encryption merecover password. It was developed by the shmoo group passive and operated by monitoring the transmission, computing the encryption password will be made if the package has been collected. You may also be interested in. Airsnort this.
You can get here AirSnort
Cowpatty
Cowpatty this is a good tool to force cracking WPA-PSK, considered the "New WEP" for Wireless Home Security. This program is only to try a bunch of different options from the dictionary file to see and find what is defined as the Pre-Shared Key.
You can get here Cowpatty
Asleap
This tool is very good when using the network Leap. This tool can be used to collect data through authentication is in the network, and this can be sniffed at so that it can crack. Leap does not protect the authentication like other "real" EAP, which is the main reason why Leap can be easily damaged.
You can get here Leap
Ethereal
Ethereal is used by all the world by both Wind0s and opensource operating system, which is used for troubleshooting, analysis, software and protocol development, and education. Has all the standard features that will be expected in the analysis protocol, and several features not seen in every product. Open source license allows the addition of enhancements for those of you that have the expertise. Good luk!!try it..!!
You can download here Ethereal
NetStumbler
Netstumbler is known as a Network Stumbleris tool acilitates detecting use of Wireless Lans Wireless 802.11b, 802.11a and 802.11g WLAN standards that are running on the operating system from Microsoft Win98 - Win Vista, there is also another version called Mini Stumbler is Anothere operating system Windows CE. For tool "that can be in the small handheld.
You can get it here
Aircrack
Fastest for the WEP / WPA cracking tool
Aircrack is a tool suite for 802.11a/b/g WEP and WPA cracking. This can be done in 40 to 512-bit WEP password is encrypted and only once the package has been collected. Aircrack can also attack WPA 1 or 2 networks using advanced cryptographic methods or abusive force. Suite that includes airodump (an 802.11 packet taker program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP / WPA for the authority file).
You can get here Aircrack
Airsnort
802.11 WEP Encryption Cracking Tool
AirSnort is a wireless LAN (WLAN) tool which is used for encryption merecover password. It was developed by the shmoo group passive and operated by monitoring the transmission, computing the encryption password will be made if the package has been collected. You may also be interested in. Airsnort this.
You can get here AirSnort
Cowpatty
Cowpatty this is a good tool to force cracking WPA-PSK, considered the "New WEP" for Wireless Home Security. This program is only to try a bunch of different options from the dictionary file to see and find what is defined as the Pre-Shared Key.
You can get here Cowpatty
Asleap
This tool is very good when using the network Leap. This tool can be used to collect data through authentication is in the network, and this can be sniffed at so that it can crack. Leap does not protect the authentication like other "real" EAP, which is the main reason why Leap can be easily damaged.
You can get here Leap
Ethereal
Ethereal is used by all the world by both Wind0s and opensource operating system, which is used for troubleshooting, analysis, software and protocol development, and education. Has all the standard features that will be expected in the analysis protocol, and several features not seen in every product. Open source license allows the addition of enhancements for those of you that have the expertise. Good luk!!try it..!!
You can download here Ethereal
Yang lainnya:
AiO Wireless Hack Tools 2009:
• NetStumbler 0.4.0
• Kismet 2005 08 R
• Wellenreiter v1.9
• WEP Crack 0.1.0
• Airsnort 0.2.7e
• Wepwedgie 0.1.0 alpha
• Hotspotter 0.4
Information File:
Name: AIO Wireless Hack Tools 2009 Full
Size: 8,1 MB (recovery register 1%)
Language: English
Support Platform: Linux, Windows.
Format: RAR
Downloadfile :
DL Link:
http://rapidshare.com/files/151930205/AIO_WHT2009_-_ErFeX__AiO.ProgramasFull.CoM.rar/
WIRELESS HACKING TUTORIAL
WEP is the wired equivalent privacy. This is the encryption standard for wireless until now. Many people do not even use WEP security because of the weak, troublesome, or WEP is pointless, because it can dicrack, although usually take a while to get enough data to get a WEP password, especially a very long password.Consists of the WEP password and secret encryption. Password secret, shared between access point and all the people in the wireless network, consisting of 5 or 13 characters. Used by the encryption process for the communication package disamarkan throughout the WLAN, or Wireless Local Area Network. All packages are unique and random, so if someone make a crack in one package key, they can not see what the others do without cracking on them also.
This is all done using the secret password together with the three characters (the initialization Vector, or IV) is selected randomly by the wireless device. For example, if your password is "hello", may make "abchello" to a package, and "xyzhello" for the other.
WEP also uses XOR, or Exclusive OR, for encryption. XOR compares two bits, and if theyre different, it will return 1. If not, it will return 0. For example, 1 XOR 1 akan 0, and 1 XOR 0 akan 1.
Array is a variable that can store multiple values. For example, an array of ABC [26] will hold the value of 26, labeled 0 through 25.
Example:
alphabet [0] = 'A';
alphabet [1] = 'B';
void swap (char & first, char & second)
(
char temp = first;
first = second;
second = temp;
)
swap (alphabet [0], alphabet [1]);
If the values array randomely have swapped many times, it may not be sent to the array element that holds the value.
The actual algorithm used by WEP to encrypt the packet is RC4. RC4 consists of two steps: the password and Scheduling Algorithm Pseudo Random Generation Algorithm. The first part, the scheduling algorithms password, or KSA, as this code in C, assuming k [] is an array of secret password:
int n = 256;
char s [n];
/ / Initialization
for (int i = 0; i <= (n - 1); i + +) s [i] = i; int j = 0; / / scrambling for (int l = 0; l <= (n - 1); l + + ) (j + = s [l] + k [l]; swap (s [l], s [j]);)
Let's study the code at the top until we know that:
1. Integer 'n' determines how the encryption kuay we make. Here using the WEP 256.
2. An array of character 'k' is the secret password in combination with the three characters false. This does not change at all in this program.
3. The '/ / initialisation' is only an initialization, as much as the characters 0-255.
4. Integer 'j' is used to hold the value for scrambling. Always diinisialisasi to 0, because it must always start at 0.
5. Next, (where '/ / scrambling') started the process of scrambling. Basically akan produce 's' is an array of "random" from the previous' s' specified array.
6. In the loop, which merges their password the first (k) with a random array (s) to create a finished character. Then, the call to swap () to put in an array of characters is completed.
Now it's time for the second algorithm of RC4, the Pseudo Random Generation Algorithm (PRGA). This section is based on the output stream password KSA's pseudo-random array. This key stream will be merged with the cleartext data to create data that is encrypted.
int i = 0;
int j = 0;
int z;
while (data_was here)
(
i + +;
j + = s [i];
swap (s [i], s [j]);
z = s [s [i] + s [j]];
/ / Z is outputted here
/ / And then XOR'd with cleartext
)
1. Integers' i 'and' j 'have been declared and diinisialisasi to 0.
2. There is a loop that runs until the end of the data packet is reached.
3. 'I' is incremented in each iteration of the loop so it stays running.
4. 'A' holds a pseudo-random number.
5. The other for the swap () is active in the character s [i] and s [j].
6. 'Z' is calculated by adding the s [i] and s [j] and take the appropriate number of elements in them. The reason for this will be explained later.
7. 'Z' is XOR'd with the cleartext to create a new text is encrypted.
CRC cyclic redundancy checksum stands for. When packages are sent to the entire network, there must be a way to know the host to receive the package has not been damaged in any way. This is the goal of the CRC. Before data is sent, the CRC value, or checksum, for the package to be sent with the package. If accepted, the new target host from using the CRC checksum. If the CRCs match, the packet's credibility has been confirmed.
Summarily. Access Point to create pseudo-random characters. They are joined by sharing prechosen password to create a secret password. KSA password and then use this to make pseudo-random array, used by the PRGA to create a streaming key. Password is then XOR with the cleartext to create the encrypted data, and entered into the CRC and make checksumnya.
Then, for receiving host decrypts. Characters added by the AP will be deleted and merged with the key to be sent back with the password secret. Password entry through the entire process of RC4, and XOR'd with the encrypted text, and create a cleartext checksum. Checksum will be deleted and then made a comparison to see if the data safe, and whether this is a genuine user.
Part II: Cracking WEP
Before we enter WEP cracking, let us study some flaws in the encryption process:
* There is 5% chance that the value in s [0]-s [3] will not change after three Iterations by KSA.
* The first value in the data is encrypted SNAP, which 0xAA, 10 or 170 basis. Sniffing the first byte of the encrypted text and XOR-ing with the 170 will output the first byte of the PRGA.
* A particular format of bytes given by the AP shows that he is weak and easy to crack. This format (B + 3, 255, X), where B is a byte from the password secret. Where X can be any value.
We will now talk about KSA. Let's set some variables for the "test":
* The character code is taken from the AP is 3255.7. We sniffed it from the air. We will use the test results have shown that the code is very weak.
* Shared Password is 22222. In practice, you will not know this.
* N is 256.
* If there is a value above 256, modulo operation will be performed on it. That is the value generated will be used.
* Array 's' has been ascertained, with the value 0-255.
Open the program Kismet. Kismet is a wireless scanner for Linux is free. When you open it, you'll see a list of WLAN within range. Select one and make a note of the four following details (note that the target computer obtained from each host on the WLAN):
* AP MAC Address
* MAC Address target computer.
* WEP - Key used
* Wi-Fi-channel used
Aircrack open and you will start capturing packets. You will also catch the IVs. But this takes a long time. He can even take several hours or days to capture the number of IVs to crack WEP password.
Fortunately, we can faster. For example, if a WLAN is very busy, it will be more traffic packages IVs, IVs so easily taken. If we continue to ping the network, will result in more packet data.
ping-l 50000-t ip_address
So what to do now? We have less data, but we must get the WEP password here. It's time to get void11. Void11 in the AP deauthenticate host to all who were there. Cutting off all made to the host. The first thing done in this case is automaticall who will try to reconnect the connection to the AP.
However, there is another technique called a replay attack. This captures a packet from a host on the WLAN, and then make spoofs host and repeat the packet over and over, hold back. Generate traffic data package which is very large. The best of this program is airreplay. This is used for what void11.
Open airodump. Now, thank you to the Replay Attack. IV running around 200 per second. Wow! You may get all the packages that are required within 10 minutes. All IVs are written into the file that will be taken. Then open aircrack. Aircrack will read all of the IVs in the capture of the file, and perform statistical analysis on the files page. Then, he will try to brute force a file that exists. After the find password, password will be given to you.
.. Finally: You have to get the password
No comments:
Post a Comment
ur comment..