Traduction du tuto crack wep FR ==> EN, qui touche sa bille ? (Page 1) / De tout de rien / Forum d'entraide: tuto-fr.com

Annonce

Visitez la boutique Wifi-highpower.com, votre revendeur agr Alfa Network: du matriel Wifi slectionn, cartes Wifi USB Awus036h et Awus036nh, antennes omnis, yagis, panel, amplis wifi, accessoires...

#1 17-07-2006 17:01:30

Billyboylindien
Membre d'honneur
Inscription : 06-10-2005
Messages : 1 561
Site Web

Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

Suite à ce post http://forum.tuto-fr.com/viewtopic.php?id=759 et à divers mail, il m'a repris le gout de traduire le tuto d'aircrack, malheureusement, my english is very bad big_smile

Ainsi, si on taffait a plusieurs dessus, je pense qu'on pourrait traduire le tuto ensemble beaucoup mieux que je ne le ferais tout seul big_smile

Pourquoi pas ensuite empiler sur d'autre tutos mais la il faut bien dire que pour le moment c'est celui ci qui a le plus de succes et le plus de demandes :-)

Quand on sait que j'ai du traduire la doc de aircrack en fr et que maintenant les anglais demandent des tuto traduis ^^

Pour une fois que c'est pas l'inverse roll

Si ca vous tente, un petit reply et on s'organise tout ça.
(max 3 personnes car y'a pas autant de taff que ça wink )

++


Les cartes wifi recommandée et testées
Billyboylindien parle d'informatique (un peu wink ).

Proposez vous aussi vos tutos sur tout les sujets (web, prog, bricolage ...)

Hors Ligne

Annonce

Visitez la boutique Wifi-highpower.com, votre revendeur agr Alfa Network: du matriel Wifi slectionn, cartes Wifi USB Awus036h et Awus036nh, antennes omnis, yagis, panel, amplis wifi, accessoires...

#2 17-07-2006 22:13:12

ItIsHardToProgram
Membre
Inscription : 09-06-2006
Messages : 118

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

Je suis pratiquement parfaitement bilingue, et très compréhensible, et puisque ton tuto m'a aider a tester la sécurité du réseau du bureau à mon père, je serais grandement content de t'aider à traduire ce tuto....

bon pour ce qui est de travailler à plusieurs, ca me dérange pas, mais si personne se propose, je peux toujours le faire seul.

Hors Ligne

#3 17-07-2006 22:16:17

Billyboylindien
Membre d'honneur
Inscription : 06-10-2005
Messages : 1 561
Site Web

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

ItIsHardToProgram a écrit :

bon pour ce qui est de travailler à plusieurs, ca me dérange pas, mais si personne se propose, je peux toujours le faire seul.

Rha même si je suis une quiche je vais essayer au moin d'en faire un minimum wink

J'ai lu tes reponse en anglais, je pense que oui il n'y a pas de soucis big_smile
On va attendre de voir si d'autres se presentent et ensuite on rempile et a nous les joie de shakespeare wink

Je finis la mise en place de la v2 (enfin le debut) ce soir normalement.

++


Les cartes wifi recommandée et testées
Billyboylindien parle d'informatique (un peu wink ).

Proposez vous aussi vos tutos sur tout les sujets (web, prog, bricolage ...)

Hors Ligne

#4 17-07-2006 22:20:08

ItIsHardToProgram
Membre
Inscription : 09-06-2006
Messages : 118

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

parfait, je t'ai déjà communiqué mon email, via question sur ton blog, j'ai même déjà poster Julien Roy.... entk j'imagine que tu te rappelles, alors je vais attendre ton email..

Hors Ligne

#5 17-07-2006 22:22:16

ItIsHardToProgram
Membre
Inscription : 09-06-2006
Messages : 118

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

Bah, si tu pourrais faire la recherche pour les termes technique ca serait amplement suffisant, écrire soixante page en anglais, de phrases conventionnel se fait en 2 heure environ (sur l'ordinateur....) alors =/

p.s. je charge pas cher (250$/heure) big_smile:D:D:D:D

Hors Ligne

#6 17-07-2006 22:25:40

Billyboylindien
Membre d'honneur
Inscription : 06-10-2005
Messages : 1 561
Site Web

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

ItIsHardToProgram a écrit :

p.s. je charge pas cher (250$/heure) big_smile:D:D:D:D

Si tu plie tout en 2 min alor cava big_smile mais sinon je vais traduire à l'arrache big_smile


Les cartes wifi recommandée et testées
Billyboylindien parle d'informatique (un peu wink ).

Proposez vous aussi vos tutos sur tout les sujets (web, prog, bricolage ...)

Hors Ligne

#7 18-07-2006 14:47:23

ItIsHardToProgram
Membre
Inscription : 09-06-2006
Messages : 118

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

=] je vois que la v2 est en ligne, j'attend juste ton go =/

Hors Ligne

#8 18-07-2006 15:08:57

Billyboylindien
Membre d'honneur
Inscription : 06-10-2005
Messages : 1 561
Site Web

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

Go big_smile

La v2 est pas encor finie, il reste encor un sacré paquet de taff, mais tu peux attaqué si tu veux.

C'est super sympa a toi de le faire.
Si tu bloque sur des trucs, je ferais les recherches.

++


Les cartes wifi recommandée et testées
Billyboylindien parle d'informatique (un peu wink ).

Proposez vous aussi vos tutos sur tout les sujets (web, prog, bricolage ...)

Hors Ligne

#9 18-07-2006 21:26:25

ItIsHardToProgram
Membre
Inscription : 09-06-2006
Messages : 118

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

dacc je poste mes avancements sur ce thread, je vais commencer par traduire la première partie, tu me dis si ca te convient.

Hors Ligne

#10 18-07-2006 21:27:25

ItIsHardToProgram
Membre
Inscription : 09-06-2006
Messages : 118

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

ah ouai, je vais traduire le texte, mais inclure les graphiques etc..... ca =/ jva quand même mettre des indicateurs

Hors Ligne

#11 18-07-2006 21:41:40

ItIsHardToProgram
Membre
Inscription : 09-06-2006
Messages : 118

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

Puisque tu possèdes probablement PDF advance password recovery, tu crois que tu pourrais me trouver des mots de passe pour quelques fichier???

=] des services en amène d'autre....

j'.ai pas envi de payer 40$ pour ca...

Hors Ligne

#12 18-07-2006 21:58:57

Billyboylindien
Membre d'honneur
Inscription : 06-10-2005
Messages : 1 561
Site Web

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

Traduis juste le texte, prend toi pas la tete pour le reste.

Pas de soucis pour les pdf wink


Les cartes wifi recommandée et testées
Billyboylindien parle d'informatique (un peu wink ).

Proposez vous aussi vos tutos sur tout les sujets (web, prog, bricolage ...)

Hors Ligne

#13 18-07-2006 22:02:46

ItIsHardToProgram
Membre
Inscription : 09-06-2006
Messages : 118

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

Progression jusqu'à date:
In our ages, most of the providers (Free, alice, wanadoo) give out protection in there wifi modem (livebox, freebox, aol-box)
Unfortunately most of these wifi boxes apply WEP crypting by default if we activate the wireless.
It is likely known that this protection has passed deadline….. week and easily crackable.
A small hour is enough to crack a 128 bytes WEP key ( packets capture + crack) and barely more for a 256 bytes key with aircrack.

So I give to you a little tutorial that will help test out your wireless network, and most likely convince you to change to WPA crypting.



            Image + annonce + film



WARNING, YOU ARE ONLY ALOUD TO TEST OUT A NETWORK WITH THIS METHOD IF YOUR ARE THE OWNER OR IF YOU HAVE A PERMISSION OF THE OWNER.

HACKING IS CONSIDERED BREAKING A FEDERAL LAW AND THIS TUTORIAL IS NOT MEANT TO HELP OUT THESE PURPOSES, IT IS SIMPLY TO SENSIBILISE YOU TO THE WEEKNESS OF YOUR NETWORK.

I REMIND TO THE PEOPLE WHO STILL WANT TO CRACK THERE NEIHBOORS:
YOU NEED AN AUTHORIZATION TO CRACK HIS NETOWRK, OTHERWIZE YOU COULD BE CHARGED OR SENT TO JAIL.


    Jcrois que tu peux traduire le sommaire et annexe big_smile


        The tutorial


AIRCRACK :

To test the security of your network, we will need aircrack designed by Christophe Devine. This program works under windows and linux, but some of the functionality are not available under windows (packet injection for example) That is why we will use a linux bootable cd OS: Whax, this distribution is specialized in intrusion tests. Actually the troppix is more up to date talking about wifi drivers and there utilisation is exactly the same… (These distribution are oriented in WEP cracking, but ubuntu or any other would to the work)
But not all the cards are supported, basically it depends of the chipset, here is a list of cards and possibiltys (compatible):
Compatible card list for mode monitor + aircrack (lien)

This tutorial was realized with a D-link DWL-G650 (not G650 + !!!) , fortunately My neighbour had a livebox and autorized me to crack his WEP on his network.
He authorized it thinking I would not succeed.
It turned out he was wrong, it took me approximately 2 hours to crack it.

For private property reasons, all the names of the networks were masked except the ones from where the WEP was cracked, that was only partially hidden.
The BSSID addresses (mac addresses) also have been partially censured, I only shown the first part of the MACS which correspond to the builder of the card.

I REPEAT IF YOU TRY TO INVADE A NETWORK YOU NEED THE AUTHORIZATION FROM THE OWNER, OR YOU NEED TO BE THE OWNER

Whax:

Now we are getting serious.
So you can fully use your card we will use a live cd of linux (I don’t know anything about the penguin)

Get the WHAX distribution here:

Whax is a live Cd   == j’ai pas pris la peine de traduire la page d’explication, y se débrouilleront les anglais

Download WHAX:
Lien
lien

MAJ: there are new distributions of live cds specialized in monitoring wifi, like troppix and backtrack that are as good or even better. The functionality is basically identical.
Indeed they all include aircrack and airodump/aireplay.

Burn the distrib on a nice cd and put it aside for 2 seconds. On the side I suggest creating a FAT32 partition of 2 or 3 gigs.

The advantage of FAT32 is that it is readable by windows and linux.
That partition will be used to stock packets captured and the different files necessary to crack the key. That partition is not required, but it is recommended especially if you have low RAM capacity since the capture files would be stock in RAM (no partition).
Also when you have a FAT32 partition you can stop the computer and restart monitoring without losing anything.

WATCH OUT, YOUR PARTITION WILL NOT HAVE THE SAME NAME UNDER LINUX, SO PLACE A FILE THAT YOU WILL RECOGNIZED IN IT.

After booting on Whax you will end up on a login screen (for troppix you only need to chose video card + keyboard language + resolution)
The login is Root and the password is toor, to start the graphical interface, type startx ( you need to type stqrtx since the keyboard will be English, HELL if your reading this ur English =/ so if your stuck with a French keyboard, GET A CLUE

You will then end up on the Whax interface: image

On s’en fou du clavier francais

The interface is KDE so it is easy to get used to.

image

Then type in “airmon.sh” to detect the interfaces and select the one that you want to use with the command “airmon.sh start [ wifi interface ]”
(note that there are no brackets, all though there will be used throughout this whole tutorial)

Image

Here you can see that the card is correctly recognized and that the monitor modfe is directly activated. The monitor mode lets us capture packets transiting even the ones that aren’t directed to you. wink

And if you already use a linux distribution and you only need to install the aircrack suite:

Lien Download aircrack airodump, aireplay HERE

pour les pdfs, je te les envois via email.

Hors Ligne

#14 18-07-2006 22:06:12

Billyboylindien
Membre d'honneur
Inscription : 06-10-2005
Messages : 1 561
Site Web

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

Nikel, oafff ta pas trainé !!


Les cartes wifi recommandée et testées
Billyboylindien parle d'informatique (un peu wink ).

Proposez vous aussi vos tutos sur tout les sujets (web, prog, bricolage ...)

Hors Ligne

#15 18-07-2006 22:56:12

ItIsHardToProgram
Membre
Inscription : 09-06-2006
Messages : 118

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

Ma nouvelle progression:
2: AIRODUMP

Detailed use of airodump and linux (lien)

Now we will start to scan the wireless networks with airodump (part of the aircrack suite)

We type in the console: “airodump [interface name] [name of the output file] [channel to scan]

Image

To chose to scan all the channels type in 0

You can add the parameter 1 at the end, to modify the extension of the output file to .ivs rather then .cap, that advantage is that the file does not contain all the packets info but only the IVs, the size is more convenient.

You need to chose this method if you did not create a FAT32 partition, otherwise you  will have a crash!!!
If you created a FAT32 partition, you should prefer the *.cap

If you created a FAT32 partition you need to place yourself in that partition

Do “ cd .. ” to go back to the root. Then “ cd mnt ” to open the folder that corresponds to the “ my computer “ under windows.

For my part I type in “ cd .. “ then “cd mnt/hda6 “

We then find this once airodump lunched

Image

I am in a student residence so there are a lot of people.

The BSSID column corresponds to the Mac addresses of the access points (AP)
The ESSID colujmn corresponds to the name of the network (Wanadoo-xxxx,wifi-freebox)

The first part corresponds to the access points and the second part to the stations ( the computers that are logged in)

The column that interests us is the one that has IVs, those are the files that will allow us to crack the WEP keys.

Here the AP of my neighbour is the only one where the ESSID is not totally masked. For better performances in the capture of packets, we re lunch airodump chosing only the canal where the AP is (here is 10)

Airodump ath0 out 10

To stop the capture and enter commands do Ctrl + C
You are also obligated to stop the capture if you want to copy a mac address since the screen refreshes. To copy something simply select with the mouse and right click copy. Idem to paste or use Shift+insert.

For more details on airodump simply type in [airodump] in the console and the help will appear.

Image

There we have stations and one that is connected to the AP that interests us.
BINGO cause the access points have sometimes (and it’s the case of freeboxes) a mac filter called (mode association) and for aireplay we need that mac address, actually we are acting as if we were that computer to have the access to the AP.

As soon as we start getting IVs airodump tells us what type of crypting it is :WEP WPA or OPN.

Now we know that the crypting is WEP, that a station is presently logged, and there is traffic (350 packets for the station in not a lot of time) we are going to launch aireplay, a packet injector to accelerate the traffic and stimulate the IVs sent.

You need to know that to crack a WEP key of a wifi network, it is more convenient that there is a minimum of traffic. By experience the IVs capture is a lot faster, and also they need to be diversified since the crack will need less IVs’s. For example here there is traffic, but unfortunately there wasn’t any after so I had to capt a lot of IVs before finding the key.

3:// Aireplay

In detail in the aireplay manual lien

Just like airodump, aireplay is part of aircrack.

3.1:// Fake Authentication

See the FAQ aireplay -1

Annonce

To launch aireplay open another console in the same screen with the help of the little icon on top left. You can also rename it with a right click.

We launch aireplay once without worrying about the bssid of the station

Image

The parameters are:
“ aireplay -1 0 –e [ Essid ] -a [ Bssid of the AP] –b [ bssid of the AP] –h [ bssid of the station ] [ interface ]”

-1 0 corresponds to an attack by fake authentication, the zero is the delay that we authorize for the answer to come in. Here we can see that if we place a dummy mac address the AP refuses us, but if we put the BSSID that airodump gives us it works.

Image

Some of the AP don’t have any filtering of MAC addresses and you can put any MAC address. Once you have “ association successful “ it is a first victory, basically you are accepted by the access point wifi.

It is possible that if you don’t capt the signal (if the power is low ) that the authentication is successful and the association is not immediate.

Image

Here the example is small but you can easily have 40 lines :-S

Here is a small scheme that will show you the relations between the parameters of aireplay and the capture of airodump :

Image

The association is not really reliable and if it fails, you can still go through the next step.

3.2:// Packet Injection

in detail aireplay attack -3 (lien)

Once the association is good, we relaunch aireplay changing some of the parameters.

You need to change the first parameter by “-3” that corresponds to an attack by packet injection.

Then you need to add the parameter “-x” following a value that corresponds to the number of packets per seconds that aireplay will send. Here it is 600, Depending on the AP signal strength modify the parameter.

Also, following the capture file (airodump) add in the parameter –r. This parameter indicates in which file read to see if there are ARP’s inside. The ARPS are what will allow us to influence the traffic.

DON’T FORGET TO PLACE YOURSELF IN THE SAME DIRECTORY

To avoid to type it all, since the syntax is basically the same then the parameter -1 press the up arrow key to have what you have previously entered.

Image

Aireplay saves ARPS in a file that he makes every time it is launched.
It is underlined in the picture.
That file finds itself in the folder where you lauched aireplay

It is that file that you then put in the parameter –r if you got ARPS, the ARPS are obtained by reading the file indicated but also by listening the the network, like airodump does.

Here, we can see that we have an arp.  As soon as we get an ARP aireplay starts sending packets. And normaly if everything is going well, the IVS grow.

And it is the case, they are growing big_smile:

Image

At the sime time, the arps also go up:

Image

Au maximum aireplay garde 1024 ARP

To give you an idea of the speed for capting IVs’s I did some print full screen, look at the clock.

Lien 3 fois

4:// AIrcrack

in detail in the FAQ

Know that you need approximately 300k IVs for a 64 byte WEP key and about 1 mil for a 128 WEP key, it is pretty fast.

You should launch Aircrack once you have 300k and if you suppose that the key can be e64 bytes(you should know, its your network)

For that in the parameters of aircrack, you only need to add –n 64, and aircrack will try to crack the WEP key as if it was a 64 bytes WEP key, even if it is a 128 bytes key.

Personaly this tuto aimed a 128 bytes key (livebox) so I don’t send it with 64, But since I have approximately 700k ivs, I can start to launch aircrack while the capture of packets is still going on with airodump.

Open a new shell and launch aircrack.
Don’t forget to place yourself in the folder containing the files of airodump, if you have created a FAT32 partition

“aircrack –x -0 nameofthecapturefile”
The Parameter –x stops the bruteforcing of the last 2 bytes, it accelerates the crack (normally)
The parameter -0 puts aircrack in color and it’s the only thing it does, but MAN doesn’t it look cool when some ones cracking and you see the matrix like coding in his screen.

Finaly the last parameter is the name of the capture file of airoduimp, you can also use the syntax “ *.cap “ and “ *.ivs “ to open all the files .cap and .ivs.

Ce qui donnerais:

“aircrack –x -0 *.cap *.IVs “

image

once we have launched aircrack, it shows all the networks that it saw, the crypting, the number of IVs corresponding. You then only need to chose the right number and to launch aircrack

now it starts to crack the key:

image

Hors Ligne

#16 18-07-2006 22:57:15

ItIsHardToProgram
Membre
Inscription : 09-06-2006
Messages : 118

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

Bon je vais prendre une petite pause, question de jouer un peu a wc3 =/

et peut être d'appeller ma copine pour m'allumer un peu... je continuerai se soir ou demain, ca devrait être finit demain soir..... mais c'Est vrmt long =/

Hors Ligne

#17 18-07-2006 23:00:42

Billyboylindien
Membre d'honneur
Inscription : 06-10-2005
Messages : 1 561
Site Web

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

Oui moi deja à l'ecrire en français ...
En tout cas là, on voit vraiment le bilingue big_smile.

Bien vu.


Les cartes wifi recommandée et testées
Billyboylindien parle d'informatique (un peu wink ).

Proposez vous aussi vos tutos sur tout les sujets (web, prog, bricolage ...)

Hors Ligne

#18 19-07-2006 09:05:11

stouille
Membre
Lieu : Paris
Inscription : 06-07-2006
Messages : 78

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

Moi je dis BRAVO ItIsHardToProgram

Hors Ligne

#19 19-07-2006 14:38:17

ItIsHardToProgram
Membre
Inscription : 09-06-2006
Messages : 118

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

Bon voilà, c'est terminé, je l'ai envoyé en word a billyboy, donc il ne lui reste qu'a tout inséré dans un template, possiblement la page francaise, bon c'est certains que c'est une traduction littérale alors c sur qu'il y a des erreurs de grammaire (refaire toutes les phrases auraient été très long) mais j'ai pris la discretion d'en refaire quelques-unes alors voilà. P.S. merci stouille, mais ca ma fait plaisir, il m'a rendu un petit service (c'est sur que niveau temps c'est pas pareil big_smile:D:D) mais bon, tout de même il a quand même prit la peine d'écrire plusieurs tuto, s'il fallait qui le traduise en plus bon alors voilà ::::

FOR ALL THE ENGLISH FOOLS OUT THERE:

In our ages, most of the providers (Free, alice, wanadoo) give out protection in there wifi modem (livebox, freebox, aol-box)
Unfortunately most of these wifi boxes apply WEP crypting by default if we activate the wireless.
It is likely known that this protection has passed deadline….. week and easily crackable.
A small hour is enough to crack a 128 bytes WEP key ( packets capture + crack) and barely more for a 256 bytes key with aircrack.

So I give to you a little tutorial that will help test out your wireless network, and most likely convince you to change to WPA crypting.



            Image + annonce + film



WARNING, YOU ARE ONLY ALOUD TO TEST OUT A NETWORK WITH THIS METHOD IF YOUR ARE THE OWNER OR IF YOU HAVE A PERMISSION OF THE OWNER.

HACKING IS CONSIDERED BREAKING A FEDERAL LAW AND THIS TUTORIAL IS NOT MEANT TO HELP OUT THESE PURPOSES, IT IS SIMPLY TO SENSIBILISE YOU TO THE WEEKNESS OF YOUR NETWORK.

I REMIND TO THE PEOPLE WHO STILL WANT TO CRACK THERE NEIHBOORS:
YOU NEED AN AUTHORIZATION TO CRACK HIS NETOWRK, OTHERWIZE YOU COULD BE CHARGED OR SENT TO JAIL.


    Jcrois que tu peux traduire le sommaire et annexe big_smile


        The tutorial


AIRCRACK :

To test the security of your network, we will need aircrack designed by Christophe Devine. This program works under windows and linux, but some of the functionality are not available under windows (packet injection for example) That is why we will use a linux bootable cd OS: Whax, this distribution is specialized in intrusion tests. Actually the troppix is more up to date talking about wifi drivers and there utilisation is exactly the same… (These distribution are oriented in WEP cracking, but ubuntu or any other would to the work)
But not all the cards are supported, basically it depends of the chipset, here is a list of cards and possibiltys (compatible):
Compatible card list for mode monitor + aircrack (lien)

This tutorial was realized with a D-link DWL-G650 (not G650 + !!!) , fortunately My neighbour had a livebox and autorized me to crack his WEP on his network.
He authorized it thinking I would not succeed.
It turned out he was wrong, it took me approximately 2 hours to crack it.

For private property reasons, all the names of the networks were masked except the ones from where the WEP was cracked, that was only partially hidden.
The BSSID addresses (mac addresses) also have been partially censured, I only shown the first part of the MACS which correspond to the builder of the card.

I REPEAT IF YOU TRY TO INVADE A NETWORK YOU NEED THE AUTHORIZATION FROM THE OWNER, OR YOU NEED TO BE THE OWNER

Whax:

Now we are getting serious.
So you can fully use your card we will use a live cd of linux (I don’t know anything about the penguin)

Get the WHAX distribution here:

Whax is a live Cd   == j’ai pas pris la peine de traduire la page d’explication, y se débrouilleront les anglais

Download WHAX:
Lien
lien

MAJ: there are new distributions of live cds specialized in monitoring wifi, like troppix and backtrack that are as good or even better. The functionality is basically identical.
Indeed they all include aircrack and airodump/aireplay.

Burn the distrib on a nice cd and put it aside for 2 seconds. On the side I suggest creating a FAT32 partition of 2 or 3 gigs.

The advantage of FAT32 is that it is readable by windows and linux.
That partition will be used to stock packets captured and the different files necessary to crack the key. That partition is not required, but it is recommended especially if you have low RAM capacity since the capture files would be stock in RAM (no partition).
Also when you have a FAT32 partition you can stop the computer and restart monitoring without losing anything.

WATCH OUT, YOUR PARTITION WILL NOT HAVE THE SAME NAME UNDER LINUX, SO PLACE A FILE THAT YOU WILL RECOGNIZED IN IT.

After booting on Whax you will end up on a login screen (for troppix you only need to chose video card + keyboard language + resolution)
The login is Root and the password is toor, to start the graphical interface, type startx ( you need to type stqrtx since the keyboard will be English, HELL if your reading this ur English =/ so if your stuck with a French keyboard, GET A CLUE

You will then end up on the Whax interface: image

On s’en fou du clavier francais

The interface is KDE so it is easy to get used to.

image

Then type in “airmon.sh” to detect the interfaces and select the one that you want to use with the command “airmon.sh start [ wifi interface ]”
(note that there are no brackets, all though there will be used throughout this whole tutorial)

Image

Here you can see that the card is correctly recognized and that the monitor modfe is directly activated. The monitor mode lets us capture packets transiting even the ones that aren’t directed to you. wink

And if you already use a linux distribution and you only need to install the aircrack suite:

Lien Download aircrack airodump, aireplay HERE


2: AIRODUMP

Detailed use of airodump and linux (lien)

Now we will start to scan the wireless networks with airodump (part of the aircrack suite)

We type in the console: “airodump [interface name] [name of the output file] [channel to scan]

Image

To chose to scan all the channels type in 0

You can add the parameter 1 at the end, to modify the extension of the output file to .ivs rather then .cap, that advantage is that the file does not contain all the packets info but only the IVs, the size is more convenient.

You need to chose this method if you did not create a FAT32 partition, otherwise you  will have a crash!!!
If you created a FAT32 partition, you should prefer the *.cap

If you created a FAT32 partition you need to place yourself in that partition

Do “ cd .. ” to go back to the root. Then “ cd mnt ” to open the folder that corresponds to the “ my computer “ under windows.

For my part I type in “ cd .. “ then “cd mnt/hda6 “

We then find this once airodump lunched

Image

I am in a student residence so there are a lot of people.

The BSSID column corresponds to the Mac addresses of the access points (AP)
The ESSID colujmn corresponds to the name of the network (Wanadoo-xxxx,wifi-freebox)

The first part corresponds to the access points and the second part to the stations ( the computers that are logged in)

The column that interests us is the one that has IVs, those are the files that will allow us to crack the WEP keys.

Here the AP of my neighbour is the only one where the ESSID is not totally masked. For better performances in the capture of packets, we re lunch airodump chosing only the canal where the AP is (here is 10)

Airodump ath0 out 10

To stop the capture and enter commands do Ctrl + C
You are also obligated to stop the capture if you want to copy a mac address since the screen refreshes. To copy something simply select with the mouse and right click copy. Idem to paste or use Shift+insert.

For more details on airodump simply type in [airodump] in the console and the help will appear.

Image

There we have stations and one that is connected to the AP that interests us.
BINGO cause the access points have sometimes (and it’s the case of freeboxes) a mac filter called (mode association) and for aireplay we need that mac address, actually we are acting as if we were that computer to have the access to the AP.

As soon as we start getting IVs airodump tells us what type of crypting it is :WEP WPA or OPN.

Now we know that the crypting is WEP, that a station is presently logged, and there is traffic (350 packets for the station in not a lot of time) we are going to launch aireplay, a packet injector to accelerate the traffic and stimulate the IVs sent.

You need to know that to crack a WEP key of a wifi network, it is more convenient that there is a minimum of traffic. By experience the IVs capture is a lot faster, and also they need to be diversified since the crack will need less IVs’s. For example here there is traffic, but unfortunately there wasn’t any after so I had to capt a lot of IVs before finding the key.

3:// Aireplay

In detail in the aireplay manual lien

Just like airodump, aireplay is part of aircrack.

3.1:// Fake Authentication

See the FAQ aireplay -1

Annonce

To launch aireplay open another console in the same screen with the help of the little icon on top left. You can also rename it with a right click.

We launch aireplay once without worrying about the bssid of the station

Image

The parameters are:
“ aireplay -1 0 –e [ Essid ] -a [ Bssid of the AP] –b [ bssid of the AP] –h [ bssid of the station ] [ interface ]”

-1 0 corresponds to an attack by fake authentication, the zero is the delay that we authorize for the answer to come in. Here we can see that if we place a dummy mac address the AP refuses us, but if we put the BSSID that airodump gives us it works.

Image

Some of the AP don’t have any filtering of MAC addresses and you can put any MAC address. Once you have “ association successful “ it is a first victory, basically you are accepted by the access point wifi.

It is possible that if you don’t capt the signal (if the power is low ) that the authentication is successful and the association is not immediate.

Image

Here the example is small but you can easily have 40 lines :-S

Here is a small scheme that will show you the relations between the parameters of aireplay and the capture of airodump :

Image

The association is not really reliable and if it fails, you can still go through the next step.

3.2:// Packet Injection

in detail aireplay attack -3 (lien)

Once the association is good, we relaunch aireplay changing some of the parameters.

You need to change the first parameter by “-3” that corresponds to an attack by packet injection.

Then you need to add the parameter “-x” following a value that corresponds to the number of packets per seconds that aireplay will send. Here it is 600, Depending on the AP signal strength modify the parameter.

Also, following the capture file (airodump) add in the parameter –r. This parameter indicates in which file read to see if there are ARP’s inside. The ARPS are what will allow us to influence the traffic.

DON’T FORGET TO PLACE YOURSELF IN THE SAME DIRECTORY

To avoid to type it all, since the syntax is basically the same then the parameter -1 press the up arrow key to have what you have previously entered.

Image

Aireplay saves ARPS in a file that he makes every time it is launched.
It is underlined in the picture.
That file finds itself in the folder where you lauched aireplay

It is that file that you then put in the parameter –r if you got ARPS, the ARPS are obtained by reading the file indicated but also by listening the the network, like airodump does.

Here, we can see that we have an arp.  As soon as we get an ARP aireplay starts sending packets. And normaly if everything is going well, the IVS grow.

And it is the case, they are growing big_smile:

Image

At the sime time, the arps also go up:

Image

Au maximum aireplay garde 1024 ARP

To give you an idea of the speed for capting IVs’s I did some print full screen, look at the clock.

Lien 3 fois

4:// AIrcrack

in detail in the FAQ

Know that you need approximately 300k IVs for a 64 byte WEP key and about 1 mil for a 128 WEP key, it is pretty fast.

You should launch Aircrack once you have 300k and if you suppose that the key can be e64 bytes(you should know, its your network)

For that in the parameters of aircrack, you only need to add –n 64, and aircrack will try to crack the WEP key as if it was a 64 bytes WEP key, even if it is a 128 bytes key.

Personaly this tuto aimed a 128 bytes key (livebox) so I don’t send it with 64, But since I have approximately 700k ivs, I can start to launch aircrack while the capture of packets is still going on with airodump.

Open a new shell and launch aircrack.
Don’t forget to place yourself in the folder containing the files of airodump, if you have created a FAT32 partition

“aircrack –x -0 nameofthecapturefile”
The Parameter –x stops the bruteforcing of the last 2 bytes, it accelerates the crack (normally)
The parameter -0 puts aircrack in color and it’s the only thing it does, but MAN doesn’t it look cool when some ones cracking and you see the matrix like coding in his screen.

Finaly the last parameter is the name of the capture file of airoduimp, you can also use the syntax “ *.cap “ and “ *.ivs “ to open all the files .cap and .ivs.

Ce qui donnerais:

“aircrack –x -0 *.cap *.IVs “

image

once we have launched aircrack, it shows all the networks that it saw, the crypting, the number of IVs corresponding. You then only need to chose the right number and to launch aircrack

now it starts to crack the key:

image

The capture of airodump keeps going while the aircrack increments automatically all the new IVs and uses them to crack the key.

Now the only thing you need to do is let it run and the WEP key should show in red, if the crack works. Basically it works statically with a vote system counting the Ivs’s, more a byte has votes compared to the other bytes of the same row, more it has chances to be good.

Unfortunatly for me, the crack dint work even though I had more then enough IVs’s

I believe it is because there was barely any traffic, maybe even none.

Image

The only thing to do is get more IVs’s

When you recapture IVs’s, the best thing to do is to wait for the station, get new ARP’s and let Airodump run.

Personally I let airodump run and relaunched an aireplay removing the –r parameter so that it gets new ARP’s. So when the station reconnects new ARP’s are in movement and I capture them right away re injecting, it’s the best method.

If your not able to capture ARP let the capture run as long as possible and when a station is connected try an attack per desauthentication (lien) it should stimulate the ARP emission.
“ aireplay -0 + the usually ESSID and BSSID parameters ”

So I left and when I came back I had around 2.6 mil IVs’s, more then enough.

Relaunching aircrack:
Image

BINGO!!!!

We can see that comparing the 2 images the one where the attack failed and the one where it worked, we find basically the same numbers, which means we only needed new IVs’s.
If it would not work, play with the fudge factor of aircrack adding a –f parameter “-f number between 2 and 10”

Example:
“ aircrack –x -0 *.cap *.ivs –f 4”

by default the fudge factor is set to 2

aircrack uses 17 types of attacks created by Korek
You can chose to disable one of them after another if you have a lot of IVs’s but the crack fails
Example:
Aircrack –x -0 *.cap *.ivs –k 4

We can of course combine with the fudge factor

If you ever have more then 3 mil IVs’s that you capture with a lot of traffic and the attack still fails there could be many reasons:
-The network changed key, but you should know since you’re the owner.
-The file of capture is corrupted
-Your not too lucky…..

5: connection configuration

Now it is great that you have a key, so WRITE IT DOWN 12 TIMES ON A PIECE OF PAPER.

Don,t mistake 0 (zeros) for o (O’s) the only possibility are 0 to 9 and A to F since it is hexadecimal.

Now that we have the WEP key, the only thing missing is the networks (Plan adressage) --- jsais pas trop=====    Howeever it is usually useless since most of the networks uses dhcp, it means an automatic IP: Your connected to an access point and we give you an IP.

You can so try to connect with windows (watch out you need to remove the “ : “ between the parts of the key and if there is a MAC filter, you need to Change your mac address under window (lien) or with Whax that has a module of connection.

With Whax:

To use you first need to pass your card to mode managed, for that:
Iwconfig ath0 mode managed

And if you wish to go back to monitoring for more capture, you only need to type in
Iwconfig ath0 mode monitor

If the ap has a mac address change it  with the MAC address of a station that was connected.

Then to open the assistant go to start menu then chose whax tool/wireless/wireless assistant and configure your network. (if dhcp dosnt work try under windows or go lower to find the address of the network (lien))

You can always test with a command like ping www.google.fr

5.2:// in a shell:

if you are doing it with whax you can do it in the shell mode.

All the parameters of the configuration appear when typing iwconfig ath0

Image image + code + image (jsuis paresseux)


You can easily combine parameters


Change your MAC adress

If the AP applys a filter of MAC change your adress and replace it (ok ca fait deux fois) =/

First you need to shut down the wifi
Then you change it with ifconfig ath0 hw ether: XX:XX:XX:XX:XX:XX

Last step of the activation
Dhcp ath0

If you have a return of the shell, it works, if it dosnt work try under windows or find the network address.

Under windows

If you need to change your MAC address then go to start/control panel/performance and maintenance/système “ sais pas trop”

Chose the category network cards, chose your card and right click properties. Chose the advance label and you need a category “adresse MAC” or equivalent. Chose Administer locally and put a value in the box.

You can also use etherchange a small DOS program for windows that does this for you.

Download etherchange

Launch it and chose the interface which you wish to change the physicial address and enter the mac address that you want to replace with.



Find the network address

If the network dosnt have a Dhcp or if it isn’t activated, you need to find the plan of address, in most cases it Is 192.168.1.xxx with the access point 192.168.1.1 and the mask under 255.255.255.0

However there is a fast and easy way to find the ip of the access point with ethereal, a network sniffer.

You need the WEP key to find the IP

Launch ethereal

Configure ethereal to decrypt packets with the WEP key you just found, otherwise you won’t get IP’s.

Do edit, preferences, protocols, ieee 802.11

Configure the wep key, remember to select “assume packets have FCS”

Des directives pas besoins de traduction  + image image image
To find only the ones that interest you apply a filter in the filter label
A type of filter “(wlan.bssid == bssid of the AP) && (TCP) works great

Actually you chose to see only to see the packets sent by TCP and the bssid is the one specified

Image

Bigon we found the IP

If you let it run a bit you will confirm the IP and maybe get more info

For example we see that my neighbour is using emule
There the work is done, you have the address of the network, the wep key, the mac of the station, only thing you need is to connect (all that for that)
If encountering any problem, the support forum is there to help you… still read the tuto

Annexes:

Example of an OPN network


Packet injection under windows

There are different software to inject packets under win32

For the ather0s chipset, download commView for wifi

For the prism chipset:

Download airgobbler packet generator or on the editor site here.


FAQ traduction:

The traduction of the documentation of aircrack was realized by myself (from English to French back to English), so there might be A LOT of grammar errors

Files:

(pense pas t’as besoins de moi pour le reste)


gracieuseté de moi-même =/

Hors Ligne

#20 19-07-2006 19:30:09

Billyboylindien
Membre d'honneur
Inscription : 06-10-2005
Messages : 1 561
Site Web

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

Je le met en ligne sans tarder , sous tres peu wink

Tres tres bon taff, merci encor.

On se chope sur msn wink

++


Les cartes wifi recommandée et testées
Billyboylindien parle d'informatique (un peu wink ).

Proposez vous aussi vos tutos sur tout les sujets (web, prog, bricolage ...)

Hors Ligne

#21 20-07-2006 01:03:16

Billyboylindien
Membre d'honneur
Inscription : 06-10-2005
Messages : 1 561
Site Web

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

Et voici voila smile
http://www.tuto-fr.com/en/tutorial/tuto … rcrack.php

Encor un grand merci a ItIsHardToProgram


Les cartes wifi recommandée et testées
Billyboylindien parle d'informatique (un peu wink ).

Proposez vous aussi vos tutos sur tout les sujets (web, prog, bricolage ...)

Hors Ligne

#22 20-07-2006 15:53:58

ItIsHardToProgram
Membre
Inscription : 09-06-2006
Messages : 118

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

WARNING, YOU ARE ONLY ALOUD TO TEST OUT A NETWORK WITH THIS METHOD IF YOUR ARE THE OWNER OR IF YOU HAVE A PERMISSION OF THE OWNER. HACKING IS CONSIDERED BREAKING A FEDERAL LAW AND THIS TUTORIAL IS NOT MEANT TO HELP OUT THESE PURPOSES, IT IS SIMPLY TO SENSIBILISE YOU TO THE WEEKNESS OF YOUR NETWORK. I REMIND TO THE PEOPLE WHO STILL WANT TO CRACK THEIR NEIHBOORS: YOU NEED AN AUTHORIZATION TO CRACK HIS NETOWRK, OTHERWIZE YOU COULD BE CHARGED OR SENT TO JAIL.

une petite erreur big_smile

Hors Ligne

#23 21-07-2006 13:33:37

zac
Membre d'honneur
Inscription : 22-06-2006
Messages : 678

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

En même temps c'est pas très grave smile

Je dois avouer, bon taff monsieurs l'anglais :p

Hors Ligne

#24 21-07-2006 15:32:57

ItIsHardToProgram
Membre
Inscription : 09-06-2006
Messages : 118

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

Je suis pas anglais.....:|

Merci big_smile

Hors Ligne

#25 21-07-2006 16:31:18

wxcvbn
Membre d'honneur
Inscription : 28-02-2006
Messages : 1 139

Re : Traduction du tuto crack wep FR ==> EN, qui touche sa bille ?

ItIsHardToProgram a écrit :

WARNING, YOU ARE ONLY ALOUD TO TEST OUT A NETWORK WITH THIS METHOD IF YOUR ARE THE OWNER OR IF YOU HAVE A PERMISSION OF THE OWNER. HACKING IS CONSIDERED BREAKING A FEDERAL LAW AND THIS TUTORIAL IS NOT MEANT TO HELP OUT THESE PURPOSES, IT IS SIMPLY TO SENSIBILISE YOU TO THE WEEKNESS OF YOUR NETWORK. I REMIND TO THE PEOPLE WHO STILL WANT TO CRACK THEIR NEIHBOORS: YOU NEED AN AUTHORIZATION TO CRACK HIS NETOWRK, OTHERWIZE YOU COULD BE CHARGED OR SENT TO JAIL.

une petite erreur big_smile

C'est pas plutot là l'erreur ?

Hors Ligne

Annonce

Visitez la boutique Wifi-highpower.com, votre revendeur agr Alfa Network: du matriel Wifi slectionn, cartes Wifi USB Awus036h et Awus036nh, antennes omnis, yagis, panel, amplis wifi, accessoires...

Sujets similaires

Discussion Réponses Vues Dernier message
0 1830 22-06-2016 17:06:21 par ActionGraph
1 684 20-03-2016 21:26:05 par M1ck3y
Épinglée :
3 1680 20-10-2014 17:46:02 par M1ck3y
0 16512 06-10-2013 17:34:38 par Elios
0 1184 06-10-2013 17:32:36 par Elios