Professional Documents
Culture Documents
א
א א
א
BrokeN-ProXy
####################### Br0ken r0x######################
# Lesson : Howto Hacking Wireless Networks step by step #
# Author: BrokeN-ProXy #
# Page: www.3asfh.net & www.sniper-sa.com #
# Contact Me 0nly email: br0ken.rlz@gmail.com #
# Msn Messenger : broken-proxy@hotmail.com #
####################### r0x just do it ############### #####
Hacking
Wireless Networks
2
http://www.t0010.com ا رق ا
و
W9:;<)א:+<=אא
http://www.3asfh.net/vb/ %&*)('א
http://www.sniper-sa.com/forums/ +&א,%**)('א
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
+=אא/8?א*@א
!"#$א א
T0010.COM
##-א./א0*123(45##
http://www.t0010.com/books/index.php
8!"#$א+א67
--------------------------------------------------------------
aLT3rEQ$Hacker
---------------------------------------------------------------
: ',-+ '()*+
قIـK 0ـ,K L+0ـMNار ا6FG اAdobe Reader /+0123 ام6789 ا:;<= >?@
ار6ـF إ2ـT] O;ـ,P8Nب و0ـ8SN اOTا63 دةIWI,N اX3وا2N ا:Y+ O,YZ [SN
: [N08N اX3ا2N اa<= 'آ2dN اefI+ aN اذه> إ/+012^N ه_ا اL+
http://www.adobe.com/uk/products/acrobat/readstep2.html
3
http://www.t0010.com ا رق ا
و
W+ ('א
٥KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK WARNING(=A
٦KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKEF'אDא1)
EWLANFEF'אD א
J(-אK(&
EFאN7$ @'אL!אM
١٣KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKEF'אDאOD
Wired Equivalent PrivacyN5
Wi-Fi Protected AccessN5
١٥KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKJ(אאא#Z[אV)Y*EX"א'אRS"אTUVWSא
6V\F
١٧KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK aircrack-ng]!5
١٨KKKKKKKKKKKKKKKKKKK_אOa5V*)!`E"_)אWwireless tools 5
١٩KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKcX'אDא45d3e
٢٠KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK[ Monitor Mode]R-א9:'א4(A
٢٢KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKThe attack method 19"Sאij/(אk
٢٦KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKThe attack method 2!aאij/(אk
٣٢KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKlmא
4
http://www.t0010.com ا رق ا
و
WARNINGKKKKK(=A
KK0*1o*אאpS"א+<=אאi)אYE;אE
אMX"n8Zא,6-א8!אZ:
Dq0q6&()W("T)t"OY06&()W(()"uvFEHackingqאrMsp"MrM)(M"
q (uSq /}אqqM$qq!MFFqq{qq (|=qqאN"SאLqq*אqqrqq!rMzqq*lM،(ZwqqxuSאq :"
q&אDq![_q"'=אq)|אqA"q*Sא'אq~aאRq:"q6\!Sאqq(א/}<=אM!MKK,6-א
EE,6-א+@,e&-"א
W+<=אאr"0!&[(4_@)אr
{אe)&+<=אאWZM)"
KWirelessqאEF'אDאא#Z$_&WW_$"M
K8
אp"אS,6V-'"אDא8E)אW_ !
EF'אD)אmTR"U-'א5D"א،!['אF+3%Mא6&W_a
K43*<)W($"Vא#Z
א6אV@rM
'5Dqאq5rwא.5q/אq<JqM4~Dqאq6\!M[T)qWא-~א'אa"אK&!*א
K*SאV6\!"V@K&p!KDVr*&('&-[*א
zq*lMq5"qY-א4~Dqאq\!q "]אqאq5 [O54e0.5/א17Z
Vqq @"V&אqq qq (6Vqq !M(qq Tqq ~-אv""|)qq 3א3qq (rM,6qq -א+qq @q q
K&"אFEאN")א*"א [אj1
eR[6<-"א
5
http://www.t0010.com ا رق ا
و
EF'אDא1)
WEWLANFEF'אDא
6
http://www.t0010.com ا رق ا
و
W8EF"'א5L!אM
01!6אTUVW8E$'5
-אTUVW8E$'5
PCMCIA
USB01!6"א-אTUVW8E$'5
.V)]
א8E$'5V)W(*(#*EeN6אTUVWM8qeW\F
7
http://www.t0010.com ا رق ا
و
8
http://www.t0010.com ا رق ا
و
J(-אK(&
9
http://www.t0010.com ا رق ا
و
EFאN7$ @'אL!אM
W (WWAN) *&אE"אEFאN7$@'אK١
qא-אi)אYEאNFZN")"אr)-א4a،&E"אe~אW {k*1'$7$<=אi)אYEא "
KEF)אm|אe4Te-א1*7א6Sא6\!M "M'tא/אTR)&
10
http://www.t0010.com ا رق ا
و
W (WLAN)אEFאN7$@'אK٣
11
http://www.t0010.com ا رق ا
و
W)7-א
W8אאאz1~p()אU6TeT_TaTW("R<+1
http://www.arabhardware.net/forum/showthread.php?t=27438&highlight=WLAN
qpMLqp-
אqKqpM"3pא7&אWRM"Lp-אz1)1
K0W`E|=אe
12
http://www.t0010.com ا رق ا
و
EF'אDאOqD
WEP , WPA q6<"EF'אDאOD)Y-'א$5א,1!_()W(
KK476V*1!`E"
c=qq،qq*SאkqqY-אqqVW[אqqEF'אDqq@אDqq<IEEE)qqV&[raqqאRM
q'אDqqe-א%7qmאqEא0q1qkMq( Nq5"67/<=א
KWEP+$`1|="אEWired Equivalent PrivacyF
{qq A"'qq &-אODqq RC4z1)qq ODqq qq .אZzqq 10qq *[WEPNqq 5")qq 61א
qq5.5Vqqqq TOqq ZTqq~0qqeKDqq5אzqqF(qqkNqq5"=אאqq<i)qq(،%7qqmא
K
(E4DT~aאv@`אE" bit ١٢٨"M 64 bit )Y-אODאT1\*~א0(
13
http://www.t0010.com ا رق ا
و
WEPq!58*אSאD-א4٢٠٠٣i1N5<=אאV
"q(63,qE"q( =אq<1)q"Wi-Fi Protected Accessq 7qZא8q<WPA
W 6<
WPA with RADIUS
*q"eOqEJ()q({אq(kq1,)Yq-{ <('א3[אR61$אr(( [<=א
K4(kv@9:§0!Sm<=א א1sp"אvDאR)7
14
http://www.t0010.com ا رق ا
و
J(אאא#Z[אV)Y!`EX"א'אRS"אTUVWSא
KJ*i\!015N665.VW K١
Aircrack Tools
{eא8E$'5 K٢
Aircrack-ng Tools K٣
6V\F
15
http://www.t0010.com ا رق ا
و
Supported by
Supported by Supported by aireplay
Chipset airodump for
airodump for Linux for Linux
Windows
CardBus: YES
YES (driver patching
Atheros PCI: NO (see YES
required)
CommView)
802.11b YES
Atmel UNTESTED UNTESTED
802.11g UNTESTED
Old models only IN PROGRESS (Forum
Broadcom YES
(BRCM driver) thread)
PARTIAL
(ipw2100 driver
Centrino b NO NO
doesn’t discard
corrupted packets)
NO (firmware drops
Centrino b/g NO YES most packets)
ipw2200inject
NO (See this thread
Centrino a/b/g NO YES for alpha injection
support.)
Cisco Aironet YES? YES NO (firmware issue)
NO (firmware corrupts
Hermes I YES YES
the MAC header)
NdisWrapper N/A Never Never
YES (PCI and CardBus
Prism2/3 NO YES only, driver patching
required)
FullMAC: YES YES (driver patching
PrismGT YES
SoftMAC: NOT YET recommended)
YES, see rt2500,
rt2570, rt61 and rt73.
YES (rt2500 / rt2570 / Also see Ralink
Ralink NO
rt61 / rt73 driver) chipset comments
later on this pager for
important concerns
UNSTABLE (driver
RTL8180 YES YES
patching required)
YES (driver patching
YES (driver patching
recommended for
RTL8187L UNTESTED required to view
injection and required
power levels)
to view power levels)
TI YES (driver patching
NO YES
(ACX100/ACX111) required)
Partially (See patch
ZyDAS 1201 NO YES
for details)
ZyDAS 1211[B] NO YES YES
Others (Marvel...) NO UNKNOWN NO
16
http://www.t0010.com ا رق ا
و
Aircrack]!5
La 'א
kernel headers
gcc
W8א אKK]!א5#8!rwא
wget http://download.aircrack-ng.org/aircrack-ng-0.9.1.tar.gz
tar -zxvf aircrack-ng-0.9.1.tar.gz
cd aircrack-ng-0.9.1
make
make install
)7-אa(אkKKJ*,)Y)*1e"&8<")_אWVE]!אa(k
K_(J*]אe5
)Y"
17
http://www.t0010.com ا رق ا
و
wgetSUא3!
wget http://pcmcia-
cs.sourceforge.net/ftp/contrib/wireless_tools.28.tar.gz
tarS0 ~pc!
cd S)z14Z)!~אce)&
cd wireless_tools.28
makeS! {א
make
make install S]!א7*i!
make install
18
http://www.t0010.com ا رق ا
و
cX'אDא45d3e
scan all network around
Extra:wme_ie=dd180050f2020101880003a4000027a4000042435e0062322
f00
Cell 02 - Address: 00:18:39:24:5C:F8
ESSID:"linksys"
Mode:Master
Frequency:2.427 GHz (Channel 4)
Quality=50/94 Signal level=-45 dBm Noise level=-95 dBm
Encryption key:off
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
48 Mb/s; 54 Mb/s
Extra:bcn_int=100
Extra:wme_ie=dd180050f2020101030003a4000027a4000042435e0062322
f00
'R)"6O!a"א6T)"א,@23אj!
kz1S[אsp<"א65
KrאS6V-&'א-א
19
http://www.t0010.com ا رق ا
و
N;`EMonitorR-א9:c54(Ac1AircrackUi)אYEא);[א4
K,5"(א؟u-
،Monitor mode zq1'qאrq(i.$ sniffing |q"'qj5אq)qrD1+"אא
*(J5SN7$±ZR-<=אאManagedR-אz1r(vא.Vא'[אcDN"M
WMonitor Modeq'54(3,(k)W(
Kcommand line{(k1W9"Sא (א
AircrackU
8airmon-ng z6U{(k1W!aא (א
K_E!5u4aManaged R-אz1r(vא'אcDN"M
bt ~ # iwconfig ath0
ath0 IEEE 802.11b ESSID:"" Nickname:""
Mode:Managed Channel:0 Access Point: Not-Associated
Bit Rate:0 kb/s Tx-Power:31 dBm Sensitivity=0/3
Retry:off RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=0/94 Signal level=-98 dBm Noise level=-98 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
20
http://www.t0010.com ا رق ا
و
W!aא (א
،،8&&אAircrackU
8airmon-ng z6U{(k1
bt ~ # airmon-ng stop ath0
Interface Chipset Driver
WWWWij/אk
א5z1M)*ErwאWWWW
21
http://www.t0010.com ا رق ا
و
_(M"MonitorR-אz1'אr(rMij/(אk[M)rM4
KVא#Z()אXאJ(@אאR)rrM
*(J5Sאz1c@*(F50er()*1ij/<=אאi)Y!
Kinteractive ij/<=אאz6("
W8אu6*אNFZij/<=אא4@"Tesp6
22
http://www.t0010.com ا رق ا
و
(١) airodump-ng
K[V\"5`!אEU({<=|אk1
-c : channel number
--bssid : MAC Address for Access Point
-w : save the file
capture : file name that be save the packet
ath0 : our interface name
23
http://www.t0010.com ا رق ا
و
24
http://www.t0010.com ا رق ا
و
(4) aircrack-ng
ODאi!`EU({<=|אk1
25
http://www.t0010.com ا رق ا
و
W8אu6*אNFZij/<=אא4@"Tesp6
26
http://www.t0010.com ا رق ا
و
(١) airodump-ng
K[V\"5!אvאU({<=|אk1
-c : channel number
--bssid : MAC Address for Access Point
-w : save the file
output : file name that be save the packet
ath0 : our interface name
27
http://www.t0010.com ا رق ا
و
28
http://www.t0010.com ا رق ا
و
29
http://www.t0010.com ا رق ا
و
30
http://www.t0010.com ا رق ا
و
(4) aircrack-ng
ODאi!`EU({<=|אk1
31
http://www.t0010.com ا رق ا
و
lmא
http://www.4shared.com/file/24546586/40c72462/attack-
method1part2.html?dirPwdVerified=630ebe35 50MB
http://www.4shared.com/file/24548769/ada0b720/attack-
method1part3.html?dirPwdVerified=630ebe35 24MB
Attack-method 2 ( 113 MB )
http://www.4shared.com/file/24553904/65b4efa0/attack-
method2part1.html?dirPwdVerified=24884433 50MB
http://www.4shared.com/file/24590482/9b931121/attack-
method2part2.html?dirPwdVerified=24884433 50MB
http://www.4shared.com/file/24592271/2b86e86d/attack-
method2part3.html?dirPwdVerified=24884433 13MB
32
http://www.t0010.com ا رق ا
و
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
)א6+א
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
q<١٤٢٨Lr١٢
( Sptember 23, 2007 )
-------------------------------
8!"#$א+א67
----------------------------------------------------------------
aLT3rEQ$Hacker
------------------------------------------------------------------
33