Monday, December 1, 2008

Hacking WEP (Wifi) with Windows XP

Aireplay-ng Packet Injection Windows

Czech version of Packet injection Windows How to Packet injection Aireplay-ng & Windows XP. System Windows XP SP2 :: WiFi card: CM9 (WNC AR5213) + miniPCI/PCI reduction :: Aplictions: package Aircrack-ng-win 0.9 :: Driver: commView for netgear + library (older commview.dll or new ca2k.dll) :: Read Metasploit Hacking Windows. Feel free ask for or post txt mistakes. (All the software used in the tutorial it's possible to download in the download DIR. Archive password for aircrack-ng-svn+driver+dll.rar is "password").

Hardware & Software

The process of Cracking WEP key on Windows system enhanced about Aireplay-ng packet injection is executed through "hack". The process applies CommView for Wifi library. The functionallity is theoretically relevant on every chipset that the mentioned application supports.

CommView

The library (through socket) allows the Airodump and Aireplay applications to connect into the network card. All of this is possible thanks to Airserv-ng application that Aircrack-ng package newly contains. The list of supported
network cards is on producers webpages. The most well known are D-Link, Z-Com (Prism), Netgear (Atheros), ipw22xx,29xx (Centrino), Cisco..

How To

Preparation. As a first step the driver actualization is necessary. This procedure applies CommView for Wifi driver which knows packet injection and supports much more wireless cards such as AiroPeek driver. Exe instaler is not available. It is not necessary to install a conventional driver. The new card installation procedure is the same as well as the "actualization" procedure of the existing (conventional) driver. If you have installed a driver that knows packet injection you can skip this step.





In the network card configuration it is necessary to take off zero config.






Click above the network card icon (right mouse button) induces pull-down menu where in "Properties" and then in "Configuration"






..we go ahead -> onto card "Driver" where we can find the button "Driver Actualization"






This step offers online actualization which is for this purpose useless.





Next step: choose "Install from the list or..."





Next step: "Do not search. I will choose the driver myself..."





In the dialog window enter the path to the install folder CommView Wifi/Driver where..





..the file net5211.inf is located





At a standard installation the whole path is: C:\\Program Files\CommViewWiFi\Driver\net5211.inf





The automatic vendor detection is implemented and the detected card is offered for the installation. The .inf file contains the entire list of cards.





Installation of uncertified driver click yes.





The installation is completed. Thats all.




Packet Injection & Aireplay-ng

So far it is not possible to generate the trafic packet injection on
the Windows platform. Packet injection as we know it from the Linux distribution in the application Aireplay-ng is the only possibility how effectively speed up "capture" of needed amount of ivs for the crack WEP key. This
text will describe a small obstruction and a 100% functional way how to use Aireplay-ng and packet injection in Windows.

Hack the box.
Direct and oficialy presented method so far does not exist. This all is solved by a small hack that consists of two parts.

Library commview.dll (ca2k.dll)
Through the installation of CommView Wifi application we get the library. In the installation file is the library that will serve as a connection between the application and network card. In the Aircrack-ng 0.9 package is a small gimmick that we are going to use. It allows a multiple use of the network
card in the real time. What does the "Start up" in the Start up menu mean?

Airserv-ng.
For this purpose the application Airserv-ng was. It is a server as it is obvious from the name. It allows the use of one card for more applications. The further procedure is working only on the console. In the menu Start/Start up with the command cmd we induce the console window. With the command cd we move into the file

cd c:\aircrack-ng-0.9

Start up Airserv-ng on the channel no. 6

airserv-ng -d commview.dll -p 12345 -c 6

or see the proggres and start up Airserv-ng on the channel no.6 in the debug mode

airserv-ng -d "commview.dll|debug" -p 12345 -c 6

Airserv-ng console in the debug mode shows mess..





We confirm the inquiry: "Does this look like yourd card!? In the new (second) console we start up on the channel no.4 Airodump-ng


airodump-ng --ivs --ch 6 -w dumpfile 127.0.0.1:12345


Aireplay-ng
Aireplay-ng is an application that allows client disconnection from AP, false autentization, interactive packet playback, repeated sending of ARP. It implements KoreK chopchop, fragmentation and newly also injection testing. It is operated through these switches:


- 0: Deauthentication
- 1: Fake authentication
- 2: Interactive packet replay
- 3: ARP request replay attack
- 4: KoreK chopchop attack
- 5: Fragmentation attack
- 9: Injection test

In the new console we will use - 2 (interactive packet replay)

aireplay-ng -2 -b 00:xx:xx:xx:xx:xx -d 00:xx:xx:xx:xx:xx 127.0.0.1:12345




Aircrack-ng:
In the last console we start up Aircrack-ng. In the case that there is in the file more records we should choose the right MAC. Each record has its sequence, number and the number of captured ivs.

aircrack-ng *.ivs





The key was recovered.





"Weplab" - All the windows.


for more information you can see in here


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)