Monday, January 14, 2008

Using aireplay attack 0

We are almost done now. If your IV count is flying up, then you can skip this step. If not, read on.

If you followed up until now, you should a few windows open. One is running airodump, another is running aireplay attack 3. The last one ran aireplay attack 1, and if it worked, then you're back at the prompt now.

At the prompt,

Type : aireplay-ng -0 10 -e 07B402920894 rausb0

I'll explain the new parameters.

-0 - is the attack number we're using. It is a deauthentication attack, meaning it tells the AP that we've disassociated and it tries to reconnect, sending out an ARP, which is what attack 3 is waiting for.

10 - is the amount of times it should send out the deauthentication. It may not reach the AP on the first try or what, so we like to do it a couple of times, hence the number 10.

The rest is old stuff for us Pros. Obviously, you must substitute 07B... with your target ESSID and rausb0 should be replaced with your network interface as explained many times.

If all went well, as I hope it did for you, then attack 3 should have picked up an ARP request, and it should be injecting very, very quickly. Go to the window with airodump, and watch with delight as the IV count flies up.

There is one more step, and we'll have the WEP key right up on our screen. We have one more program to learn about, 'aircrack'. Then we're done with this portion of our blog. I don't know where we're going after this. If you have any suggestions as to what I should write about, please feel free to comment. I'll take all suggestions into consideration before we continue.

No comments: