Packetforge-ng: Creating an
ARP packet
We will be
using the tool packetforge-ng to forge an ARP packet to inject into a wireless
network. (packetforge-ng can be used to forge any type of packet) To forge our
packet we will need the packet PGRA key stream file obtained via the chopchop
attack or a fragmentation attack.
Getting the
PGRA key stream and creating a packet with packetforge-ng is used when there is
no client connected to the AP. By forging and injecting an ARP packet, we can
generate the IVs need to crack the WEP key.
To create our ARP packet:
Ex.
packetforge-ng -0 –a
00:0C:41:F2:AC:F0 -h 00:23:15:99:2D:1E
-k 255.255.255.255
-l 255.255.255.255 -y
pgra.xor –w my-arp-packet
·
-0 will create an ARP packet
·
-a is the BSSID
·
-h is the source MAC address (fake auth if you
are using your own)
·
-k is the destination IP (255.255.255.255 will
work with most APs)
·
-l is the source IP (255.255.255.255 will work
with most APs)
·
-y asks for the location of your .xor file
obtained from chopchop or fragmentation
·
-w will name the ARP packet you are creating.
The packet will be saved in the directory you launched packetforge-ng
With the
packet successfully forged, we can continue to inject the packet. To inject we
simply use our interactive packet replay attack. We call on our forged packet
with the –r option.
Ex.
aireplay-ng -2 –r
my-arp-packet mon0
Enter “y” to select our forged
packet and start injecting! Run airodump-ng to capture the IVs and eventually
crack the WEP key.
Video:
No comments:
Post a Comment