First run of BackTrack2
anomit | April 18, 2008Yeah, I know BT3 Beta is doing the rounds but when learning something, I don’t exactly like to walk on the bleeding edge!
The collection of tools is amazing and I don’t even need to go on blabbering about it. Its the distro of choice for security professionals. The multitude of scripts are simply vast each grouped neatly in the appropriate categories for radio analyzing, os fingerprinting, forensics etc etc (heck, I don’t even remember all of them).
I booted into BT2 using the live CD. I prefer the live CD in this case as I don’t exactly wanna mess around with my wireless settings by creating and destroying multiple VAPs. Got down straight to work, fired up airodump-ng. Found a couple of clients connected to the AP near me. Deauth-ed them with aireplay-ng. To make sure it was working, called over a friend to my room, tested the deauth on his laptop and it was working!
Ok, catch up with your breath. This is how I did it:
Created a VAP ath1 in monitor mode
wlanconfig ath1 create wlandev wifi0 wlanmode monitor
I wont even explain how to start up airodump-ng. Its as easy as 1-2-3.
Deauth the clients using the MAC addresses found with aireplay-ng.
aireplay-ng -0 30 -c client MAC address -a access point MAC address ath1
Here -0 means deauth and 30 is the number of deauth requests to be sent.
At this stage, you can easily spoof the MAC address and capture the packets intended to be received by the now disconnected client. Maybe get around MAC based authentication too if that is the first layer of security in a network.
Finally, don’t forget to check out the documentation and tutorials at aircrack-ng.org
Hi, I see I am not completely forgotten :P nice to see
BJ | May 9, 2008Hi,
I see I am not completely forgotten
nice to see you guys still around.. and nice to see you actually have posts on your blog
catch ya
so, you into law,huh? Defend me if I get sued
anomit | May 9, 2008so, you into law,huh? Defend me if I get sued