In our demonstration today, I will be connected to our Raspberry Pi build running Kali Linux via SSH, but this will work the same on any Kali install. First, let's make sure we have the Aircrack-ng suite updated. Type man aircrack-ng to check if it already exists on the system. If not, or if we want to make sure it's updated, let's run the following command.
apt-get install aircrack-ng
Once we confirm we have the suite and it's updated, we can proceed with the attack.
Step 2Identify Attack Antenna & Let It Rip
On Kali Linux, you can type iwconfig to see a list of available antennas. If you are connecting to your Kali Linux device remotely via SSH or VNC, now is a great time to note which antenna is hosting your data connection (the one with the IP address assigned).
Starting Besside-ng on the wrong antenna will instantly sever your remote connection and lock you out of the device until you restart if you are connected via SSH. Here we see my attack antenna is idle while my command and control antenna is attached to a network.
If you are not on Kali, you can run ifconfig to see attached antennas and look for "wlan" to spot the wireless antennas. In this case, wlan1 is my attack antenna.
Step 3Configure Your Attack & Let's Ride
Besside-ng is dead simple. With the attack antenna known as wlan1, simply type the following to initiate a wide-area attack against all detected APs. While it helps to put an adapter in monitor mode, Besside-ng will take care of that.
besside-ng wlan1
Shit will proceed to hit the fan, with the script automatically throwing the wireless card into monitor mode and scanning all channels for targets. On the first run or two, you may get a "no child process" error. Just run the besside-ng wlan1 command again and it will start. To see everything the script is doing, add the -vv argument at the end. You'll see the blistering speed at which Besside-ng finds, prioritizes, pings, and attacks networks.
Step 4Clarify Operation During Attack Runs
In a target-rich environment, Besside-ng will run continuously for days or weeks, with my current endurance record over 1 week of continuous attacking. While the attack runs, it will prioritize WEP networks as they can be completely compromised from within the script. As such, Besside-ng may focus too heavily on WEP and slow down the attack. You can prevent this by only attacking WPA networks by adding the -W argument to the command.
This script will, by default, scan all channels. This makes it too slow for wardriving or warwalking to capture handshakes, since by the time the master list of APs to attack is built and prioritized, you're a block away.
This can be mitigated in part by adding the -c argument and followed by a channel number to stay locked on. Doing so builds the target list much more quickly, at the expense of only attacking one channel. Run Airodump-ng to determine the best channels to lock to.
If you wish to attack a particular network, you can add the -b argument followed by the BSSID of the target to specify which access point you want to attack. This is useful for networks with many APs under the same name (extended service sets), which may have many identically named APs which all appear as the same Wi-Fi network. Adding this argument allows you to focus your attack on a particular AP under the umbrella of the network and make faster progress on cracking a WEP key.
Step 5Automatically Crack Passwords from WPA.CAP During an Attack
Soon, you will begin to gather WPA handshakes, potentially a lot of them. They will be automatically appended to the wpa.cap file, which is created in your home directory if it doesn't already exist. WEP packets are similarly saved to a file called wep.cap, both of which can be run in Aircrack-ng to attempt to get the password.
We can run these in Aircrack-ng against our own password list, but electricity is expensive and brute-force attacks are very boring. Instead, we can use the -s argument to specify a WPA server to upload the handshakes to. This will let a distributed service like wpa.darkircop.org crack the passwords for us.
Step 6Automatically Crack Passwords from WEP.CAP During an Attack
If Besside-ng detects a WEP network in range, it will cyberbully the hell out of it. You can open a second terminal window and begin attacking a WEP network while Besside-ng collects unique IVs Aircrack-ng needs to crack the network.
In terminal, select the network to attack by typing the following.
aircrack-ng ./wep.cap
A list of all WEP captures by Besside will be displayed.
Select the number of the network Besside-ng will target, and a beautiful symphony of math ensues as Aircrack-ng attacks the encryption.
Aircrack-ng will re-try the attack automatically every 5,000 IVs as more packets are captured by Besside-ng.
This repeats until we defeat the encryption and gain the key.
Step 7Troubleshoot Interruptions
Besside-ng experiences two main types of glitches — "no child process" and "network is down." These can be related to your wireless network adapter, in which case see here.
No child process can be fixed by re-running the Besside-ng command, most of the time. Network is down is often caused by the WPA supplicant process throwing your card out of monitor mode. To solve this problem, you can run Airmon-ng:
airmon-ng check kill
This will kill any troublesome processes for monitor mode, but also kill any other Wi-Fi interfaces, so be careful if you are SSHed into your device that way.
Besside-ng Vs Wifite
Besside-ng is not the only tool to target this niche. Suites like Wifite can also be used to attack WPA and WEP networks in automated ways. Wifite includes the added function of attacking WPS setup PINs.
While Wifite certainly provides better situational awareness of wireless targets around you, not everyone has time to wait to hit each network with every attack in the book, as Wifite likes to do. In addition, the WPS setup PIN attack is aging poorly and often no longer works, which wastes a lot of time. These attacks focus on different types of automation, with Wifite throwing everything and the kitchen sink at particular network or networks, and Besside-ng going ham over any and all networks that dare exist nearby. The problem with Wifite is that it sucks because it takes forever, and I rarely have success with it nowadays. By comparison, Besside-ng remains blisteringly fast into the foreseeable future.
Warning: Besside-Ng Is Very Loud & Leaves a Ton of Evidence
While Besside-ng is a phenomenal tool, the nature of the attack means it interacts with every access point in range. This leaves distinctive logs in each router targeted, meaning this attack has the subtlety of running around and smacking every device off of every Wi-Fi connection in range. This can be mitigated by focusing your attack on a particular AP. This technique usually does not disrupt normal network use and operation, but can reveal your device MAC address or physical location if run against a well-defended target.
Hallo friends Your most wellcome in MICKY WORLD.He is student, blogger and software developer. He runs Cool Hacking Trick which offers tutorial on computer related tricks and My Bloggers World which offers blogging tips and trics, SEO tricks, blogger widgets and guide on customizing blogger blogs. Read More
No comments:
Post a Comment