Practical explanations on wireless WEP encryption and cracking without clients in Ubuntu

Article title: Ubuntu wireless WEP encryption without clients. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

Open a Shell in the graphic interface. for example, enter ifconfig-a to view the current NIC.

Here, I will use a USB Nic as an example. we can see that there is a Nic named rausb0. The status is not loaded. do not load it here. First, change the MAC address to any MAC address that needs to be forged,

Input macchanger? M 00: 11: 22: 33: 44: 55 rausb0

-M is followed by the MAC to be forged, and then the name of the NIC to be modified. here we change the MAC of the USB Nic to 00: 11: 22: 33: 44: 55.
Then load the NIC and enter:

Ifconfig-a rausb0 up to load the usb nic driver
Then, we can use tools such as Kismet and Airosnort to scan the AP of the current wireless network,

Then, we need to activate the NIC to the monitor mode for subsequent cracking. the command is as follows:

Airmon-ng start rausb0 3. here, this 3 is the channel of the AP we found, and then enter the following command to start packet capture.
Airodump-ng-w test. cap -- channel 3 rausb0. Here test. cap is the packet capture file name I set.

FakeAuth attacks can be initiated. these attacks are used when the AP of the wireless access point has no Client activity or even no Client. The command is as follows:
Aireplay-ng-1 1-e AP's ESSID-a AP's MAC-h FakeMAC rausb0
Here-1 refers to the use of FakeAuth attack mode, followed by latency;-e followed by ap essid,-a followed by ap mac, -h is followed by a previously forged MAC, followed by a wireless Nic.

At the same time, to obtain the IVs (initialization vector), ArpRequest injection attacks must be carried out. this is very important and can effectively increase the number of captured packets and the cracking speed. the command is as follows:
Aireplay-ng-3-B AP's MAC-h Client's MAC-x 1024 rausb0
-3 refers to the ArpRequest injection attack.-B follows the MAC address of the AP to be intruded, and-h is followed by the MAC address of the monitored client, here we use the forged client MAC, as shown in, as-x 1024 refers to the number of packets sent per second. this value can be smaller, but the maximum value is 1024, here I use the default, and finally specify the USB wireless network card. Next, you can enable aircrack-ng synchronously to crack the problem. The command is as follows:

Aircrack-ng-x-f 2 test-01.cap here-x is the brute force cracking mode,-f refers to the enable password complexity of 2, followed by the packet capture file we saved instantly,