BackTrack v Beini Hacking WiFi (The Easy Way)


Background
Hacking WiFi on a Mac requires a 3rd party USB WiFi receiver that is compatible with the program
that you are using. Kismac has been the only Mac only app that can hack WiFI. However, it is
outdated and intolerably slow. In the past your best solution was to run BackTrack in a virtual
machine via Parallels, VMware or Virtualbox on your Mac or PC. The main problem with running
BackTrack is that it can leave you frustrated with the command line interface and troubleshooting
the various problems that pop up during use. While with Beini, you just need to click a few buttons
as demonstrated in the video below:
BackTrack v Beini
packed and doesn't have an attractive user interface. It is an incredibly lightweight download that
produces good results. To date, Beini's minidwep-gtk and the feeding bottle applications have
proved equally successful in obtaining WEP hex and ASCII passwords.
What You Need
1. Virtual machine software (Parallels or VMware or Virtualbox)
2. Beini 1.2.1, 1.2.2 or 1.2.3 iso file (I recommend 1.2.2)
3. Compatible card
Beini Compatible Hardware List
Do not expect that you will be able to hack WiFi with your default internal WiFi card or Mac's
Airport. As stated in the beginning, you will need some compatible hardware, check out the list. I
recommend anything with an RTL8187L chip or RT3070 chip or compatible device made by
Also devices with directional or yagi antennas work best. If you have a compatible chipset as
below, give that a go. The blank sections have unknown compatibility at this time but are likely to
be compatible.
Product Name (chip) Bus Beini system version
1.0-RC5.2 |
1.0-in Final 1.2.1 1.2.2
1.1
TP-LINK TL-WN321G + Ver:
USB Compatible Compatible Compatible Compatible
1.0 (RT73)
TP-LINK TL-WN322G + Ver:
USB Compatible Compatible
1.0 (ZD1211rw)
TP-LINK TL-WN322G + Ver: Not Not Not
USB Compatible
2.0 (Atheros 9271) compatible compatible compatible
TP-LINK TL-WN422G + Ver:
USB Compatible Compatible
1.0 (ZD1211rw)
TP-LINK TL-WN422G + Ver: Not Not Not
USB Compatible
2.0 (Atheros 9271) compatible compatible compatible
TP-LINK TL-WN821N. Ver:
USB Compatible Compatible Compatible Compatible
2.0 (Atheros 9.17 thousand)
TP-LINK TL-WN821N. Ver: Not Not Not
USB Compatible
3.0 (Atheros) compatible compatible compatible
TP-LINK TL-WN550G Ver:
PCI Compatible Compatible
1.0 (the Atheros 5k)
TP-LINK TL-WN551G REV:
PCI Compatible Compatible
1.5E (Atheros 5k)
TP-LINK TL-WN721N Ver: Not Not Not
USB Compatible
1.0 (Atheros 9271) compatible compatible compatible
TP-LINK TL-WN722N Ver: Not Not Not
USB Compatible
1.0 (Atheros 9271) compatible compatible compatible
TP-LINK TL-WN310G Ver:
PCMCIA Compatible Compatible
2.4 (Atheros 2413)
TP-LINK TL-WN7200ND Ver:
USB Compatible
1.0 (RT3070)
TP-LINK TL-WN822N Ver:
USB Compatible Compatible
1.0 (Atheros AR9170)
Asus USB-G31 (RT73) USB Compatible Compatible Compatible Compatible
The Asus WL-167g (RT73) USB Compatible Compatible Compatible Compatible
The Asus WL-107g (Ralink
USB Compatible Compatible
2560)
D-Link DWL-G122 H / W Ver:
USB Compatible Compatible
C1 F / W Ver: 3.00 (RT73)
D-Link DWL-G122 H / W Ver:
Not Not Not Not
F1 F / W Ver: 6.00 USB
compatible compatible compatible compatible
(RTL8188S)
D-Link G the DWA-110 H / W
Ver: A1 F / W Ver: 1.00 USB Compatible Compatible
(RT73)
D-Link DWL-G650 + AH / W
Ver: E2 F / W Ver: 5.00 PCMCIA Compatible Compatible Compatible Compatible
(Ralink 2561 PCI RT61PCI)
D-Link, the DWA-130 H / W Not Not
USB
Ver: C1 F / W Ver: 1.20 () compatible compatible
D-Link, the DWA-130 H / W Not Not
USB
Ver: C2 F / W Ver: 3.00 () compatible compatible
The D-Link, the DWA-133 H / Not Not Not Not
USB
W Ver: A1 F / W Ver: 1.00 () compatible compatible compatible compatible
D-Link DWL-G122 H / W Ver: Not Not Not Not
USB
F1 F / W Ver: 6.00 () compatible compatible compatible compatible
D-Link DWA-125 H / W Ver: Not Not
USB Compatible Compatible
A2 F / W Ver: 1.30 (RT3070) compatible compatible
D-Link DWA-125 H / W Ver: Not Not
USB Compatible Compatible
A2 F / W Ver: 1.40 (RT3070) compatible compatible
FAST FW54U Ver: 5.0
USB Compatible Compatible
(ZD1211)
FAST FW54U Ver: 7.0 Not Not Not
USB Compatible
(Atheros 9271) compatible compatible compatible
NETGEAR WG111v2 Not
USB Compatible Compatible Compatible
(RTL8187L) compatible
NETGEAR WG111v3 Not Not Not
USB Compatible
(RTL8187B) compatible compatible compatible
NETGEAR WN111v2
USB Compatible Compatible
(Atheros AR9170)
Not Not
IP-COM W321G + () USB
compatible compatible
Not Not
IP-COM W323G + () USB
compatible compatible
Not Not
IP-COM W821U () USB
compatible compatible
IP-COM W550G V1.0
Not Not
(Marvell 88w8335-TGJ1 (rev PCI
compatible compatible
03))
Tenda TWL541C (Marvell Not Not
PCI
88w8335) compatible compatible
Tenda W302P V1.1 Not Not
USB
(RT2760T) compatible compatible
Not Not
Tenda W311U (Ralink 2800) USB Compatible Compatible
compatible compatible
Not Not Not Not
Tenda W311Ma USB
compatible compatible compatible compatible
Not Not Not Not
Tenda W311M USB
compatible compatible compatible compatible
Tenda W541U Ver: 2.0 Not Not
USB Compatible Compatible
(Ralink 2800) compatible compatible
BUFFALO BUF-WLIUCG-1
Not Not
(B) MODEL: WLI-UC-G USB
compatible compatible
(MelCo 0411:0137)
Mercurycom (Mercury)
USB Compatible Compatible
MW54U VER 6.0 (RT73)
Mercurycom (Mercury)
Not Not Not
MW54U VER 7.0 (Atheros USB
compatible compatible compatible
9271)
SAGEM with (Sagem) XG-
USB Compatible Compatible
760N (ZD1211B)
SAGEM with (Sagem) XG-
USB Compatible Compatible Compatible Compatible
703A (GW3887)
INVENTEL the (UBS) ur054g,
USB Compatible Compatible Compatible Compatible
( R01 ) V1.1 (GW3887)
LinkSys wusb54g V4
USB Compatible Compatible
(RT2571F)
NEC Aterm WL54AG
PCMCIA Compatible Compatible
(AR5212)
CNet CUA-854L WIFI USB
USB Compatible Compatible
11G (RT73)
AWUS036NEH (RT2870) USB Compatible Compatible
Wireless LAN chip
(Intel 2100BG) Mini-PCI Compatible Compatible
(Intel 2200BG) Mini-PCI Compatible Compatible
(Intel 3945ABG) PCI-E Compatible Compatible Compatible Compatible
(Intel 1000BGN) PCI-E Compatible Compatible Compatible Compatible
(Intel 5100AGN) PCI-E Compatible Compatible Compatible Compatible
(Intel 5300AGN) PCI-E Compatible Compatible
(Intel 6000) PCI-E Compatible Compatible
(Intel 4965AG) PCI-E Compatible Compatible
(Atheros AR5B91) PCI-E
(Atheros AR5B93) PCI-E Compatible Compatible Compatible
(Atheros AR928X) PCI-E Compatible Compatible
Other Notes
" When installing the ISO through Parallels or VMware, you need to select 'Other Linux 2.6' When
you add the virtual machine.
" If Beini cannot detect your card or USB device, delete the devices drivers off your Mac
" Get a directional antenna with an SMA connector for better range. Check eBay, Amazon
" Track Beini's developments @ google code
Modes Explained
The -0 Deautenticate [Conflict Mode]
Forced to disconnect the connection to reconnect with the routing side has been connected to the
legitimate client. Reconnect the packet, resulting in an effective ARP Request. If a client is
connected to the routing side, but no one online to produce valid data, then, that the use of
also unable to produce an effective ARP the Request. Therefore need to use the -0 attack mode
with -3 attack will be immediately activated.
aireplay - ng - 0 10 - a < AP MAC > - c < My the MAC > Wifi0
parameters Description:
[- ]: conflict attack mode, followed by the number sent (set to 0 , compared with cyclic attacks o
f disconnect connection, the client does the Internet)
[- ]: set AP MAC [- c ]: the set has been connected to the legitimate client MAC . If you do not s
et a - c , then disconnect all and AP connectivity.
aireplay - ng - 3 - b < the AP MAC > - h < My MAC > Wifi0 of
Note: Using this attack mode the premise must be connected to the router through the
certification of a legitimate client
This model is to disguise a client and the AP to connect. This step is non-client research study a
first step, because no legitimate connection to the client, and therefore need a disguise client and
the router is connected to. AP to receive packets, you must make your own card and AP
association. If there is no associated target AP will ignore all packets sent from your network card,
the IVS data will not produce.
-1 Disguised client successfully connected to send into the command, the router receives inject
command only after the feedback data to thereby generate the ARP packet.
aireplay - ng - 1 0 - e < the AP the ESSID > - a < AP MAC > - h < My the MAC > Wifi0
parameters Description:
[- ]: the Camouflage client connection mode, the latter with the delay
[- e ]: set AP the of [- a ]: set AP MAC [- h ]: set disguise the client's network card MAC
work card MAC )
-2 Interactive, [interactive mode]
The interactive mode is a packet capture and mentioning that the data sent attack packets, three
with the collection mode A. This mode is mainly used to study learning without the client,
to establish a false client connections and direct contracting attack
aireplay - ng - 2 - p 0 841 - c ff. : ff : ff : ff : ff : ff - b < the AP MAC > - h < My the MAC
Wifi0
parameters Description:
[- ]: interactive attack modes
[- p ]: set of the information contained in the control frame ( 16 hex), default 0841
[- c ]: set the destination MAC address
[- ]: set the AP 's MAC address
[- h ]: Set the disguised client network card MAC (ie, card MAC )
2 . Extract the package, send inject packets
aireplay - ng - 2 - the r - x 1024 Wifi0
contracting attacks. which - x 1024 is the contracting speed to avoid the card crashes, you can
choose 1024 .
-3 ARP Request [injected into the attack mode]
This mode is very effective to analyze the process of re-issued in one packet capture after such an
attack mode. Both can take advantage of a legitimate client, you can also camouflage the client
with the -1 virtual connection.
If a legitimate client that generally need to wait a few minutes, so that the communication
between the legitimate client and AP, a small amount of data can produce an effective ARP
Request only -3 mode into success. If no communication exists, can not get the ARP Request this
attack will fail. A long period of time between the legitimate client and AP ARP the Request, you
can try to use the -0 attack. If there is no legitimate client, you can use -1 to create a virtual
connection camouflage client connection process packet. The resulting ARP Request. ANSI
mode injection.
aireplay - ng - 3 - b < the AP MAC > - h < My the MAC - x 512 Wifi0
parameters Description:
[- 3 ]: ARP injection attack mode
[- ]: set AP MAC [- h ]: set
[- x ]: the number of households package of the definition to send data per second, but the max
imum does not exceed 1024 , it is recommended to use 512 (or not defined)
-4 Chopchop [Attack Mode]
To a xor file containing the key data in this mode is mainly to get a xor file containing the key
data, can not be used to decrypt the packet.
But use it to generate a new packet so that we can be injected.
aireplay - ng - 4 - b < the AP MAC > - h < My the MAC > Wifi0
parameters Description:
[- ]: Set the research study, the AP MAC [- h ]: connection set up a virtual disguise MAC
AC )
-5 Fragment [fragmented packet attack mode]
Used to obtain PRGA (the suffix containing the key of the xor file)
This model one can use PRGA here PRGA is not WEP Key data can not be used to decrypt the
packets. But use it to generate a new packet so that we can be injected. Its working principle is
the target AP to re-broadcast packets, when the AP re-broadcast, a new IVS will produce, we use
this to study the learning!
aireplay - ng - 5 - b < the AP MAC > - h < My the MAC > Wifi0
parameters Description:
[- ]: fragmented packet attack mode
[- ]: set AP MAC [- h ]: Set the virtual camouflage to connect the MAC (ie NIC MAC )
packetforge, - ng : packet manufacturing procedures
packetforge - ng
packetforge - ng - 0 - a < the AP MAC > - h < My the MAC > Wifi0 - k 255.255 . 255.255
255.255 255.255 - y < xor the file > - w mr parameter Description:
[- ]: camouflage ARP packets
[- ]: set the AP MAC [- h ]: set up a virtual disguise connection MAC ( MAC )
[- k ]: < ip [: port ]> Description: Set the target file IP and port
[- l ]: < ip [: port ]> Description: Set the source file, IP and port
[- y ]: < file > Description: xor file . Followed by xor .
[- w ]: set camouflage file name


Wyszukiwarka

Podobne podstrony:
The Easy Way To Get Girls With SA Hypnotism
The Best Way to Get Your Man to Commit to You
The Right Way Round
The Easy Step by Step Guide to Being Positive and Staying Positive
Learn Python The Hard Way 3rd Edition V413HAV
The?mascus Way
What is the best way to get rid of mosquitoes in your house
7 2 1 8 Lab Using Wireshark to Observe the TCP 3 Way Handshake ILM
Brandy Learn the hard way
The Easy Winners
Bloodhound Gang Take the long way home
Richard Robinson The Easy Sponge Ball Act
The Long Way Home
Take the Long Way Home
Bon Jovi Growin Up The Hard Way
The Easy Guide to Data and Voice Networking
the best way to lose

więcej podobnych podstron