Scribd
Upload
1K views

Backtrack Wifi Tools

This document provides an introduction to WiFi tools available in BackTrack Linux. It discusses tools for wireless discovery like Kismet, cracking WEP and WPA encryption like Aircrack, attacking LEAP with Asleap, rogue access point detection with Karma, and more. The document outlines what each tool is used for and provides links for more information.

Uploaded by

awaismqsd
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views

Backtrack Wifi Tools

This document provides an introduction to WiFi tools available in BackTrack Linux. It discusses tools for wireless discovery like Kismet, cracking WEP and WPA encryption like Aircrack, attacking LEAP with Asleap, rogue access point detection with Karma, and more. The document outlines what each tool is used for and provides links for more information.

Uploaded by

awaismqsd
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

BackTrack WiFi tools (Linux)                                                                                        page 1 of 8

About this document

This document gives you an introduction to some WiFi tools you can find on the BackTrack live 
CD. This document don't give you an introduction how to use this tools.

INDEX

General introduction
Keywords
Links
Categories + software examples

Wireless discovery
Introduction
Kismet (SW)
Links
Test
Install on Ubuntu
Problem solving for Backtrack

Cracking
Links

WEP cracking
Introduction
Aircrack (SW)
Links

WPA / WPA2 cracking
Introduction
Aircrack (SW)
Links

LEAP attack
Introduction
Get the software 

Frame generation
Introduction
 Get the software

Mapping
Introduction

Rogue access points
Introduction

created : 08/2009                                                                                                  version : 02/08/2009
Marc Schwager                 e­mail : [email protected]
BackTrack WiFi tools (Linux)                                                                                        page 2 of 8

General Introduction

Keywords

Linux 
AND
WiFi (security) tools, wardriving tools, wireless (security) tools, 802.11 tools

Links

­ Wikipedia
http://en.wikipedia.org/wiki/Wireless_security

­ Overview
http://www.wardrive.net/wardriving/tools
http://www.ethicalhack.org/wifitools.php
http://www.reznor.com/tools/wi­fi/
http://tuxmobil.org/wireless_unix.html
http://www.pointblanksecurity.com/wardriving­tools.php
http://wirelessdefence.org/Contents/WirelessLinuxTools.htm

­ BackTrack (802.11 WiFi)
http://backtrack.offensive­security.com/index.php/Tools

Categories + software examples 

­ Wireless discovery Kismet
Aircrack (­>Airodump)

­ WEP cracking Aircrack

­ WPA / WPA2 cracking Aircrack

­ LEAP attack Asleap

­ Frame generation Fake AP

­ Mapping Kismet

­ Rogue access points Karma

created : 08/2009                                                                                                  version : 02/08/2009
Marc Schwager                 e­mail : [email protected]
BackTrack WiFi tools (Linux)                                                                                        page 3 of 8

Wireless discovery (sniffing)

Introduction
http://en.wikipedia.org/wiki/Network_detector

Kismet (SW)

­ Links

­­ Main page
http://www.kismetwireless.net/

­­ How to start
http://www.wi­fiplanet.com/tutorials/article.php/3595531

­­ How to use
http://www.tomsguide.com/us/how­to­crack­wep,review­451­7.html

­­ Intro (french)
http://www.linux­
france.org/prj/inetdoc/cours/config.interface.wlan/config.interface.wlan.kismet.html

­ Test

­­ Run
HPPC + (BackTrack live CD V3.0 + Kismet) + Hercules WiFi stick

­­ Results
­ usb stick (rausb0) as RT73 recognized (iwconfig)
­ RT73 module/driver  found (lsmod)

­ Kismet is starting but the available WiFi nets are not recognized !!

created : 08/2009                                                                                                  version : 02/08/2009
Marc Schwager                 e­mail : [email protected]
BackTrack WiFi tools (Linux)                                                                                        page 4 of 8

­­ Possibilities

sudo iwlist <interface> scan sniffs the available WiFi networks
! interface must be in mode MANAGED !

OR

The stick is working correctly with Ubuntu see "Install Kismet on Ubuntu"

OR

see Problem solving for Backtrack

­ Install Kismet on Ubuntu (tested on 8.04.3 LTS)

­­ Install Instructions

Before you can run Kismet for the first time, you may need to edit the primary configuration file, 
kismet.conf. Kismet configuration files are found in /etc/kismet.

Start the editor
run  sudo ­s  then  nano kismet.conf

Personalze the kismet config file
edit : suiduser=your_username_here
to (example) : suiduser=Marc4

Tell Kismet which “source,” or wireless adapter, to use 
edit : source=type,interface,name
to (example) : source=rt73,wlan0, clewifi

­­ Run Kismet

sudo kismet ­­>> detected Livebox­ff1a  and others  great  !

Remark : WiFi HW must be in mode MONITOR 

created : 08/2009                                                                                                  version : 02/08/2009
Marc Schwager                 e­mail : [email protected]
BackTrack WiFi tools (Linux)                                                                                        page 5 of 8

­ Problem solving for Backtrack V3.0  (not tested !)

­­ Links
 
http://wiki.backtrack­fr.net/index.php/Configurer_son_interface
http://forums.remote­exploit.org/newbie­area/16172­cant­inject­rt73­wifi­card­under­bt­3­final­bt­2­
final­no­problem.html

­­ Install BackTrack on a machine and do the following :

1) Download and install kernel sources

­ wget http://www.offensive­security.com/kernel.lzm
­ lzm2dir kernel.lzm /

2) Get the working driver (3.0.1) for RT 73 OR downgrade to version 2.0.0

wget http://homepages.tu­darmstadt.de/~p_larbig/wlan/rt73­k2wrlz­3.0.1.tar.bz2

ifconfig rausb0 down
airdriver­ng remove 31

tar ­xjf rt73­k2wrlz­3.0.1.tar.bz2
cd rt73­k2wrlz­3.0.1/Module
make
make install
modprobe rt73

ifconfig rausb0 up

created : 08/2009                                                                                                  version : 02/08/2009
Marc Schwager                 e­mail : [email protected]
BackTrack WiFi tools (Linux)                                                                                        page 6 of 8

Cracking

Links

­ Crack WEP + WPA
http://www.speedguide.net/read_articles.php?id=2724

­ Aircrack (SW)
http://en.wikipedia.org/wiki/Aircrack­ng
http://www.aircrack­ng.org/doku.php

WEP cracking

Introduction
http://en.wikipedia.org/wiki/Wireless_security#Regular_WEP

Aircrack (SW)

­ Links

­­ How to
http://www.tomsguide.com/us/how­to­crack­wep,review­459­2.html

­­ How to (without connected clients)
http://www.aircrack­ng.org/doku.php?id=how_to_crack_wep_with_no_clients

WPA / WPA2 cracking

Introduction
http://en.wikipedia.org/wiki/Wireless_security#WPAv1

Aircrack (SW)

­ Links
http://www.aircrack­ng.org/doku.php?id=cracking_wpa

created : 08/2009                                                                                                  version : 02/08/2009
Marc Schwager                 e­mail : [email protected]
BackTrack WiFi tools (Linux)                                                                                        page 7 of 8

LEAP attack

Introduction
LEAP is the Lightweight Extensible Authentication Protocol, 
intellectual property of Cisco Systems, Inc. LEAP is a security mechanism
available only on Cisco access points to perform authentication of end­users
and access points.

http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol#LEAP

Get the "asleap" software : http://www.willhackforsushi.com/Asleap.html
This tool is released as a proof­of­concept to demonstrate a weakness in the
LEAP protocol.

Frame generation

Introduction
Frame generation SW (ex Fake AP) generates thousands of counterfeit 802.11b access points. Hide 
in plain sight amongst Fake AP's cacophony of beacon frames. As part of a honeypot or as an 
instrument of your site security plan, Fake AP confuses Wardrivers, NetStumblers, Script Kiddies, 
and other undesirables. 

Get the "Fake AP" software  : http://www.blackalchemy.to/project/fakeap/

Mapping

Introduction
The combination of a sniffing software (ex Kismet) and a mapping software (ex google earth) 
shows you the location of a detected WiFi network.

Links

­ Kismet (SW)
http://www.wirelessdefence.org/Contents/Kismet%20Wireless%20Mapping.htm
http://casoilresource.lawr.ucdavis.edu/drupal/node/288

created : 08/2009                                                                                                  version : 02/08/2009
Marc Schwager                 e­mail : [email protected]
BackTrack WiFi tools (Linux)                                                                                        page 8 of 8

Rogue access points

Introduction
A rogue access point is one that the company does not authorize for operation. The trouble is that a 
rogue access points often don't conform to wireless LAN (WLAN) security policies, which enables 
an open, insecure interface to the corporate network from outside the physically controlled facility. 

Links

­ Wikipeadia
http://en.wikipedia.org/wiki/Rogue_access_point

­ Identifying rogue access points
http://www.wi­fiplanet.com/tutorials/article.php/1564431

­ Karma (SW)
http://blog.trailofbits.com/karma/

­ KARMA + Metasploit 3 = Karmetasploit (SW)
http://trac.metasploit.com/wiki/Karmetasploit

created : 08/2009                                                                                                  version : 02/08/2009
Marc Schwager                 e­mail : [email protected]

You might also like