Mempersiapkan
notebook kita untuk hacking wifi, tentunya harus hardware kita harus support
dengan monitoring mode. maksudnya, card wifi kita dapat membaca paket2 yang
terbang bebas dan dapat dengan mudah melakukan aksi sniffing. Nah, tools yang
dibutuhkan sangatlah familiar bagi hacker wifi, yaitu kismet dan digabungkan
dengan aircrack-ng
Kismet dapat
disedot di http://kambing.ui.edu/slacky/slackware-12.2/network/kismet/2008-05-R1/kismet-2008_05_R1-i486-2cf.tgz
dan Aircrack
dapat disedot di http://kambing.ui.edu/slacky/slackware-12.2/security/aircrack-ng/1.0rc3/aircrack-ng-1.0rc3-i486-1dd.tgz
Nah, anda
tinggal install aja direktory aktif:
-------------------------------------------------------------------------------------------------------------------------
#install pkg
*.tgz
-------------------------------------------------------------------------------------------------------------------------
Selanjutnya
tinggal configurasi deh. Anggap saja kita tidak mempunyai documen atau tidak mempunyai
bacaan tentang konfig kismet ini. Kita dapat memanfaatkan README dari kismet
untuk konfigurasinya. Nah, biar gampang, update dlu DB agar dengan cepat mecari
letak file. Misalnya letak file README kismet yang sudah terinstall. Cukup
dengan perintah:
-------------------------------------------------------------------------------------------------------------------------
#updatedb
-------------------------------------------------------------------------------------------------------------------------
tunggu aja
sampe selesai ya
Selanjutnya,
cari de file readme dengan command :
-------------------------------------------------------------------------------------------------------------------------
#locate
kismet | grep doc
-------------------------------------------------------------------------------------------------------------------------
Nih hasilnya
-------------------------------------------------------------------------------------------------------------------------
/usr/doc/kismet-2008_05_R1
/usr/doc/kismet-2008_05_R1/CHANGELOG
/usr/doc/kismet-2008_05_R1/docs
/usr/doc/kismet-2008_05_R1/docs/DEVEL.client
/usr/doc/kismet-2008_05_R1/docs/DEVEL.ipmap
/usr/doc/kismet-2008_05_R1/docs/README.extras
/usr/doc/kismet-2008_05_R1/docs/DEVEL.groupmap
/usr/doc/kismet-2008_05_R1/docs/DEVEL.ssidmap
/usr/doc/kismet-2008_05_R1/kismet.SlackBuild
/usr/doc/kismet-2008_05_R1/TODO
/usr/doc/kismet-2008_05_R1/slack-desc
/usr/doc/kismet-2008_05_R1/README
/usr/doc/kismet-2008_05_R1/GPL
/usr/doc/kismet-2008_05_R1/CHANGELOG
/usr/doc/kismet-2008_05_R1/docs
/usr/doc/kismet-2008_05_R1/docs/DEVEL.client
/usr/doc/kismet-2008_05_R1/docs/DEVEL.ipmap
/usr/doc/kismet-2008_05_R1/docs/README.extras
/usr/doc/kismet-2008_05_R1/docs/DEVEL.groupmap
/usr/doc/kismet-2008_05_R1/docs/DEVEL.ssidmap
/usr/doc/kismet-2008_05_R1/kismet.SlackBuild
/usr/doc/kismet-2008_05_R1/TODO
/usr/doc/kismet-2008_05_R1/slack-desc
/usr/doc/kismet-2008_05_R1/README
/usr/doc/kismet-2008_05_R1/GPL
-------------------------------------------------------------------------------------------------------------------------
Tingal baca
de dengan less.
-------------------------------------------------------------------------------------------------------------------------
#less
/usr/doc/kismet-2008_05_R1/README
-------------------------------------------------------------------------------------------------------------------------
Tujuannya,
biar kita tau support atau tidaknya wifi kita. ntar yang perlu dicari yaitu
dibagian driver dengan hardwarenya. nich yang perlu diperhatikan isi dari file
tersebut.
-------------------------------------------------------------------------------------------------------------------------
Capture
Sources
A capture
source in Kismet is anything which provides packets to the Kismet
engine. Capture sources define the underlying engine needed to capture
data from the interface, how to change channel, and how to enter rfmon
mode. It is necessary to tell Kismet what specific type of card you use
because different drivers often use different methods to report information
and enter monitor mode.
engine. Capture sources define the underlying engine needed to capture
data from the interface, how to change channel, and how to enter rfmon
mode. It is necessary to tell Kismet what specific type of card you use
because different drivers often use different methods to report information
and enter monitor mode.
Source type
Cards OS Driver
————— ——————- ———– ————————-
acx100 TI ACX100 Linux ACX100 http://acx100.sourceforge.net/
ACX100 drivers handle the 22mbit cards branded by D-Link
and others.
————— ——————- ———– ————————-
acx100 TI ACX100 Linux ACX100 http://acx100.sourceforge.net/
ACX100 drivers handle the 22mbit cards branded by D-Link
and others.
admtek
ADMTek Linux ADMTek http://www.latinsud.com/adm8211/ (Patches) http://aluminum.sourmilk.net/adm8211/
(GPL driver)
ADMTek drivers used in many consumer 802.11b cards. With
the patches above, quasi-rfmon is possible – these cards
appear to be almost entirely software controlled and
always in a rfmon-like state. This card WILL BROADCAST
while in rfmon, rendering the sniffer visible.
The fully GPL drivers are supported, in addition to the
hacks to the non-free drivers.
ADMTek drivers used in many consumer 802.11b cards. With
the patches above, quasi-rfmon is possible – these cards
appear to be almost entirely software controlled and
always in a rfmon-like state. This card WILL BROADCAST
while in rfmon, rendering the sniffer visible.
The fully GPL drivers are supported, in addition to the
hacks to the non-free drivers.
Masih banyak
lagi,
nokia8x0 Nokia 800,810 http://maemo.org/
Nokia 8×0 capture interface, including support for
FCS validation.
The Nokia drivers appear to exhibit instability while
capturing where they stop reporting packets. This may
be minimized by setting the Network Scan interval to
“never” in the control panel->networking section.
orinoco
Lucent, Orinoco Linux Patched orinoco_cs http://airsnort.shmoo.com/orinocoinfo.html
The Orinoco drivers which have mainlined into the Linux
kernel do support monitor mode, however only specific firmware
versions are supported and often they do not work.
An up-ported version of the older Orinoco drivers which more
reliably supported rfmon may be available at: http://www.projectiwear.org/~plasmahh/orinoco.html
Generally, Orinoco cards are not recommended for use with
Kismet due to these limitations.
The Orinoco drivers which have mainlined into the Linux
kernel do support monitor mode, however only specific firmware
versions are supported and often they do not work.
An up-ported version of the older Orinoco drivers which more
reliably supported rfmon may be available at: http://www.projectiwear.org/~plasmahh/orinoco.html
Generally, Orinoco cards are not recommended for use with
Kismet due to these limitations.
orinoco_14
Lucent, Orinoco Linux Orinoco 0.14+ https://savannah.nongnu.org/projects/orinoco/
This source is deprecated and should only be used with
pre-release versions of a driver since merged into the Linux
kernel.
This source is deprecated and should only be used with
pre-release versions of a driver since merged into the Linux
kernel.
pcapfile n/a
Any n/a
Capture interface: ‘/path/to/file’
The pcapfile capture source feeds a stored 802.11-encap
dump file through the Kismet engine again. This can be
useful for debugging or rescanning old logs for
alert conditions. Pcapfile sources are only available
if Kismet was compiled with libpcap support.
Capture interface: ‘/path/to/file’
The pcapfile capture source feeds a stored 802.11-encap
dump file through the Kismet engine again. This can be
useful for debugging or rescanning old logs for
alert conditions. Pcapfile sources are only available
if Kismet was compiled with libpcap support.
prism2_openbsd
Prism/2 OpenBSD Kernel
Full support for Prism2 under OpenBSD.
Full support for Prism2 under OpenBSD.
prism54g
PrismGT Linux prism54 http://www.prism54.org
PrismGT 802.11g drivers supporting monitor mode.
PrismGT 802.11g drivers supporting monitor mode.
radiotap_bsd_ab
Radiotap BSD Kernel
Dual-band cards with radiotap headers.
Dual-band cards with radiotap headers.
radiotap_bsd_a
Radiotap BSD Kernel
802.11a cards (or dual-band on 11a channels only) with
radiotap headers.
802.11a cards (or dual-band on 11a channels only) with
radiotap headers.
radiotap_bsd_b
Radiotap BSD Kernel
802.11b/g cards (or dual-band on 11b channels only) with
radiotap headers.
802.11b/g cards (or dual-band on 11b channels only) with
radiotap headers.
rt2400
Ralink 2400 11b Linux rt2400-gpl http://rt2x00.serialmonkey.com/
Ralink 2400 802.11b cards using the serialmonkey GPL’d
rt2x00 drivers. Must use 1.2.2 beta 2 or newer drivers.
Ralink 2400 802.11b cards using the serialmonkey GPL’d
rt2x00 drivers. Must use 1.2.2 beta 2 or newer drivers.
rt2500
Ralink 2500 11g Linux rt2500-gpl http://rt2x00.serialmonkey.com/
Ralink 2500 802.11g cards using the serialmonkey GPL’d
rt2x00 drivers. Must use 1.1.0 beta 2 or newer drivers.
Ralink 2500 802.11g cards using the serialmonkey GPL’d
rt2x00 drivers. Must use 1.1.0 beta 2 or newer drivers.
rt73 Ralink
73 11g Linux rt73-gpl-cvs http://rt2x00.serialmonkey.com/
Ralink 73 802.11g USB cards using the serialmonkey GPL’d
rt79 drivers (tested only with CVS driver versions)
Ralink 73 802.11g USB cards using the serialmonkey GPL’d
rt79 drivers (tested only with CVS driver versions)
rt8180
Realtek 8180 11b Linux rtl8180-sa2400 http://rtl8180-sa2400.sourceforge.net/
Realtek 8180 based cards (there seem to be an awful lot of
them) using the GPL drivers.
Realtek 8180 based cards (there seem to be an awful lot of
them) using the GPL drivers.
viha Airport
OSX viha http://www.dopesquad.net/security/
Monitor mode support for Airport under OSX. Does not
support Airport Extreme.
Monitor mode support for Airport under OSX. Does not
support Airport Extreme.
vtar5k
Atheros 802.11a Linux vtar5k http://team.vantronix.net/ar5k/
vtar5k drivers handle some Atheros 802.11a cards. Chances
are you’ll have better luck with madwifi drivers.
vtar5k drivers handle some Atheros 802.11a cards. Chances
are you’ll have better luck with madwifi drivers.
wlanng_legacy
Prism/2 Linux wlan-ng 0.1.3 and earlier http://www.linux-wlan.com/
Old wlan-ng drivers didn’t support pcap capturing and
use a netlink socket to the kernel. These are still in
use on some embedded systems (like the Zaurus).
Old wlan-ng drivers didn’t support pcap capturing and
use a netlink socket to the kernel. These are still in
use on some embedded systems (like the Zaurus).
wlanng
Prism/2 Linux wlan-ng 0.1.4 – 0.1.9 http://www.linux-wlan.com/
Wlan-ng prism2 drivers prior to the AVS headers.
Wlan-ng prism2 drivers prior to the AVS headers.
wlanng_avs
Prism/2 Linux wlan-ng 0.2.0+ http://www.linux-wlan.com/
Newer wlan-ng drivers support a new header type and
slightly different monitor commands to report wepped
packets.
Newer wlan-ng drivers support a new header type and
slightly different monitor commands to report wepped
packets.
wrt54g
Linksys WRT54G Linux linksys http://seattlewireless.net/index.cgi/LinksysWrt54g
Capture interface: ‘wlX’
Support for the newer firmware versions on the
WRT54G/S/L devices (and any others using the broadcom
reference chipset).
Some systems generate a secondary device, prism0, while
in monitor mode and require special care while channel
hopping, it is no longer necessary to specify the prism0
device explicitly for Kismet.
Capture interface: ‘wlX’
Support for the newer firmware versions on the
WRT54G/S/L devices (and any others using the broadcom
reference chipset).
Some systems generate a secondary device, prism0, while
in monitor mode and require special care while channel
hopping, it is no longer necessary to specify the prism0
device explicitly for Kismet.
wsp100
NetChem WSP100 Any n/a http://networkchemistry.com/
Capture interface: ‘host:port’
The WSP100 is an embedded device which reports 802.11
packets over UDP. The wsp100 capture source is
(generally) system agnostic, however over time it has
been less maintained than others. If you’d like to
send me patches for this, please let me know.
Capture interface: ‘host:port’
The WSP100 is an embedded device which reports 802.11
packets over UDP. The wsp100 capture source is
(generally) system agnostic, however over time it has
been less maintained than others. If you’d like to
send me patches for this, please let me know.
zd1211 ZyDAS
USB Linux zd1211 http://zd1211.ath.cx
The ZD1211 drivers have had some regressions which lead to
data corruption while changing channel. Some versions
work, and typically the aircrack patches resolve the
corruption issues if your version doesn’t properly handle
rfmon.
The ZD1211 drivers have had some regressions which lead to
data corruption while changing channel. Some versions
work, and typically the aircrack patches resolve the
corruption issues if your version doesn’t properly handle
rfmon.
Chipsets
known to NOT WORK:
Broadcom – No linux drivers, only useable with ndiswrapper or
linuxant wrappers around windows drivers.
*** UPDATE ***
See the bcm43xx source type entry. There are
experimental reverse-engineered drivers which have
monitor mode support now under Linux! If they don’t
work, however, then too bad.
Airport Extreme – Really a Broadcom, with no rfmon in the OSX drivers.
*** UPDATE ***
See the bcm source for linux on ppc, it MAY work, it
may not. Currently theres no solution for OSX but
I’m looking for OSX hackers interested in redoing the
Kismet port and looking into adding more support.
Atmel – There is a hack for pseudo-monitor in USB. There is
currently no equivalent hack for PCMCIA.
HermesII – Proxim successor to the Orinoco/HermesI. No support
yet in the drivers, may be available in the future.
ndiswrapper – Anything using ndiswrapper is using WINDOWS drivers
AND CAN NOT BE USED WITH KISMET.
Broadcom – No linux drivers, only useable with ndiswrapper or
linuxant wrappers around windows drivers.
*** UPDATE ***
See the bcm43xx source type entry. There are
experimental reverse-engineered drivers which have
monitor mode support now under Linux! If they don’t
work, however, then too bad.
Airport Extreme – Really a Broadcom, with no rfmon in the OSX drivers.
*** UPDATE ***
See the bcm source for linux on ppc, it MAY work, it
may not. Currently theres no solution for OSX but
I’m looking for OSX hackers interested in redoing the
Kismet port and looking into adding more support.
Atmel – There is a hack for pseudo-monitor in USB. There is
currently no equivalent hack for PCMCIA.
HermesII – Proxim successor to the Orinoco/HermesI. No support
yet in the drivers, may be available in the future.
ndiswrapper – Anything using ndiswrapper is using WINDOWS drivers
AND CAN NOT BE USED WITH KISMET.
-------------------------------------------------------------------------------------------------------------------------
Nah, dari
sana anda perhatikan wifi anda dengan card yang support. Untuk mencocokkannya,
gunakan aja utility dari aircrack-ng yaitu airmon-ng. Tinggal ketik aja
airmon-ng :
-------------------------------------------------------------------------------------------------------------------------
#airmond-ng
-------------------------------------------------------------------------------------------------------------------------
Interface
Chipset Driver
wlan0
Unknown ndiswrapper
Ternyata
wifi saya nich makek ndiswrapper. ternyata blum bisa. soalnya card saya
sebenarnya bcm4312dan sangat terbaru, tentunya blum ada driver linux yang
support dengan kismet. Kepaksa makek driver windows deh untuk linuxnya.
Anggap saja
punya saya support ya dengan driver b43 misalnya. Tinggal atur de file konfig
si kismet yang berada di /etc/kismet/kismet.conf :
-------------------------------------------------------------------------------------------------------------------------
#vim
/etc/kismet/kismet.conf
-------------------------------------------------------------------------------------------------------------------------
Yang paling
penting itu, cari file ini lo.
-------------------------------------------------------------------------------------------------------------------------
# User to
setid to (should be your normal user)
suiduser=nick
suiduser=nick
# Sources
are defined as:
# source=sourcetype,interface,name[,initialchannel]
# Source types and required drivers are listed in the README under the
# CAPTURE SOURCES section.
# The initial channel is optional, if hopping is not enabled it can be used
# to set the channel the interface listens on.
# YOU MUST CHANGE THIS TO BE THE SOURCE YOU WANT TO USE
# source=none,none,addme
source=zd1211,wlan1,zd1211rw – [phy2]
# source=sourcetype,interface,name[,initialchannel]
# Source types and required drivers are listed in the README under the
# CAPTURE SOURCES section.
# The initial channel is optional, if hopping is not enabled it can be used
# to set the channel the interface listens on.
# YOU MUST CHANGE THIS TO BE THE SOURCE YOU WANT TO USE
# source=none,none,addme
source=zd1211,wlan1,zd1211rw – [phy2]
---------------------------------------------------------------------------------------------------------------------------
Yang nick
ntu tinggal ganti dengan user login anda. Kemudian source=XXX,XXX,XXX isikan
sesuai dengan driver yang terdeteksi oleh airmon-ng tadi.
Langkah
terakhir, tinggal jalanin de kismetnya dengan akses root :
-------------------------------------------------------------------------------------------------------------------------
#kismet
-------------------------------------------------------------------------------------------------------------------------
Saatnya
kismet beraksi. saatnya anda melakukan hacking wifi. Pokoke gampang dan enak
banget lah bisa maling mac orang untuk ngenet dikampus.
Tidak ada komentar:
Posting Komentar