In my previous article WiFi Hacking Part 1, i wrote about the necessary tools and stuff that you require for WiFi Hacking .If you have not read the article, please go through it before reading this one
In this article i will explain how you can crack wireless network's WEP key using Backtrack in six easy steps
WiFi Hacking Part 2
I believe all my blog readers have read the previous article WiFi Hacking Part 1, and know what are the tools and stuff that you require for WiFi hacking
Commonly Used Terms :-
Cracking WEP Using Backtrack
Step -1 Booting Backtrack
Boot your copy of Backtrack from your USB drive (refer my article on how to make a bootable Backtrack USB ),Once booted you will be prompted for the login details, enter usename as "root" and password as "toor", finally enter "startx " to start backtrack .Now once you have logged in, launch a new konsole terminal by clicking the konsole terminal icon which is there on the task bar .Now plug in your Wifi usb card and type in the following commands in the terminal as shown
Step -2 Putting your WiFi card on Monitor Mode
The purpose of this step is to put your card into what is called monitor mode. Monitor mode is the mode whereby your card can listen to every packet in the air ,It is similar to a Promiscuous mode which is used for packet sniffing in a LAN .You can put your card into Monitor mode by entering the following commands in a terminal
Now a new interface mon0 or ath0 will be created , You can see the new interface is in monitor mode by entering "iwconfig" as shown
Step -3 Monitor the air for WiFI connections
Now after putting the card in monitor mode you will need to monitor the air for available wireless networks (WiFi connections)around you , For this you'll have to use a tool called "airodump" .
So you can start monitoring the air with airodump by enter the following commands
Stop the process by pressing "ctrl +c " and select your target ,Since i am only cracking WEP i will take "johny" as my target from now on
Step -4 Capturing Data with Airodump
Now to crack the WEP key you'll have to capture the targets data into a file, To do this we use airodump tool again, but with some additional switches to target a specific AP and channel. Most importantly, you should restrict monitoring to a single channel to speed up data collection, otherwise the wireless card has to alternate between all channels .You can restrict the capture by giving in the following commands
Step -5 Using Aireplay to Speed up the cracking
You will have to capture at least 25,000 data packets to crack WEP .This can be done in two ways, The first one would be a (passive attack ) wait for a client to connect to the AP and then start capturing the data packets but this method is very slow, it can take days or even weeks to capture that many data packets
The second method would be an (active attack )this method is fast and only takes minutes to generate and inject that many packets .
In an active attack you'll have do a Fake authentication (connect) with the AP ,then you'll have to generate and inject data packets.This can be done very easily by using a tool called "aireplay"
So you can do a Fake authentication with the AP using aireplay by entering the following commands in a new terminal
After doing a fake auth ,now its time to generate and inject Arp (data )packets . To this you'll have to open a terminal simultaneously and enter the following commands
Wait till it reaches at least 25000 packets , best would be to wait till it reaches around 80,000 to 90,000 packets .Its simple more the data packets less the time to crack .once you captured enough number of packets, close all the process's by pressing "Ctrl +c" or by simply clicking the into mark which is there on the terminal
Strep -6 Cracking WEP key using Aircrack
Now its time crack the WEP key from the captured data, we use Aircrack to achieve this
Enter the following commands to crack the WEP key
Voila you have successfully cracked the WEP key in Six simple steps
In this article i will explain how you can crack wireless network's WEP key using Backtrack in six easy steps
WiFi Hacking Part 2
I believe all my blog readers have read the previous article WiFi Hacking Part 1, and know what are the tools and stuff that you require for WiFi hacking
Commonly Used Terms :-
- WEP - Wired Equivalency Privacy, it is a security protocol for Wi-Fi networks
- Access Point (AP)- A wireless router
- MAC Address - Media Access Control address, a unique id assigned to wireless adapters and routers .It comes in hexadecimal format (ie 00:15:eR:21:a3:63)
- BSSID - Access Point’s MAC address
- ESSID - Access Point’s Broadcast name
Cracking WEP Using Backtrack
Step -1 Booting Backtrack
Boot your copy of Backtrack from your USB drive (refer my article on how to make a bootable Backtrack USB ),Once booted you will be prompted for the login details, enter usename as "root" and password as "toor", finally enter "startx " to start backtrack .Now once you have logged in, launch a new konsole terminal by clicking the konsole terminal icon which is there on the task bar .Now plug in your Wifi usb card and type in the following commands in the terminal as shown
ifconfig wlan0 up
where wlan0 is the name of the wireless card ,it can be different .To see all wireless cards connected to your system simply type" iwconfig "
Step -2 Putting your WiFi card on Monitor Mode
The purpose of this step is to put your card into what is called monitor mode. Monitor mode is the mode whereby your card can listen to every packet in the air ,It is similar to a Promiscuous mode which is used for packet sniffing in a LAN .You can put your card into Monitor mode by entering the following commands in a terminal
airmon-ng start (your interface)
Example :- airmon-ng start wlan0
Now a new interface mon0 or ath0 will be created , You can see the new interface is in monitor mode by entering "iwconfig" as shown
Step -3 Monitor the air for WiFI connections
Now after putting the card in monitor mode you will need to monitor the air for available wireless networks (WiFi connections)around you , For this you'll have to use a tool called "airodump" .
So you can start monitoring the air with airodump by enter the following commands
airodump-ng mon0Bssid shows the mac address of the AP, CH shows the channel in which AP is broadcasted and Essid shows the name broadcasted by the AP, Cipher shows the encryption type ,
where mon0 is the new interface which we created in the previous step
Stop the process by pressing "ctrl +c " and select your target ,Since i am only cracking WEP i will take "johny" as my target from now on
Step -4 Capturing Data with Airodump
Now to crack the WEP key you'll have to capture the targets data into a file, To do this we use airodump tool again, but with some additional switches to target a specific AP and channel. Most importantly, you should restrict monitoring to a single channel to speed up data collection, otherwise the wireless card has to alternate between all channels .You can restrict the capture by giving in the following commands
airodump-ng mon0 --bssid -c (channel ) -w (file name to save )As my target is broadcasted in channel 2 and has bssid "98:fc:11:c9:14:22" ,I give in the following commands and save the captured data as "johnywep"
airodump-ng mon0 --bssid 98:fc:11:c9:14:22 -c 2 -w johnywepDo not close this terminal (run the other commends simultaneously in an another terminal)
Step -5 Using Aireplay to Speed up the cracking
You will have to capture at least 25,000 data packets to crack WEP .This can be done in two ways, The first one would be a (passive attack ) wait for a client to connect to the AP and then start capturing the data packets but this method is very slow, it can take days or even weeks to capture that many data packets
The second method would be an (active attack )this method is fast and only takes minutes to generate and inject that many packets .
In an active attack you'll have do a Fake authentication (connect) with the AP ,then you'll have to generate and inject data packets.This can be done very easily by using a tool called "aireplay"
So you can do a Fake authentication with the AP using aireplay by entering the following commands in a new terminal
aireplay-ng - 1 3 -a (bssid fo the target ) (interface)
In my case i enter the following
aireplay-ng -1 3 -a 98:fc:11:c9:14:22 mon0
After doing a fake auth ,now its time to generate and inject Arp (data )packets . To this you'll have to open a terminal simultaneously and enter the following commands
aireplay-ng 3 -b (bssid of target) -h ( address of your card (mon0)) (interface)If this step was successful you'll see Lot of data packets in the airodump capture ( step 4 ) as shown
In my case i enter
aireplay-ng 3 -b 98:fc:11:c9:14:22 -h 00:c0:ca:50:f8:32 mon0
Wait till it reaches at least 25000 packets , best would be to wait till it reaches around 80,000 to 90,000 packets .Its simple more the data packets less the time to crack .once you captured enough number of packets, close all the process's by pressing "Ctrl +c" or by simply clicking the into mark which is there on the terminal
Strep -6 Cracking WEP key using Aircrack
Now its time crack the WEP key from the captured data, we use Aircrack to achieve this
Enter the following commands to crack the WEP key
aircrack-ng (name of the captured file (step 4) )In my case i enteraircrack-ng johnywep-0.1-cap
With in a few minutes Aircrak will crack the WEP key as shown
Voila you have successfully cracked the WEP key in Six simple steps
Post a Comment