WEP stands for Wired Equivalent Privacy, a standard for WiFi wireless network security.But A WEP key is a security code used on some Wi-Fi networks. WEP
keys allow a group of devices on a local network (such as a home
network) to exchange encoded messages with each other while hiding the
contents of the messages from easy viewing by outsiders.
A WEP key is a sequence of hexadecimal digits. These digits include the numbers 0-9 and the letters A-F. Some examples of WEP keys are:
WEP keys are chosen by a network administrator. WEP keys are set on Wi-Fi routers, adapters and other wireless network devices. Matching WEP keys must be set on each device for them to communicate with each other.
The length of a WEP key depends on the type of WEP security (called "encryption") utilized:
First of all here is what you need. I will cover all of these in more detail later.
You need:
-A wireless adapter with the RTL8187 chipset
-To be able to run Backtrack 4
-Access to a WEP encrpyted network
Having the correct chipset
You need to have a RTL8187 chipset for the method that i am going to show for it to work. The easiest method of doing this is buying an ALFA AWUS036H Wireless adapter; these are very popular among the hacker community as they have excellent range and they have the all important RTL8187 chipset, that allows it to work with the aircrack-ng suite. They cost around £30 so if you are not prepared to get one stop reading now.
This adapter is compatible with all OS =]
Once you have your shiny new adapter, install the driver and have a play about!
then install backtrack4.
If you are practicing on a network that you do not have permission to test on [I dont know why you would ;)] Then it may be a good idea to spoof your mac address. This is like an IP address for your computer.
First you need to determine your devices names and modes. This is easily done by opening Konsole and using the following command
Here we can see all of my wireless devices and their chipsets. The first one is my Alfa adapter, the second is of inbuilt card. [You can tell by the RTL8187 chipset]
We now need to put it into monitor mode; we do this by using the following command. Where i put <interface> you need to put the name given to your RTL8187. As you can see mine is "wlan0"
Selecting a target
Open up a terminal and type
Next you need to filter your list of networks, and select a specific target. To do this type the following:
For <bssid> enter the bssid of the network you wish to crack; for
<channel> put the number of the channel the network is on, and for
<filename> put a name for the file you wish to save the data that
you will be capturing. It is a good idea to name the file after the
essid of the network; this means that if you crack several networks you
wont be confused as to which password belongs to which network. So for
my example i will target NETGEAR-KD:
And that will look like this:
Collecting Data
Now our main aim is to collect as much data as possible, that way we can decrypt it and gain the key from the data we have captured. At the moment you can see the #Data column will be going up very slowly, we need that to reach around 20,000. Once we have that number of packets we can begin to decrypt it and eventually gain the key.
So to increase the #Data first we must associate ourselves with the router to do this open a new terminal and type the following:
So for my example i will run this;
And this is what it will look like:
Next we need to make the router send us lots of data, to do this type:
So in my example i will type:
When successful it will look like this, but ACKS and ARP request should be increasing:
Now flick back to your airodump-ng window and you should see the #Data column rising very fast! Once you reach around 5000 #Data you an start cracking!
Cracking
Ok now all you need to do is crack the #Data that you are capturing. To do this open a new terminal and enter the following command:
So for my example it is:
A window like this will appear:
Now all you have to do is leave it alone, it will attempt to crack the key for every 5000 #Data you collect, this means that as soon as the #Data column starts to increase you can run aircrack and put your feet up! It shouldn't take long but depending on the connection and network activity it may take a while.
PROTIP: If you have multiple capture files from the same network say for example NETGEAR-KD-01.cap, NETGEAR-KD-02.cap; you can combine them and add the IV's like this:
And here you have your cracked key! Note that the key is separated by colons, so [12:34:56:78] =12345678
Thank you for reading and i hope this has helped.
A WEP key is a sequence of hexadecimal digits. These digits include the numbers 0-9 and the letters A-F. Some examples of WEP keys are:
WEP keys are chosen by a network administrator. WEP keys are set on Wi-Fi routers, adapters and other wireless network devices. Matching WEP keys must be set on each device for them to communicate with each other.
The length of a WEP key depends on the type of WEP security (called "encryption") utilized:
- 40- / 64-bit WEP: 10 digit key
- 104- / 128-bit WEP: 26 digit key
- 256-bit WEP: 58 digit key
First of all here is what you need. I will cover all of these in more detail later.
You need:
-A wireless adapter with the RTL8187 chipset
-To be able to run Backtrack 4
-Access to a WEP encrpyted network
Having the correct chipset
You need to have a RTL8187 chipset for the method that i am going to show for it to work. The easiest method of doing this is buying an ALFA AWUS036H Wireless adapter; these are very popular among the hacker community as they have excellent range and they have the all important RTL8187 chipset, that allows it to work with the aircrack-ng suite. They cost around £30 so if you are not prepared to get one stop reading now.
This adapter is compatible with all OS =]
Once you have your shiny new adapter, install the driver and have a play about!
then install backtrack4.
If you are practicing on a network that you do not have permission to test on [I dont know why you would ;)] Then it may be a good idea to spoof your mac address. This is like an IP address for your computer.
First you need to determine your devices names and modes. This is easily done by opening Konsole and using the following command
Here we can see all of my wireless devices and their chipsets. The first one is my Alfa adapter, the second is of inbuilt card. [You can tell by the RTL8187 chipset]
We now need to put it into monitor mode; we do this by using the following command. Where i put <interface> you need to put the name given to your RTL8187. As you can see mine is "wlan0"
Code:
airmon-ng start <interface>
As you can see "monitor mode has been enabled on mon0" from now on the interface that you should use is "mon0"
Now moving on to hiding your IP address
You should see something like this. Your mac address will be different to mine of course.
Now moving on to hiding your IP address
Code:
ifconfig mon0 down
macchanger -s mon0
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up
Selecting a target
Open up a terminal and type
Code:
airodump-ng mon0
Next you need to filter your list of networks, and select a specific target. To do this type the following:
Code:
airodump-ng --bssid <bssid> -c <channel> -w <Filename> mon0
Code:
airodump-ng --bssid 00:0F:B5:B3:79:6E -c 1 -w NETGEAR-KD mon0
Collecting Data
Now our main aim is to collect as much data as possible, that way we can decrypt it and gain the key from the data we have captured. At the moment you can see the #Data column will be going up very slowly, we need that to reach around 20,000. Once we have that number of packets we can begin to decrypt it and eventually gain the key.
So to increase the #Data first we must associate ourselves with the router to do this open a new terminal and type the following:
Code:
aireplay-ng -1 0 -a <bssid> -h <mon0 MAC address> -e <essid> mon0
So for my example i will run this;
Code:
aireplay-ng -1 0 -a 00:0F:B5:B3:79:6E-h 00:11:22:33:44:55 -e NETGEAR-KD mon0
And this is what it will look like:
Next we need to make the router send us lots of data, to do this type:
Code:
aireplay-ng -3 -b <bssid> -h <mon0 MAC address> mon0
So in my example i will type:
Code:
aireplay-ng -3 -b 00:0F:B5:B3:79:6E -h 00:11:22:33:44:55 mon0
When successful it will look like this, but ACKS and ARP request should be increasing:
Now flick back to your airodump-ng window and you should see the #Data column rising very fast! Once you reach around 5000 #Data you an start cracking!
Cracking
Ok now all you need to do is crack the #Data that you are capturing. To do this open a new terminal and enter the following command:
Code:
aircrack-ng <filename-01.cap>
So for my example it is:
Code:
aircrack-ng NETGEAR-KD.cap
A window like this will appear:
Now all you have to do is leave it alone, it will attempt to crack the key for every 5000 #Data you collect, this means that as soon as the #Data column starts to increase you can run aircrack and put your feet up! It shouldn't take long but depending on the connection and network activity it may take a while.
PROTIP: If you have multiple capture files from the same network say for example NETGEAR-KD-01.cap, NETGEAR-KD-02.cap; you can combine them and add the IV's like this:
Code:
aircrack-ng /root/NETGEAR-KD-0*.cap
And here you have your cracked key! Note that the key is separated by colons, so [12:34:56:78] =12345678
Thank you for reading and i hope this has helped.
No comments:
Post a Comment