Documente Academic
Documente Profesional
Documente Cultură
As announced before we would be writing related to wifi attacks and security !his "ost is the second "art of our series on wifi attacks and #ecurity $n the first "art we discussed about %arious ter&inologies related to wifi attacks and security and discussed cou"le of attacks' !his "ost will also show you how one can easily crack WEP keys in no ti&e'
WEP (Wired E)ui%alent Pri%acy* was "ro%ed full of flaws back in +,,- WEP "rotocol itself has so&e weakness which allows the attackers to crack the& in no ti&e' !he biggest flaw "robably in a WEP key is that it su""orts only .,bit encry"tion which &eans that there are -/&illion "ossibilities only'
0or &ore infor&ation on WEP flaws kindly read the WEP flaws section here'
1e)uire&ents 23
+' A Wifi ada"ter ca"able of in6ecting "ackets 0or this tutorial $ will use Alfa AW7#,8/H which is a %ery "o"ular card and it "erfor&s well with Backtrack
Procedure 23
0irst 4ogin to your Backtrack : 4inu5 distro and "lug in your Wifi ad"ter ;"en a new konsole and ty"e in the following co&&ands
where wlan, is the na&e of the wireless card it can be different '!o see all wireless cards connected to your syste& si&"ly ty"e in < iwconfig <'
!o begin you>ll need to first "ut your wireless ada"ter into &onitor &ode =onitor &ode is the &ode whereby your card can listen to e%ery "acket in the air 9ou can "ut your card into &onitor &ode by ty"ing in the following co&&ands
?ow a new interface &on, will be created 9ou can see the new interface is in &onitor &ode by entering <iwconfig &on,< as shown
After "utting your card into &onitor &ode we need to find a network that is "rotected by WEP' 9ou can disco%er the surrounding networks by entering the following co&&and
airodu&"3ng &on,
Bssid shows the &ac address of the AP CH shows the channel in which AP is broadcasted and Essid shows the na&e broadcasted by the AP Ci"her shows the encry"tion ty"e'
?ow look out for a we" "rotected network $n &y case i>ll take @linksys @ as &y target for rest of the tutorial
?ow to crack the WEP key youAll ha%e to ca"ture the targets data into a file !o do this we use airodu&" tool again but with so&e additional switches to target a s"ecific AP and channel' =ost i&"ortantly you should restrict &onitoring to a single channel to s"eed u" data collection otherwise the wireless card has to alternate between all
channels '9ou can restrict the ca"ture by gi%ing in the following co&&ands
As &y target is broadcasted in channel / and has a bssid <BC2fc2--2cB2-.2++< $ gi%e in the following co&&ands and sa%e the ca"tured data as <1HAWEP<
?ow you>ll ha%e to ca"ture at least +, ,,, data "ackets to crack WEP '!his can be done in two ways !he first one would be a ("assi%e attack * wait for a client to connect to the AP and then start ca"turing the data "ackets but this ðod is %ery slow it can take days or e%en weeks to ca"ture that &any data "ackets
!he second ðod would be an (acti%e attack *this ðod is fast and only takes &inutes to generate and in6ect that &any "ackets '
$n an acti%e attack youAll ha%e do a 0ake authentication (connect* with the AP then youAll ha%e to generate and in6ect "ackets' !his can be done %ery easily by entering the following co&&ands
After doing a fake authentication now its ti&e to generate and in6ect Ar" "ackets ' !o this youAll ha%e to o"en a new Konsole si&ultaneously and ty"e in the following co&&ands
$f this ste" was successful youAll see 4ot of data "ackets in the airodu&" ca"ture as shown
Wait till it reaches +,,,, "ackets best would be to wait till it reaches around C, ,,, to
B, ,,, "ackets '$ts si&"le &ore the "ackets less the ti&e to crack ';nce you>%e ca"tured enough nu&ber of "ackets close all the "rocessAs by clicking the into &ark which is there on the ter&inal
?ow its ti&e crack the WEP key fro& the ca"tured data Enter the following co&&ands in a new konsole to crack the WEP key
With in a few &inutes Aircrak will crack the WEP key as shown
;nce the crack is successful you will be left with the KE9D 1e&o%e the colons fro& the out"ut and you>ll ha%e your WEP Key'
Ho"e 9ou En6oyed this tutorial 0or further Eoubts and clarifications "lease "ass your co&&ents
#ource Posted in2 Backtrack Beginner Hacking Hacking How3to !utorials 1elated Posts