How to Crack WEP Key With Backtrack 5 [wifi hacking]

As announced before we would be writing related to wifi attacks and security !his "ost is the second "art of our series on wifi attacks and #ecurity $n the first "art we discussed about %arious ter&inologies related to wifi attacks and security and discussed cou"le of attacks' !his "ost will also show you how one can easily crack WEP keys in no ti&e'

#ecurity $ssues With WEP

WEP (Wired E)ui%alent Pri%acy* was "ro%ed full of flaws back in +,,- WEP "rotocol itself has so&e weakness which allows the attackers to crack the& in no ti&e' !he biggest flaw "robably in a WEP key is that it su""orts only .,bit encry"tion which &eans that there are -/&illion "ossibilities only'

0or &ore infor&ation on WEP flaws kindly read the WEP flaws section here'

1e)uire&ents 23

Here is what you would re)uire to crack a WEP key2

-' Backtrack or any other 4inu5 distro with aircrack3ng installed

+' A Wifi ada"ter ca"able of in6ecting "ackets 0or this tutorial $ will use Alfa AW7#,8/H which is a %ery "o"ular card and it "erfor&s well with Backtrack

9ou can find co&"atible wifi card lists here'

Procedure 23

0irst 4ogin to your Backtrack : 4inu5 distro and "lug in your Wifi ad"ter ;"en a new konsole and ty"e in the following co&&ands

ifconfig wlan, u"

where wlan, is the na&e of the wireless card it can be different '!o see all wireless cards connected to your syste& si&"ly ty"e in < iwconfig <'

Putting your Wi0i Ada"ter on =onitor =ode

!o begin you>ll need to first "ut your wireless ada"ter into &onitor &ode =onitor &ode is the &ode whereby your card can listen to e%ery "acket in the air 9ou can "ut your card into &onitor &ode by ty"ing in the following co&&ands

air&on3ng start (your interface*

E5a&"le 23 air&on3ng start wlan,

?ow a new interface &on, will be created 9ou can see the new interface is in &onitor &ode by entering <iwconfig &on,< as shown

0inding a suitable !arget

After "utting your card into &onitor &ode we need to find a network that is "rotected by WEP' 9ou can disco%er the surrounding networks by entering the following co&&and

airodu&"3ng &on,

Bssid shows the &ac address of the AP CH shows the channel in which AP is broadcasted and Essid shows the na&e broadcasted by the AP Ci"her shows the encry"tion ty"e'

?ow look out for a we" "rotected network $n &y case i>ll take @linksys @ as &y target for rest of the tutorial

Attacking !he !arget

?ow to crack the WEP key youAll ha%e to ca"ture the targets data into a file !o do this we use airodu&" tool again but with so&e additional switches to target a s"ecific AP and channel' =ost i&"ortantly you should restrict &onitoring to a single channel to s"eed u" data collection otherwise the wireless card has to alternate between all

channels '9ou can restrict the ca"ture by gi%ing in the following co&&ands

airodu&"3ng &on, 33bssid 3c (channel * 3w (file na&e to sa%e *

As &y target is broadcasted in channel / and has a bssid <BC2fc2--2cB2-.2++< $ gi%e in the following co&&ands and sa%e the ca"tured data as <1HAWEP<

airodu&"3ng &on, 33bssid BC2fc2--2cB2-.2++ 3c / 3w 1HAWEP

7sing Aire"lay to #"eed u" the cracking

?ow you>ll ha%e to ca"ture at least +, ,,, data "ackets to crack WEP '!his can be done in two ways !he first one would be a ("assi%e attack * wait for a client to connect to the AP and then start ca"turing the data "ackets but this &ethod is %ery slow it can take days or e%en weeks to ca"ture that &any data "ackets

!he second &ethod would be an (acti%e attack *this &ethod is fast and only takes &inutes to generate and in6ect that &any "ackets '

$n an acti%e attack youAll ha%e do a 0ake authentication (connect* with the AP then youAll ha%e to generate and in6ect "ackets' !his can be done %ery easily by entering the following co&&ands

aire"lay3ng 3 - 8 3a (bssid of the target * (interface*

$n &y case i enter the following co&&ands

aire"lay3ng 3- 8 3a BC2fc2--2cB2-.2++ &on,

After doing a fake authentication now its ti&e to generate and in6ect Ar" "ackets ' !o this youAll ha%e to o"en a new Konsole si&ultaneously and ty"e in the following co&&ands

aire"lay3ng 8 3b (bssid of target* 3h ( =ac address of &on,* (interface*

$n &y case i enter aire"lay3ng 8 3b BC2fc2--2cB2-.2++ 3h ,,2c,2ca25,2fC28+ &on,

$f this ste" was successful youAll see 4ot of data "ackets in the airodu&" ca"ture as shown

Wait till it reaches +,,,, "ackets best would be to wait till it reaches around C, ,,, to

B, ,,, "ackets '$ts si&"le &ore the "ackets less the ti&e to crack ';nce you>%e ca"tured enough nu&ber of "ackets close all the "rocessAs by clicking the into &ark which is there on the ter&inal

Cracking WEP key using Aircrack

?ow its ti&e crack the WEP key fro& the ca"tured data Enter the following co&&ands in a new konsole to crack the WEP key

aircrack3ng (na&e of the file *

$n &y case i enter aircrack3ng 1HAWEP3,'-3ca"

With in a few &inutes Aircrak will crack the WEP key as shown

;nce the crack is successful you will be left with the KE9D 1e&o%e the colons fro& the out"ut and you>ll ha%e your WEP Key'

Ho"e 9ou En6oyed this tutorial 0or further Eoubts and clarifications "lease "ass your co&&ents

#ource Posted in2 Backtrack Beginner Hacking Hacking How3to !utorials 1elated Posts

$ncrease $E= Eownload #"eed using $'''

How !o By"ass Anti%irus Eetection 3'''

7lti&ate 4ist of WhatsA"" Hacks F P'''

How to 1e&o%e Ads fro& Android A""s'''

How to #ecure a 4inu5 #er%er ?ewer Post ;lder Post Ho&e