Hey guys, today we are here
with a new tutorial that will teach you how to crack a WEP WiFi password using
Backtrack 5. It is quite a simple
process. It is much less likely these days to find a wireless network running
WEP, but it happens but it will be mostly residential networks.
Be patient as the tutorial is little bit long so follow each and every step J
Note :- Before reding this tutorial, you must have to read our previous “Backtrack
setup” tutorial !
Step -1 : Boot your
copy of Backtrack from your USB drive (refer to our article on How to installBacktrack 5 into a USB Stick).
Step 2 : Once booted you will be prompted for the login details,
enter usename as “root” and password as “toor”, finally enter “startx” to start backtrack.
Step 3 : Now once you have logged in, launch a new konsole
terminal by clicking the konsole terminal icon which is on the taskbar.
Step 5 : Now plug in your Wifi USB Card and type in the following
commands in the terminal :
ifconfig wlan0 up
where wlan0 is the name of your wireless card
,it can be different .To see all wireless cards connected to your system simply
type “iwconfig”.
Step 6 : Put your WiFi Card on Monitor
Mode : Monitor mode is the
mode whereby your card can listen to every packet in the air ,It is similar to
a Promiscuous mode which is used for packet sniffing in a LAN .You can put your
card into Monitor mode by entering the following commands in a terminal as
shown :
airmon-ng start (your interface)
For example if
interface is (wlan0) :- airmon-ng start wlan0
Now a new
interface mon0 or ath0 will be created , You can see the new interface in monitor
mode by entering “iwconfig”.
Step 7 : Now after putting the card in monitor mode you will need to
monitor the air for available wireless networks (WiFi connections)around
you , For this you’ll have to use a tool called “airodump”.
So you can start monitoring the air with airodump by entering the following commands as shown :
airodump-ng mon0
where mon0 is the new
interface which we have created in the previous step.
Remember : Bssid shows the mac address of the AP, CH shows the channel in which AP is broadcasted and Essid shows the name broadcasted by the AP, Cipher shows the encryption type .
Stop the process
by pressing “Ctrl + C” and select your target , Since here we are only
cracking WEP so we take “amazinghacks” as my target from now on.
Step 8 : Now to crack WEP key, you’ll have to
capture the target’s data into a file. To do this we will use airodump tool again, but with some
additional switches to target a specific AP and channel. You should restrict
monitoring to a single channel to speed up data collection, otherwise the
wireless card has to alternate between all channels.
You can restrict the capturing by entering the commands as shown :
airodump-ng mon0 --bssid -c (channel ) -w
(file name to save )
As my target is
broadcasted in channel 1 and has bssid “3c:1e:04:19:bc:eb”, we had given
in the following commands and save the captured data as “amazinghackswep”.
airodump-ng
mon0 --bssid 3c:1e:04:19:bc:eb -c 1 -w amazinghackswep
Be careful to not
to close this terminal (run other commands simultaneously in an another
terminal).
Step 9 : Now you will have to capture at least 25,000
data packets to crack WEP. This can be done in two ways, first one would be a passive
attack, in this you have to wait for a client to connect to the AP and then
start capturing the data packets but this method is very slow, it can take days
or even weeks to capture that much of data packets and the second method would
be an active attack, in this method the process done is fast and only takes
minutes to generate and inject that much packets. In an active attack you’ll
have to do a Fake Authentication (connect) with the AP, and then you’ll
have to generate and inject data packets. This can be done very easily by using
a tool called “aireplay”.
So you can do a Fake Authentication with the AP using aireplay by
entering the following commands in a new terminal :
aireplay-ng - 1 3 -a (bssid for
the target ) (interface)
In my case I will
enter the following :
aireplay-ng -1
3 -a 3c:1e:04:19:bc:eb mon0
After doing a fake
auth., now its time to generate and inject Arp(data) packets . To this you’ll have
to open a terminal simultaneously and enter the command shown :
aireplay-ng 3 -b (bssid of target)
-h ( address of your card (mon0)) (interface)
Again in my case I
will enter
aireplay-ng 3 -b 3c:1e:04:19:bc:eb -h
00:e3:ca:11:f8:23 mon0
If this step was successful
you’ll see lot of data packets in the airodump capture(step 7).
Step 10 : Wait
till it reaches at least 25000 packets, best would be to wait till it reaches around
80,000 to 90,000 packets. It will be simple and easy to crack WEP if more data
packets are present. Once you captured enough number of packets, close all the
process’s by pressing “Ctrl +c”.
Step 11 : Now its time crack the WEP key from the captured data, we
use Aircrack to achieve this so little more work is reqired so just enter the
following commands to crack the WEP key :
aircrack-ng (name of the captured
file)
In my case I will
enter :
aircrack-ng amazinghackswep0.1-cap
Within a few
minutes Aircrak will crack the WEP key.
Thanks for reading us. We hope that this tutorial will help you. Share this post if you liked it. Now enjoy with your cracked wifi J
0 comments:
Hey Guys,
We are here to solve your problems related to technology and hacking
So keep visiting to the website to be updated