Receive all updates via Facebook. Just Click the Like Button Below...

Powered By

Monday, March 4, 2013

Cracking WEP | Hack WiFi Password Using Backtrack

Everyone using a PC will have internet. And about 75% of them is for sure to have a WiFi modem. But the thing matters is all about the speed of internet, the speed of download. If you'r jealous of your neighbors internet, and if they have a modem. Here is a hack that might come in handy all the time. Now without any more lectures, i will start explaining with steps on hacking a WiFi modem.

Using the below steps you will get the password of your neighbor or any other modem.

Lets first start with the things you need

Wireless Adapter:-

The biggest requirement you'll need is a wireless adapter that's capable of packet injection, there are many cards capable of injecting packets, You can search  Google for the compatibility list of WiFi Cards

I use Alfa AWUS036H which is a very popular card and it performs well with Backtrack

Back Track Live DVD/CD or USB:-

Backtrack is a Linux distro with all  the essential tools required for penetration testing , I saw a blog which has written  articles on how to make a backtrack live CD / USB ,If your new here i would recommend you to read the following articles to get a better understanding of what backtrack is and how you can use it 
  • How to Install Backtrack - On Vmware
  • How To Make a Bootable Backtrack CD / USB

Now starting with steps:-

Cracking WiFi using Backtrack:-

Step -1 Booting Backtrack

Boot your copy of Backtrack from your USB drive (refer article on how to make a bootable Backtrack USB ),Once booted you will be prompted for the login details, enter usename as "root" and password as "toor", finally enter "startx " to start backtrack .Now once you have logged in, launch a new konsole terminal by clicking the konsole terminal icon which is there on the task bar .Now plug in your Wifi usb card and type in the following commands in the terminal as shown
ifconfig wlan0 up

where wlan0 is the name of the wireless card,it can be different .To see all wireless cards connected to your system simply type" iwconfig "

Step -2 Putting your WiFi Card on Monitor Mode

The purpose of this step is to put your card into what is called monitor mode. Monitor mode is the mode whereby your card can listen to every packet in the air ,It is similar to a Promiscuous mode which is used for packet sniffing in a LAN .You can put your card into Monitor mode by entering the following commands in a terminal
airmon-ng  start (your interface)

Example :- airmon-ng  start wlan0

Now a new interface mon0 or ath0 will be created , You can see the new interface is in monitor mode by entering "iwconfig" as shown

Step -3  Monitor the air for WiFi Connections

Now after putting the card in monitor mode you will need to monitor the air for available wireless networks (WiFi connections)around  you , For this you'll have to use a tool called "airodump" .

So you can start monitoring the air with airodump by enter the following commands
airodump-ng  mon0

where mon0 is the new interface which we created in the previous step
Bssid shows the mac address of the AP, CH shows the channel in which AP is broadcasted and Essid shows the name broadcasted by the AP, Cipher shows the encryption type,

Stop the process by pressing  "ctrl +c " and select your target  ,Since i am only cracking WEP  i will take "yashi" as my target from now on.

Step -4 Capturing Data with Airodump 

Now to crack the WEP key you'll have to capture the targets data into a file, To do this we use airodump tool again, but with some additional switches to target a specific AP and channel. Most importantly, you should restrict monitoring to a single channel to speed up data collection, otherwise the wireless card has to alternate between all channels .You can restrict the capture by giving in the following commands
airodump-ng mon0 --bssid -c (channel ) -w (file name to save )
As my target is broadcasted in channel 2 and has bssid  "98:fc:11:c9:14:22" ,I give in the following commands and save the captured data as "johnywep"
airodump-ng   mon0 --bssid  98:fc:11:c9:14:22   -c 2  -w  johnywep
Do not close this terminal (run the other commends simultaneously in an another terminal)

Step -5 Using Aireplay to Speed up the cracking  

You will have to capture at least 25,000 data packets to crack WEP .This can be done in two ways, The first one would be a (passive attack ) wait for a client to connect to the AP and then start capturing the data packets but this method is very slow, it can take days or even weeks to capture that many data packets

The second method would be an (active attack )this method is fast and only takes minutes to generate and inject that many packets .

In an active attack  you'll have do a Fake authentication (connect) with the  AP ,then you'll have to generate and inject data packets.This can be done very easily by using a tool called "aireplay"

So you can do a Fake authentication with the AP using aireplay by entering the following commands in a new terminal
aireplay-ng - 1  3  -a (bssid fo the target )  (interface)

In my case i enter the following

aireplay-ng -1 3  -a 98:fc:11:c9:14:22 mon0 

After doing a fake auth ,now its time to generate and inject Arp (data )packets . To this you'll have to open a terminal simultaneously and enter the following commands
aireplay-ng 3  -b (bssid of target)  -h ( address of your card (mon0))   (interface)

In my case i enter
aireplay-ng 3  -b 98:fc:11:c9:14:22   -h 00:c0:ca:50:f8:32 mon0
If this step was successful  you'll see Lot of data packets in the airodump capture ( step 4  ) as shown

Wait till it reaches at least 25000 packets , best would be to wait till it reaches around 80,000 to 90,000 packets .Its simple more the data packets  less the time to crack .once you captured enough number of packets, close all the process's by pressing "Ctrl +c" or by simply clicking the into mark which is there on the terminal

Strep -6 Cracking WEP  key using Aircrack 

Now its time crack the WEP key from the captured data, we use Aircrack to achieve this

Enter the following commands to crack the WEP key
aircrack-ng  (name of the captured file (step 4) )

In my case i enter 

aircrack-ng johnywep-0.1-cap
With in a few minutes Aircrak will crack the WEP key as shown

Voila you have successfully  cracked the WEP key in Six simple steps



awsome!!!! bt one thing...the password is in different form..

Post a Comment

Please comment...