Zelaron Gaming Forum  
Stats Arcade Portal Forum FAQ Community Calendar Today's Posts Search
Go Back   Zelaron Gaming Forum > The Zelaron Nexus > The Lounge

 
 
Thread Tools Display Modes

 
Cracking WEP Keys
Reply
Posted 2010-05-19, 07:58 PM
Alright guys, I got bored and wrote a basic tutorial on how to gain access to wireless networks with WEP protection. Enjoy..



Cracking WEP (Wired Equivalent Privacy) Keys

Introduction –

This is a tutorial on how to crack in to wireless networks protected by WEP. The cracking process is relatively simple, and in some cases can be done in 10 minutes or less. I will be using BackTrack 4, which has all the required command-line tools to complete a successful WEP crack.

Before we begin you are going to need a wireless adapter that is capable of running in “monitor” mode, a copy of BackTrack 4, a DVD burner, a blank DVD, a program that can write ISO files to a DVD (I use MagicISO) and the willingness to learn.

(Alternatively, you can install BackTrack to a USB drive and boot from that.)

You can get a copy of BackTrack 4 from here - http://www.backtrack-linux.org/downloads/

I went out and purchased an ALFA AWUS036H 1000mW Wireless G USB Adapter with a 9 dbi antenna. This adapter has a huge range and is great for war driving.

Contact Info:
AIM –

- - - - - - - - - - - - - - - - - - - - -

Starting up BackTrack –


Now that you have a copy of BackTrack 4 burned to a DVD, go ahead a restart your machine and boot from the DVD drive. (You may need to edit the boot options in your BIOS.)
Once the BackTrack DVD boots up, it will give you a selection of different boot options to choose from. Select the first option and hit enter.

If it has successfully loaded, you’ll be sitting at a command line, simply type “startx” to load the GUI.

Now the fun begins…

(GUI – Graphical User Interface)



Preparing your wireless adapter –


To begin, we need to set our wireless adapter to monitor mode and spoof the MAC Address. Start by launching Konsole, the command-line interface for BackTrack.





After Konsole opens, enter the following command:

airmon-ng

This will display your available wireless interfaces. As you can see, I have 2 different adapters, my built in wireless card (Intel 4965) and the one I purchased (RTL8187)







I will be using the RTL8187 on the wlan0 interface. Yours may be different, so through out the rest of this tutorial replace (Wireless interface) with the one you are using.

Now we have to turn off the interface we are going to use so that we are able to spoof the MAC.

Enter the following commands:

airmon-ng stop (Wireless interface)
ifconfig (Wireless interface) down
macchanger –mac 00:11:22:33:44:55 (Wireless interface)
airmon-ng start (Wireless interface)







Spoofing the MAC Address is not required, but it makes it easier later on when you need to enter your MAC, and it helps to hide your identity.

As you can see, under the wlan0 interface it says “Monitor mode enabled on mon0”
This means that monitor mode is enabled, but on the mon0 interface.

For that reason, we will now use the mon0 interface in the rest of the commands.

If you type airmon-ng again, you can see that the mon0 interface is now available.






Finding a WEP protected network –

Now we need to find a network that is protected by WEP. To begin discovering surrounding networks enter this command:

airodump-ng (Wireless interface)

(I entered airodump-ng mon0)

Once the list starts populating, it will look similar to the picture below.





When you find the network that you want to crack from the top half, press Ctrl+C to stop the command. Make sure you write down the BSSID, the Channel that the network is on (Under the CH column), and the ESSID.

I am going to choose the “NETGEAR” network.


(BSSID – Access point’s MAC Address
ESSID - Name of the wireless network)



Monitoring the desired network –


Now we are going to monitor the wireless network that you chose, capture all of the packets of information being sent within that network, and save it all to a file. To do this, run the following command:

airodump-ng -c (channel) –w (file to save info to) --bssid (bssid) (Wireless interface)

Where:
–c is the channel of the wireless network you’re attempting to crack
-w is the name of the file you want to store all of the information gathered in
--bssid is the BSSID of the network.

So the command that I used to monitor the NETGEAR network on channel 6 and save it to the file "netgear" was:

airodump-ng –c 6 –w netgear --bssid 00:18:4D:96:93:36 mon0

After the command is entered, you should see output similar to the picture below:






Leave that window be, and open up another Konsole window. Now enter the following command:

aireplay-ng -1 0 –a (bssid) –h 00:11:22:33:44:55 –e (essid) (Wireless interface)

Where:
-1 is a fake authentication
0 is reassociation timing in seconds
-a is the MAC Address of the Access Point
-h is our MAC address
-e is the name of the wireless network

In my example, I entered:

aireplay-ng -1 0 –a 00:18:4D:96:93:36 –h 00:11:22:33:44:55 –e NETGEAR mon0


Once the command is entered, it will attempt to send a fake authentication, and associate with the access point. If this is done successfully, you will see “Association Successful :-)”
(Sometimes you have to enter this command several times for it to work.)






Generating more network traffic –

We are now going to create a lot of extra traffic within the network to speed up our crack. Remember, you’re capturing and saving all of the information sent within the network, so the more you generate, the more information you can gather.

Run the following command:

aireplay-ng -3 –b (bssid) –h 00:11:22:33:44:55 (Wireless interface)

So for my scenario, I entered:
aireplay-ng -3 –b 00:18:4D:96:93:36 –h 00:11:22:33:44:55 mon0

After a minute or so, you’re Konsole screen should resemble the image below.





This is the part that takes the longest. While aireplay is spamming the network with packets, watch the #data column in the airodump Konsole screen. As you can see the value of #data is increasing. The more data you have, the more likely you are to crack the WEP key. Once the value reaches 10,000 go ahead and move on to the next section.

Do not stop airodump or aireplay until you have successfully cracked the key.
In the image below, you can see that the #data value is sitting at 7863. Several more minutes and we’ll be able to attempt and crack the key.






Cracking the WEP Key –

After you’ve reached a minimum value of 10k in the #data column, open up a third Konsole window and type the following command:

aircrack-ng –b (bssid) (filename-01.cap)

The filename is the name of the file you chose to save the information in when you began monitoring the chosen network. So the command I used was:

aircrack-ng –b 00:18:4D:96:93:36 netgear-01.cap

If you cannot remember the name of the file, browse your desktop and look for the filename that ends with the extension .cap .

Aircrack will then attempt to crack the WEP key. If there is not enough data, then it will tell you to try again when more has been gathered. 10,000 is usually a decent number to start with, but is not always enough – more may be required.

If the key is successfully cracked, your screen should look like the image below:




In my example, the key was: A1:2D:F1:5B:0E
Drop the colons and you have your WEP Key. (A12DF15B0E)

- - - - - - - - - - - - - - - - - - - - -

Conclusion –

As you can see, cracking WEP Keys is not a very difficult task. Sometimes it may take awhile to gather all of the required data, but in the end it’s an easy objective.

Last edited by -Spector-; 2023-05-16 at 12:51 PM.
Old
Profile PM WWW Search
-Spector- is the result of 14 billion years of hydrogen atom evolution-Spector- is the result of 14 billion years of hydrogen atom evolution-Spector- is the result of 14 billion years of hydrogen atom evolution-Spector- is the result of 14 billion years of hydrogen atom evolution-Spector- is the result of 14 billion years of hydrogen atom evolution-Spector- is the result of 14 billion years of hydrogen atom evolution
 
 
-Spector-
 



 
Reply
Posted 2010-05-19, 09:43 PM in reply to -Spector-'s post "Cracking WEP Keys"
Looks like you neglected to mention how you get past routers that are using mac address filtering. To bypass ones with those, make sure to change your mac address to that of the router itself. The router itself will not block itself, therefore, mac address filtering is shit.

I should also note that a copy of backtrack is completely, and overly, unnecessary. And to be honest, I've had issues with it recognizing my wireless devices. I prefer to just use a simple Ubuntu with Gnome and just install aircrack-ng and macchanger.

Code:
sudo su
Fill in the appropriate password for super user.

Code:
apt-get install aircrack-ng
apt-get install macchanger
Alternatively

Code:
sudo apt-get install aircrack-ng
sudo apt-get install macchanger
-----
ピース・アウト!
 
Work List
疲れていますから 寝むってありますね。 むずかしいです。 また、ケーキ屋で ケーキを食べていました。

I've considered being a translator, but I dunno. It feels like a lot of work. If someone gets angry then I have to deal with it, you know? I'd rather just relax.

 
Speed Test
 
Favorite Anime/Manga
#01 Clannad ~After Story~
#02 Trigun {Maximum}
#03 Koi Kaze
#04 Berserk
#05 Outlaw Star
#06 Slayers
#07 Desert Punk
#08 Spirited Away
#09 Fullmetal Alchemist
#10 Shakugan no Shana
#11 Death Note
#12 FLCL
#13 Tokyo Magnitude 8.0
#14 Toradora
#15 Gunslinger Girl

 
Anime List
Old
Profile PM WWW Search
Goodlookinguy seldom sees opportunities until they cease to beGoodlookinguy seldom sees opportunities until they cease to beGoodlookinguy seldom sees opportunities until they cease to beGoodlookinguy seldom sees opportunities until they cease to be
 
 
Goodlookinguy
 



 
Reply
Posted 2010-05-20, 03:41 AM in reply to -Spector-'s post "Cracking WEP Keys"
cool, now type in "halt"
Old
Profile PM WWW Search
Mantralord seldom sees opportunities until they cease to beMantralord seldom sees opportunities until they cease to beMantralord seldom sees opportunities until they cease to beMantralord seldom sees opportunities until they cease to be
 
 
Mantralord
 
 

Bookmarks

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 3 (0 members and 3 guests)
 

Posting Rules [Forum Rules]
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Keys `Insolence` D2 Marketplace 9 2003-07-31 10:07 PM
CD Keys! Xenn General Gaming 21 2002-05-07 08:07 PM
Reward for cracking this file! Chruser General Discussion 13 2002-05-06 02:12 PM
CD Keys Xenn General Gaming 0 2002-02-14 08:42 PM


All times are GMT -6. The time now is 02:45 PM.
'Synthesis 2' vBulletin 3.x styles and 'x79' derivative
by WetWired the Unbound and Chruser
Copyright ©2002-2008 zelaron.com
Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
This site is best seen with your eyes open.