Thursday, 13 March 2014

WEP Wireless cracking

Cracking Wifi WEP Encryption:


  1. Use Linux. Windows cannot sniff WEP packets, but you can use a bootable CD of Linux.

  2. Get a packet-sniffing program. Backtrack is a commonly-used option. Download the iso image and burn it on a bootable CD/DVD.
  3. Hackwep1.jpgBoot Linux and Backtrack. Use your bootable CD/DVDs.
    • Note that this operating system is not required to be installed on hard drive. That means whenever you shutdown the Backtrack, all your data will be lost.
  4. Hackwep2.jpg
    Select a start-up option. The following Backtrack screen will show after booting. Change the option with the up and down arrow keys and select one. This tutorial will use the first option.
  5. Hackwep3.jpg
    Load the graphical interface via command base. In this option, Backtrack is started on command base. Type command: startx to continue.
  6. Hackwep4.jpg
    Click on terminal button at the bottom left. It'll be the fifth option.
  7. Hackwep5.jpg
    Wait for the Linux command terminal to open.
  8. Hackwep6.jpg
    View your WLAN type. Enter the following command: "airmon-ng" (without quotes). You should see something like wlan0 beneath Interface.
  9. Hackwep7.jpg
    Get all the required information for the access point. Enter the following command: "airodump-ng wlan0" (without quotes). You should get three things:
    • BSSID
    • Channel
    • ESSID (AP Name)
    • Here's what the tutorial case turned up:
      • BSSID 00:17:3F:76:36:6E
      • Channel number 1
      • ESSID(AP Name)Suleman
  10. Hackwep9.jpg
    Enter the following command. This one will use the example information above, but you should plug in your own. Command: "airodump-ng -w wep -c 1 -- bssid 00:17:3F:76:36:6E wlan0" (without quotes).
  11. Hackwep10.jpg
    Allow setup to start.
  12. Hackwep11.jpg
    Open a new terminal window. Type the following command, substituting the values for your own BSSID, Channel and ESSID. Command: "aireplay-ng -1 0 –a 00:17:3f:76:36:6E wlan0" (without quotes).
  13. Hackwep12.jpg
    Open another new terminal window. Type the following command: "aireplay-ng -3 –b 00:17:3f:76:36:6e wlan0" (without quotes).
  14. Hackwep13.jpg
    Allow setup to start.
  15. Hackwep14.jpg
    Go back to the first terminal window.
  16. Hackwep15.jpg
    Allow the data in this window to reach to 30000 or above. It will take 15 to 60 minutes (or more) depending on wireless signal, hardware and load on access point.
  17. Hackwep16.jpg
    Go to the third terminal window and press Ctrl + c.
  18. Hackwep17.jpg
    Pull up the directories. Type the following command: "dir" (without quotes). This will show the directories saved on it during decrypting.
  19. Hackwep18.jpg
    Use a cap file. For the example, it would be the following: "aircrack-ng web-02.cap" (without quotes). The setup shown below will start.
  20. Hackwep19.jpg
    Break the WEP encrypted key. After this setup completes, you'll be able to break the key. In this example, it was {ADA2D18D2E}.