WEP wifi s
Basic Entry into a WEP Encrypted Network
This Tutorial explains EVERYTHING in detail So, it is quite long. Enjoy.
1. Getting the right tools
This Tutorial is in Bt3 But Download The Latest Relse Bt4.
Download Backtrack 4. It can be found here:
http://www.backtrack-linux.org/downloads/
I downloaded the iso and ed it to a . Insert your BT4 /usb drive and reboot your computer into BT4. I always load into the 3rd boot option from the boot menu. (VESA/KDE) You only have a few seconds before it auto-boots into the 1st option so be rdy. The 1st option boots too slowly or not at all so always boot from the 2nd or 3rd. Experiment to see what works best for you.
2. Preparing the slave network for attack
Once in BT4, click the tiny black box in the lower left corner to load up a "Konsole" window. Now we must prep your wireless card.
Type:
airmon-ng
You will see the name of your wireless card. (mine is named "ath0") From here on out, replace "ath0" with the name of your card.
Now type:
airmon-ng stop ath0
then type:
ifconfig wifi0 down
then:
macchanger --mac 00:11:22:33:44:55 wifi0
then:
airmon-ng start wifi0
What these steps did was to spoof (fake) your mac address so that JUST IN CASE your computeris discovered by someone as you are brking in, they will not see your RL mac address. Moving on...
Now it's time to discover some networks to brk into.
Type:
airodump-ng ath0
Now you will see a list of wireless networks start to populate. Some will have a better signal than others and it is a good id to pick one that has a decent signal otherwise it will take forever to or you may not be able to it at all.
Once you see the network that you want to , do this:
hold down ctrl and type c
This will stop airodump from populating networks and will freeze the screen so that you can see the info that you need.
**Now from here on out, when I tell you to type a command, you need to replace whatever is in parenthesis with what I tell you to from your screen. For example: if i say to type:
-c (channel)
then dont actually type in
-c (channel)
Instd, replace that with whatever the channel is...so, for example you would type:
-c 6
Can't be much clrer than that...lets continue...
Now find the network that you want to and MAKE SURE that it says the encryption for that network is WEP. If it says WPA or any variation of WPA then move on...you can still WPA with backtrack and some other tools but it is a whole other ball game and you need to master WEP first.
Once you've decided on a network, take note of its channel and bssid. The bssid will look something like this --> 05:gk:30:fo:s9:2n
The Channel will be under a hding that says "CH".
Now, in the same Konsole window, type:
airodump-ng -c (channel) -w (file name) --bssid (bssid) ath0
the FILE NAME can be whatever you want. This is simply the place that airodump is going to store the packets of info that you receive to later . You don't even put in an extension...just pick a random word that you will remember. I usually make mine "wep" because I can always remember it.
**Side Note: if you more than one network in the same session, you must have different file names for ch one or it won't work. I usually just name them wep1, wep2, etc.
Once you typed in that last command, the screen of airodump will change and start to show your computer gathering packets. You will also see a hding marked "IV" with a undernth it. This stands for "Initialization Vector" but in noob terms all this mns is "packets of info that contain clues to the ." Once you gain a minimum of 5,000 of these IV's, you can try to the . I've some right at 5,000 and others have taken over 60,000. It just depends on how long and difficult they made the .
Now you are thinking, "I'm screwed because my IV's are going up rlly slowly." Well, don't worry, now we are going to trick the router into giving us HUNDREDS of IV's per second.
3. Actually the WEP
Now lve this Konsole window up and running and open up a 2nd Konsole window. In this one type:
aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 ath0
http://i574.photobucket.com/albums/ss184...eplay1.jpg
This will send some commands to the router that basically cause it to associate with your computer even though you are not officially connected with the . If this command is successful, you should see about 4 lines of text print out with the last one saying something similar to "Association Successful :-)" If this happens, then good! You are almost there. Now type:
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 ath0
http://i574.photobucket.com/albums/ss184...eplay2.jpg
This will erate a bunch of text and then you will see a line where your computer is gathering a bunch of packets and waiting on ARP and ACK. Don't worry about what these mn...just know that these are your ml tickets. Now you just sit and wait. Once your computer finally gathers an ARP request, it will send it back to the router and begin to erate hundreds of ARP and ACK per second. Sometimes this starts to happen within seconds...sometimes you have to wait up to a few minutes. Just be patient. When it finally does happen, switch back to your first Konsole window and you should see the undernth the IV starting to rise rapidly. This is grt! It mns you are almost finished! When this rches AT LST 5,000 then you can start your . It will probably take more than this but I always start my at 5,000 just in case they have a rlly wk .
Now you need to open up a 3rd and final Konsole window. This will be where we actually the . Type:
air-ng -b (bssid) (filename)-01.cap
Remember the filename you made up rlier? Mine was "wep". Don't put a space in between it and -01.cap here. Type it as you see it. So for me, I would type wep-01.cap
Once you have done this you will see air fire up and begin to the . typically you have to wait for more like 10,000 to 20,000 IV's before it will . If this is the case, air will test what you've got so far and then it will say something like "not enough IV's. Retry at 10,000." DON'T DO ANYTHING! It will stay running...it is just letting you know that it is on pause until more IV's are gathered. Once you pass the 10,000 mark it will automatically fire up again and try to it. If this fails it will say "not enough IV's. Retry at 15,000." and so on until it finally gets it.
http://i574.photobucket.com/albums/ss184...1.jpg
If you do everything correctly up to this point, before too long you will have the ! now if the looks goofy, dont worry, it will still work. some s are saved in ASCII format, in which case, air will show you exactly what characters they typed in for their . Sometimes, though, the is saved in HEX format in which case the computer will show you the HEX encryption of the . It doesn't matter either way, because you can type in either one and it will connect you to the network.
Take note, though, that the will always be displayed in air with a colon after every 2 characters. So for instance if the was "secret", it would be displayed as:
se:cr:et
This would obviously be the ASCII format. If it was a HEX encrypted that was something like "0FKW9427VF" then it would still display as:
0F:KW:94:27:VF
Just omit the colons from the , boot back into whatever operating system you use, try to connect to the network and type in the without the colons and presto! You are in!
It may seem like a lot to dl with if you have never done it, but after a few successful attempts, you will get very quick with it. If I am nr a WEP encrypted router with a good signal, I can often the in just a couple of minutes.
I am not responsible for what you do with this information. Any malicious/illegal activity that you do, falls completely on you because...technically...this is just for you to test the security of your own network. :-)
I will gladly answer any legitimate questions anyone has to the best of my ability.
HOWEVER, I WILL NOT ANSWER ANYONE THAT IS TOO LAZY TO RD THE WHOLE TUT AND JUST ASKS ME SOME QUESTION THAT I CLRLY ANSWERED. No one wants to hold your hand through this...rd the tut and go experiment until you get it right.
There are rare occasions where someone will use WEP encryption with SKA as well. (Shared Authentiion) If this is the case, additional steps are needed to associate with the router and therefore, the steps I lined out here will not work. I've only seen this once or twice, though, so you probably won't run into it. If I get motivated, I may throw up a tut on how to this in the future.
No comments:
Post a Comment