[Wi-Fi Hack]Cracking WEP with aircrack-ng [Tut]

Friday, August 19, 2011

Welcome all. I've been getting a lot of questions lately on how to use aircrack-ng so I have decided to make a series of tutorials on the subject. This is my first tut. on Wi-Fi so bear with me. :)

Also, this tutorial is for educational purposes only. I will not be held responsible for anything you do with this information.

Things you will need

Backtrack--> any version will suffice.

Download Here!

Or any distro with aircrack installed.

First things first, we want to spoof our mac address and enable monitor mode

airmon-ng stop wlan0 #or whatever your interface is you can type ifconfig to see it

ifconfig wlan0 down

macchanger -m 00:11:22:33:44:55 wlan0

ifconfig wlan0 up

airmon-ng start wlan0

Now, these commands will change the mac address of your interface so .log files will not contain your true mac. Fairly simple

[Image: snapshot1tn.png]

Now once this has been accomplished we want to view the networks in our area.
We can do this by typing this
airodump-ng wlan0

or to use monitor mode (no transmissions which helps with anonymity)

airodump-ng mon0

You will get a screen that will look something like this.

[Image: snapshot2wn.png]

Once you get to this screen and you see which network you want to crack you will press ctrl + c .
This ends the process and enables you to copy the bssid or Access point Mac address to your clipboard for later use.

Now you want to tell airodump-ng to only listen to the network you are trying to crack, and create a .cap file for aircrack to crack later.
So you will run
airodump-ng -c 6 -w test --bssid E0:91:F5:E5:9E:2A wlan0

With airodump-ng the -c option tells it to listen on channel 6 which our test network is on and the -w creates a file named test-01.cap where airodump will store the information it captures for our cracking purposes. Now its time to open a new terminal.
In this terminal we want to associate ourselves with the router so we will run...
aireplay-ng -1 6000 -q 12 -o 1 -a E0:91:F5:E5:9E:2A wlan0

The -1 attack is the fake authentication attack it will associate us with the router (access point) every 6000 seconds. The -q option sets aireplay-ng to send keep-alive packets every 12 seconds, and the -o option sets the number of packets per burst to the default number. The -a option sets the access points mac to send the attack to. You will get a screen that looks like this.

[Image: snapshot4cz.png]

Now we need to open up another terminal so we can tell the router to send us ARP request packets. We will run the following command.
aireplay-ng -3 -b E0:91:F5:E5:9E:2A -h 00:11:22:33:44:55 wlan0

The -3 command tells aireplay to use the ARP request replay attack and the -b tells it to filter only ARP packets from the access point we are cracking.Also the -h command tells it to send the router your fake mac address as the source of the requests. You will get a screen that looks like this.

[Image: snapshot5zy.png]

Now you should see the data column from airodump-ng start climbing very rapidly. This is what we want. Usually it takes about 10,000 data packets to crack the key.

It is now time to crack the password.
aircrack-ng -b E0:91:F5:E5:9E:2A test-01.cap

This will crack the .cap file we created earlier, and you will end up with a screen like this.

[Image: snapshot6w.png]

Now all you have to do is write down the key, and input it to the router when it asks for the key. When you do this you dont put the : just the letters and number.
Well that's it. I hope this helps all of you that have questions. And I will be writing a tutorial on WPA cracking with aircrack in the near future.

I worked really hard on this so if you would leave some feedback i would really appreciate it. Also if you need help with troubleshooting, leave a comment! :)
Share this article :


Speak up your mind

Tell us what you're thinking... !

Support : Creating Website
Copyright © 2012. Your Unofficial Guide - All Rights Reserved
Proudly powered by Blogger