Note: This tutorial is intended for educational purposes only. I do not encourage nor endorse the use of these tools for malicious or illegal use. Do not go steal your neighbors wifi!
To perform this the operations detailed in this tutorial you will need the following:
- A compatible wireless adapter. I use the TP-Link TL-WN321G. It's only ten bucks and works out-of-the-box with Linux.
- Aircrack-ng suite-- This comes preinstalled on BackTrack 4, or can be acquired on Ubuntu by typing sudo apt-get install aircrack-ng
- A wireless network to perform these "attacks" on i.e. one that you own or have permission to use.
- GNU Macchanger-- also preinstalled on BT4 or can be aquired on ubuntu by typing sudo apt-get install macchanger
- A computer running some flavor of Linux. Either the aforementioned Backtrack or ubuntu will work just fine. Others will also work, but those are the two I have used.
In this tutorial, I will be using BackTrack4. If you are using ubuntu or another distro and not running as root , you will need to type the sudo part of the commands listed. Users running as root can ignore the sudo part.
Assuming you have all the prerequisites, the first thing we need to do is determine the name of our wireless adapter. Most of the time it is called wlan0, but we need to make sure.Open a terminal window and type:
ifconfig
It should be listed at the bottom of the results.
Next we need to change the MAC address of the wireless adapter to a fake MAC.
Type:
sudo ifconfig wlan0 down
sudo macchanger --mac 00:11:22:33:44:55 wlan0
sudo ifconfig wlan0 up
Now we need to use airmon-ng to put our adapter into monitor mode.
sudo airmon-ng start wlan0 x
Please note that x is the channel number of the network that you are attacking. If you do not know this number, you can leave it blank for now. After running this command you should have a new virtual adapter called mon0 or similar. Run ifconfig again if you need to check. This is the "adapter" we will use from now on.
Use airodump to scan for your network and its clients.
sudo airodump-ng mon0
Let this run for a while until you see the network that you want to attack. Press CTRL+C to stop the scan. Highlight and copy the MAC address of the target access point. Also take note of the channel that the AP is operating on. This is important.
Optional step: If you did not specify a channel in the airmon-ng step, you will need to do so now.
sudo airmon-ng stop mon0
sudo airmon-ng start wlan0 x
Again, x is the desired channel. This must be the same as the access point you are attacking.
Now we will need to begin capturing data from the network. Open a new terminal window and type the following;
sudo airodump-ng --bssid XX --ivs -w filename mon0
For the --bssid option in place of the Xs, use the MAC address of the target access point. MAC addresses are 6 integers long, in a format like this. (00:11:22:33:44:55) The -w option specifies the output capture file, so call it anything you want. Once you start this capture, do not stop it unil you have cracked the key. From now on, when you see XX, use the MAC address of the access point. Where you see YY, use the fake MAC address of your adapter.
Providing the access point with a fake authentication is the next step. We need to do this so that we can inject packets in the next step.
sudo aireplay-ng -1 0 -a XX -h YY mon0
The option -1 specifies the attack that aireplay will perform, in this case, fakeauth.
Next you will need to replay ARP packets in order to generate enough traffic on the network. Doing this greatly speeds up your capture speed, but will also increase the chances of detection.
sudo aireplay-ng -3 -b XX -h YY mon0
In less than a minute, but maybe longer, you should see something like this.
Now we can start to crack the key. Open another terminal window to start aircrack-ng.
sudo aircrack-ng -b XX filename.cap
Congratulations! You've just cracked WEP!
Please email me or let me know in the comments section if you have any problems getting this to work.
No comments:
Post a Comment