200 likes | 388 Views
WEP Key Cracking With Backtrack 5. Wilfredo Maldonado. What you will need. Hardware. S oftware. Backtrack 5 ISO disk (http:// www.backtrack- linux.org ) Virtualization software (if you do not want to dual boot your PC) Virtual box Vmware (PC) Vmware Fusion(MAC).
E N D
WEP Key Cracking With Backtrack 5 Wilfredo Maldonado
What you will need Hardware Software Backtrack 5 ISO disk (http://www.backtrack-linux.org) Virtualization software (if you do not want to dual boot your PC) Virtual box Vmware (PC) Vmware Fusion(MAC) • PC (mac or Windows makes no difference) • Internal wireless card or USB card • Wireless access point for testing
Word of caution • Make sure your wireless adapter is compatible with monitor mode. • Backtrack supports various chipsets but the main ones are: • Atheros • Realtek • Running this through Vmware may cause a problem due to your PCs wireless is seen as hardwire connection to backtrack. (Vmware thinks it is connected to your PC through a switch). • Best advice , if you use vmware use a USB wireless card (AWUS036H preferred about $30) or run live CD to get direct control of internal wireless card
Backtrack 5 Applications • Airmon-ng: This app will turn the wireless card on in wireless mode. • Airodump-ng: This is the package capturing app. • Aireplay-ng: This will inject ARP packets into the network to generate traffic (not needed but good if you have a network with slow traffic). • Aircrack-ng: this will take the IVs (initialization vector) from the packet dump and use them to crack the encryption.
Getting Started • Boot up Backtrack 5 however you have it installed (username root, password toor) • Go to the Gui interface by typing startx at the command prompt. (you can run all of this from command prompt but in the Gui you can have multiple console screens open doing simultaneous things) • Open a console window by clicking on the icon next to the system menu on the top left
Find and start wifi card • In the console type airmon-ng(case sensitive) • This lists all the wireless cards on the PC both internal and USB • Once you decide which interface to use type the following command airmon-ng start (interface name) • This will start the interface in monitor mode
Finding the correct network • Next you want to get the information for the network you want to crack. At the command line type airodump-ng (interface name) • After you have located the network you want to crack write down (or use gedit text editor) the bssidand channel of the network hit control c top stop the scan.
Dumping packets • Next you want to start dumping packets and saving them to a file. • Type airodump-ng –c (channel) --bssid (bssid) –w (name of file) (interface) • The –c option is the channel • The --bssid option is the mac address of the AP • The –w option is to write the packets to a file
Package injection • Next open a new console window (do not close the other one) type aireplay-ng -1 0 -a (bssid) (interface) this will send an authentication request to the AP • The -1 denotes the attack mode fake authentication • The -a sets the target mac address
Packet injection cont. • Once you receive a response back from the previous command type aireplay-ng -3 -b (bssid) (interface) • The -3 is another attack mode called ARP replay • The -b sets the destination mac address • This command generates the traffic needed to collect packets quickly. • Note: I noticed in my testing the AP needs at least one device connected to it so data can be transferred
Cracking the WEP • Go back to the airodump-ng screen and look at the number of packets (#data) you need a significant number so let it run for a few minutes. (the more packets the more unique IVs which make cracking faster). • Open a third console window and type aircrack-ng (file name) -01.cap • If successful aircrack will show you the hex key and ascii key to your AP • When you put in the hex key DO NOT include colons • If you are unsuccessful you probably need more packets. If you stopped aireplay you can start over if not let it keep going collecting data
Research Sources http://linux.die.net/man/ http://www.backtrack-linux.org/ Safe linux channel on youtube.com