Monday, 24 December 2012

Wi-fi hacking-you got it ;

                                         !!!!FREE INTERNET!!!!!
Yes ! the dream of every net

user! Who doesn't feels it bad

when the system shows a horde of

available wi-fi connections but u

can't connect :(
Well its saddening. This post

might help u a little bit.

1) First we need to scan for

available wireless networks.
There is this great tool for

windows to do this.. called

“NetStumbler” or Kismet for

Windows and Linux and KisMac for


The two most common encryption

types are:
1) WEP

2) WAP
WEP i.e Wire Equivalent Privacy

is not considers as safe as WAP

i.e Wireless Application

WEP have many flaws that allows a

hacker to crack a WEP key

easily.. whereas

WAP is currently the most secure

and best option to secure a wi-fi

It can’t be easily cracked as WEP

because the only way to retrieve

a WAP key is to use a brute-force

attack or dictionary attack.
Here I’ll tell you how to Crack

To crack WEP we will be using

Live Linux distribution called

BackTrack to crack WEP.
BackTrack have lots of

preinstalled softwares for this

very purpose..
The tools we will be using on

Backtrack are:
Kismet – a wireless network

airodump – captures packets from

a wireless router
aireplay – forges ARP requests
aircrack – decrypts the WEP keys
1) First of all we have to find a

wireless access point along with

its bssid, essid and channel

number. To do this we will run

kismet by opening up the terminal

and typing in kismet. It may ask

you for the appropriate adapter

which in my case is ath0. You can

see your device’s name by typing

in the command iwconfig.

2) To be able to do some of the

later things, your wireless

adapter must be put into monitor

mode. Kismet automatically does

this and as long as you keep it

open, your wireless adapter will

stay in monitor mode.
3) In kismet you will see the

flags Y/N/0. Each one stands for

a different type of encryption.

In our case we will be looking

for access points with the WEP

encryption. Y=WEP N=OPEN 0=OTHER

(usually WAP).
4) Once you find an access point,

open a text document and paste in

the networks broadcast name

(essid), its mac address (bssid)

and its channel number. To get

the above information, use the

arrow keys to select an access

point and hit <ENTER> to get more

information about it.
5) The next step is to start

collecting data from the access

point with airodump. Open up a

new terminal and start airodump

by typing in the command:
airodump-ng -c [channel#] -w

[filename] –bssid [bssid]

In the above command airodump-ng

starts the program, the channel

of your access point goes after

-c , the file you wish to output

the data goes after -w , and the

MAC address of the access point

goes after –bssid. The command

ends with the device name. Make

sure to leave out the brackets.
6) Leave the above running and

open another terminal. Next we

will generate some fake packets

to the target access point so

that the speed of the data output

will increase. Put in the

following command:
aireplay-ng -1 0 -a [bssid] -h

00:11:22:33:44:55:66 -e [essid]

In the above command we are using

the airplay-ng program. The -1

tells the program the specific

attack we wish to use which in

this case is fake authentication

with the access point. The 0

cites the delay between attacks,

-a is the MAC address of the

target access point, -h is your

wireless adapters MAC address, -e

is the name (essid) of the target

access point, and the command

ends with the your wireless

adapters device name.
7) Now, we will force the target

access point to send out a huge

amount of packets that we will be

able to take advantage of by

using them to attempt to crack

the WEP key. Once the following

command is executed, check your

airodump-ng terminal and you

should see the ARP packet count

to start to increase. The command

aireplay-ng -3 -b [bssid] -h

00:11:22:33:44:5:66 [device]
In this command, the -3 tells the

program the specific type of

attack which in this case is

packet injection, -b is the MAC

address of the target access

point, -h is your wireless

adapters MAC address, and the

wireless adapter device name goes

at the end.
8) Once you have collected around

50k-500k packets, you may begin

the attempt to break the WEP key.

The command to begin the cracking

process is:
aircrack-ng -a 1 -b [bssid] -n

128 [filename].ivs
In this command the -a 1 forces

the program into the WEP attack

mode, the -b is the targets MAC

address, and the -n 128 tells the

program the WEP key length. If

you don’t know the -n , then

leave it out. This should crack

the WEP key within seconds. The

more packets you capture, the

bigger chance you have of

cracking the WEP key.

P.S: just for educational

purpose. I advise you not to do

anything malicious with it.

Respect other's privacy. I am not

responsible  for any unwanted


Feel free to throw in your comments


  1. badhiya! aadhe se zyaada samajh nhi aaya... but itna lamba tumne likha?? :p
    badhiya hai! :)

  2. What about WEP2

  3. zuman we are working on it
    and nitasha yes i wrote it myseelf


waddya think?