!!!!FREE INTERNET!!!!!
Yes ! the dream of every net
user! Who doesn't feels it bad
when the system shows a horde of
available wi-fi connections but u
can't connect :(
Well its saddening. This post
might help u a little bit.
NOTE: JUST FOR EDUCATIONAL PURPOSE
1) First we need to scan for
available wireless networks.
There is this great tool for
windows to do this.. called
“NetStumbler” or Kismet for
Windows and Linux and KisMac for
Mac
The two most common encryption
types are:
1) WEP
2) WAP
WEP i.e Wire Equivalent Privacy
is not considers as safe as WAP
i.e Wireless Application
Protocol.
WEP have many flaws that allows a
hacker to crack a WEP key
easily.. whereas
WAP is currently the most secure
and best option to secure a wi-fi
network..
It can’t be easily cracked as WEP
because the only way to retrieve
a WAP key is to use a brute-force
attack or dictionary attack.
Here I’ll tell you how to Crack
WEP
To crack WEP we will be using
Live Linux distribution called
BackTrack to crack WEP.
BackTrack have lots of
preinstalled softwares for this
very purpose..
The tools we will be using on
Backtrack are:
Kismet – a wireless network
detector
airodump – captures packets from
a wireless router
aireplay – forges ARP requests
aircrack – decrypts the WEP keys
1) First of all we have to find a
wireless access point along with
its bssid, essid and channel
number. To do this we will run
kismet by opening up the terminal
and typing in kismet. It may ask
you for the appropriate adapter
which in my case is ath0. You can
see your device’s name by typing
in the command iwconfig.
2) To be able to do some of the
later things, your wireless
adapter must be put into monitor
mode. Kismet automatically does
this and as long as you keep it
open, your wireless adapter will
stay in monitor mode.
3) In kismet you will see the
flags Y/N/0. Each one stands for
a different type of encryption.
In our case we will be looking
for access points with the WEP
encryption. Y=WEP N=OPEN 0=OTHER
(usually WAP).
4) Once you find an access point,
open a text document and paste in
the networks broadcast name
(essid), its mac address (bssid)
and its channel number. To get
the above information, use the
arrow keys to select an access
point and hit <ENTER> to get more
information about it.
5) The next step is to start
collecting data from the access
point with airodump. Open up a
new terminal and start airodump
by typing in the command:
airodump-ng -c [channel#] -w
[filename] –bssid [bssid]
[device]
In the above command airodump-ng
starts the program, the channel
of your access point goes after
-c , the file you wish to output
the data goes after -w , and the
MAC address of the access point
goes after –bssid. The command
ends with the device name. Make
sure to leave out the brackets.
6) Leave the above running and
open another terminal. Next we
will generate some fake packets
to the target access point so
that the speed of the data output
will increase. Put in the
following command:
aireplay-ng -1 0 -a [bssid] -h
00:11:22:33:44:55:66 -e [essid]
[device]
In the above command we are using
the airplay-ng program. The -1
tells the program the specific
attack we wish to use which in
this case is fake authentication
with the access point. The 0
cites the delay between attacks,
-a is the MAC address of the
target access point, -h is your
wireless adapters MAC address, -e
is the name (essid) of the target
access point, and the command
ends with the your wireless
adapters device name.
7) Now, we will force the target
access point to send out a huge
amount of packets that we will be
able to take advantage of by
using them to attempt to crack
the WEP key. Once the following
command is executed, check your
airodump-ng terminal and you
should see the ARP packet count
to start to increase. The command
is:
aireplay-ng -3 -b [bssid] -h
00:11:22:33:44:5:66 [device]
In this command, the -3 tells the
program the specific type of
attack which in this case is
packet injection, -b is the MAC
address of the target access
point, -h is your wireless
adapters MAC address, and the
wireless adapter device name goes
at the end.
8) Once you have collected around
50k-500k packets, you may begin
the attempt to break the WEP key.
The command to begin the cracking
process is:
aircrack-ng -a 1 -b [bssid] -n
128 [filename].ivs
In this command the -a 1 forces
the program into the WEP attack
mode, the -b is the targets MAC
address, and the -n 128 tells the
program the WEP key length. If
you don’t know the -n , then
leave it out. This should crack
the WEP key within seconds. The
more packets you capture, the
bigger chance you have of
cracking the WEP key.
P.S: just for educational
purpose. I advise you not to do
anything malicious with it.
Respect other's privacy. I am not
responsible for any unwanted
outcomes/happenings
Feel free to throw in your comments
Yes ! the dream of every net
user! Who doesn't feels it bad
when the system shows a horde of
available wi-fi connections but u
can't connect :(
Well its saddening. This post
might help u a little bit.
NOTE: JUST FOR EDUCATIONAL PURPOSE
1) First we need to scan for
available wireless networks.
There is this great tool for
windows to do this.. called
“NetStumbler” or Kismet for
Windows and Linux and KisMac for
Mac
The two most common encryption
types are:
1) WEP
2) WAP
WEP i.e Wire Equivalent Privacy
is not considers as safe as WAP
i.e Wireless Application
Protocol.
WEP have many flaws that allows a
hacker to crack a WEP key
easily.. whereas
WAP is currently the most secure
and best option to secure a wi-fi
network..
It can’t be easily cracked as WEP
because the only way to retrieve
a WAP key is to use a brute-force
attack or dictionary attack.
Here I’ll tell you how to Crack
WEP
To crack WEP we will be using
Live Linux distribution called
BackTrack to crack WEP.
BackTrack have lots of
preinstalled softwares for this
very purpose..
The tools we will be using on
Backtrack are:
Kismet – a wireless network
detector
airodump – captures packets from
a wireless router
aireplay – forges ARP requests
aircrack – decrypts the WEP keys
1) First of all we have to find a
wireless access point along with
its bssid, essid and channel
number. To do this we will run
kismet by opening up the terminal
and typing in kismet. It may ask
you for the appropriate adapter
which in my case is ath0. You can
see your device’s name by typing
in the command iwconfig.
2) To be able to do some of the
later things, your wireless
adapter must be put into monitor
mode. Kismet automatically does
this and as long as you keep it
open, your wireless adapter will
stay in monitor mode.
3) In kismet you will see the
flags Y/N/0. Each one stands for
a different type of encryption.
In our case we will be looking
for access points with the WEP
encryption. Y=WEP N=OPEN 0=OTHER
(usually WAP).
4) Once you find an access point,
open a text document and paste in
the networks broadcast name
(essid), its mac address (bssid)
and its channel number. To get
the above information, use the
arrow keys to select an access
point and hit <ENTER> to get more
information about it.
5) The next step is to start
collecting data from the access
point with airodump. Open up a
new terminal and start airodump
by typing in the command:
airodump-ng -c [channel#] -w
[filename] –bssid [bssid]
[device]
In the above command airodump-ng
starts the program, the channel
of your access point goes after
-c , the file you wish to output
the data goes after -w , and the
MAC address of the access point
goes after –bssid. The command
ends with the device name. Make
sure to leave out the brackets.
6) Leave the above running and
open another terminal. Next we
will generate some fake packets
to the target access point so
that the speed of the data output
will increase. Put in the
following command:
aireplay-ng -1 0 -a [bssid] -h
00:11:22:33:44:55:66 -e [essid]
[device]
In the above command we are using
the airplay-ng program. The -1
tells the program the specific
attack we wish to use which in
this case is fake authentication
with the access point. The 0
cites the delay between attacks,
-a is the MAC address of the
target access point, -h is your
wireless adapters MAC address, -e
is the name (essid) of the target
access point, and the command
ends with the your wireless
adapters device name.
7) Now, we will force the target
access point to send out a huge
amount of packets that we will be
able to take advantage of by
using them to attempt to crack
the WEP key. Once the following
command is executed, check your
airodump-ng terminal and you
should see the ARP packet count
to start to increase. The command
is:
aireplay-ng -3 -b [bssid] -h
00:11:22:33:44:5:66 [device]
In this command, the -3 tells the
program the specific type of
attack which in this case is
packet injection, -b is the MAC
address of the target access
point, -h is your wireless
adapters MAC address, and the
wireless adapter device name goes
at the end.
8) Once you have collected around
50k-500k packets, you may begin
the attempt to break the WEP key.
The command to begin the cracking
process is:
aircrack-ng -a 1 -b [bssid] -n
128 [filename].ivs
In this command the -a 1 forces
the program into the WEP attack
mode, the -b is the targets MAC
address, and the -n 128 tells the
program the WEP key length. If
you don’t know the -n , then
leave it out. This should crack
the WEP key within seconds. The
more packets you capture, the
bigger chance you have of
cracking the WEP key.
P.S: just for educational
purpose. I advise you not to do
anything malicious with it.
Respect other's privacy. I am not
responsible for any unwanted
outcomes/happenings
Feel free to throw in your comments
badhiya! aadhe se zyaada samajh nhi aaya... but itna lamba tumne likha?? :p
ReplyDeletebadhiya hai! :)
What about WEP2
ReplyDeletezuman we are working on it
ReplyDeleteand nitasha yes i wrote it myseelf