If you have ever thought about hacking, a wireless network is most likely the first thing you wanted to hack, at least if was for me. While it might seem a little overwhelming, it actually isn't. A WEP network can be hacked in as little as a couple minutes. Yes, WEP is not widely used anymore, but many people still use this encryption for their networks. In this post, I will walk you through the steps of hacking a WEP network and decrypting the key. I will assume that you already have BackTrack booted and have a Konsole window open.
Step 1:
The first thing we need to do is change the MAC Address of the wireless card. We spoof this address so we will be able to associate with the access point. To do this, we first need to put the interface down. We do this by issuing the following command in our open Konsole window: ifconfig wlan0 down
NOTE: Usually, the wireless interface is called wlan0, but in some rare cases, it has been named wlan. To find out which is yours, issue the following command: airmon-ng
Step 2:
Now that the wireless interface has been disabled, we need to spoof our MAC Address. This can be done by issuing the following command in the Konsole window: macchanger --mac 00:11:22:33:44:55 wlan0
Step 3:
Now we need to not only put the wireless interface back up, but we also need to start it in monitor mode. This way we can collect the packets we need to decrypt the key later on. To do this, we simply issue the following command in our Konsole window: airmon-ng wlan0 start
Step 4:
Now we get to start the fun part! We need to find a network the uses the WEP encryption. To see a list of the available networks, run the following command: airodump-ng wlan0
After you have chosen your target network (for legal purposes, I will assume it is yours ), we need to start collecting the packets that are being sent between the access point and the clients. To do this, issue the following command: airodump-ng -c [CHANNEL] -w [FILENAME] --bssid [BSSID] wlan0
NOTE: Replace the brackets ( [] ) and the data inside with the proper values displayed by airdump-ng wlan0.
Step 5:
Now, we have begun collecting packets that are being sent between the access point and the clients. Depending on how many people are using the network, this may take some time. In most cases, there won't be a large number of clients on the network. So, let's speed things up by adding some fake traffic to the network. In order to fake network traffic, the wireless interface has to be associated with the access point. Do this by issuing the following command in a new Konsole window:
aireplay-ng -1 0 -a [BSSID] -h 00:11:22:33:44:55 wlan0
After you see a message alerting you that association was successful, issue the following command in that same Konsole window:
aireplay-ng -3 -b [BSSID] -h 00:11:22:33:44:55 wlan0
After running that command, your other console window will begin collecting data fairly fast. You can keep an eye on the number of packets collected by the number displayed under the #Data heading in the Konsole running airodump-ng.
Finally:
After you have collected several thousand (You might even need several hundred thousand ) packets, stop everything and run the following command to decrypt the network key:
aircrack-ng -b [BSSID] [FILENAME-01.cap]
This may take a while, just be patient. After aircrack-ng has run, it will let you know whether it was able to decrypt the key or not. If it wasn't, then try it again, only collect more packets. If it was able to decrypt the key, it will display it on the Konsole window!
Conclusion:
Ther you have it! You have just hacked a wireless network using the WEP traffic encryption!
No comments:
Post a Comment