Pages

Saturday, April 27, 2013

How To Hack Wi-Fi




How To Hack Wi-Fi 

Network: 

Note : Only For Educational Purpose.>!!! 

1) First we need to scan for available wireless networks. 

Theres this great tool for windows to do this.. called “NetStumbler” or Kismet 

for Windows and Linux and KisMac for Mac. 

The two most common encryption types are: 

1) WEP 

2) WAP 

WEP i.e Wire Equivalent Privacy is not consideres as safe as WAP 

i.e Wireless Application Protocol. 

WEP have many flaws that allows a hacker to crack a WEP key easily.. 

whereas 

WAP is currently the most secure and best option to secure a wi-fi network.. 

It can’t be easily cracked as WEP because the only way to retreive a WAP key 

is to use a brute-force attack or dictionary atack. 

Here I’ll tell you how to Crack WEP 

To crack WEP we will be using Live Linux distribution called BackTrack to 

crack WEP. 

BackTrack have lots of preinstalled softwares for this very purpose.. 

The tools we will be using on Backtrack are: 

Kismet – a wireless network detector 

airodump – captures packets from a wireless router 

aireplay – forges ARP requests 

aircrack – decrypts the WEP keys 

1) First of all we have to find a wireless access point along with its bssid, essid 

and channel number. To do this we will run kismet by opening up the terminal 

and typing in kismet. It may ask you for the appropriate adapter which in my 

case is ath0. You can see your device’s name by typing in the command 

iwconfig. 

2) To be able to do some of the later things, your wireless adapter must be put 

into monitor mode. Kismet automatically does this and as long as you keep it 

open, your wireless adapter will stay in monitor mode 

3) In kismet you will see the flags Y/N/0. Each one stands for a different type 

of encryption. In our case we will be looking for access points with the WEP 

encryption. Y=WEP N=OPEN 0=OTHER(usually WAP). 

4) Once you find an access point, open a text document and paste in the 

networks broadcast name (essid), its mac address (bssid) and its channel 

number. To get the above information, use the arrow keys to select an access 

point and hit <ENTER> to get more information about it. 

5) The next step is to start collecting data from the access point with 

airodump. Open up a new terminal and start airodump by typing in the 

command: 

airodump-ng -c [channel#] -w [filename] –bssid [bssid] [device] 

In the above command airodump-ng starts the program, the channel of your 

access point goes after -c , the file you wish to output the data goes after -w , 

and the MAC address of the access point goes after –bssid. The command ends 

with the device name. Make sure to leave out the brackets. 

6) Leave the above running and open another terminal. Next we will generate 

some fake packets to the target access point so that the speed of the data 

output will increase. Put in the following command: 

aireplay-ng -1 0 -a [bssid] -h 00:11:22:33:44:55:66 -e [essid] [device] 

In the above command we are using the airplay-ng program. The -1 tells the 

program the specific attack we wish to use which in this case is fake 

authentication with the access point. The 0 cites the delay between attacks, -a 

is the MAC address of the target access point, -h is your wireless adapters MAC 

address, -e is the name (essid) of the target access point, and the command 

ends with the your wireless adapters device name. 

7) Now, we will force the target access point to send out a huge amount of 

packets that we will be able to take advantage of by using them to attempt to 

crack the WEP key. Once the following command is executed, check your 

airodump-ng terminal and you should see the ARP packet count to start to 

increase. The command is: 

aireplay-ng -3 -b [bssid] -h 00:11:22:33:44:5:66 [device] 

In this command, the -3 tells the program the specific type of attack which in 

this case is packet injection, -b is the MAC address of the target access point, -h 

is your wireless adapters MAC address, and the wireless adapter device name 

goes at the end. 

Once you have collected around 50k-500k packets, you may begin the 

attempt to break the WEP key. The command to begin the cracking process is: 

aircrack-ng -a 1 -b [bssid] -n 128 [filename].ivs 

In this command the -a 1 forces the program into the WEP attack mode, the -b 

is the targets MAC address, and the -n 128 tells the program the WEP key 

length. If you don’t know the -n , then leave it out. This should crack the WEP 

key within seconds. The more packets you capture, the bigger chance you 

have of cracking the WEP key.

0 comments:

Post a Comment