How To Hack Wi-Fi Network :----
Note : Only For Educational Purpose.>!!!
1) First we need to scan for available
wireless networks.
Theres this great tool for windows to do
this.. called “NetStumbler” or Kismet
for Windows and Linux and KisMac for
Mac.
The two most common encryption types
are:
1) WEP
2) WAP
WEP i.e Wire Equivalent Privacy is not
consideres as safe as WAP
i.e Wireless Application Protocol.
WEP have many flaws that allows a hacker
to crack a WEP key easily..
whereas
WAP is currently the most secure and best
option to secure a wi-fi network..
It can’t be easily cracked as WEP because
the only way to retreive a WAP key
is to use a brute-force attack or dictionary
atack.
Here I’ll tell you how to Crack WEP
To crack WEP we will be using Live Linux
distribution called BackTrack to
crack WEP.
BackTrack have lots of preinstalled
softwares for this very purpose..
The tools we will be using on Backtrack
are:
Kismet – a wireless network detector
airodump – captures packets from a
wireless router
aireplay – forges ARP requests
aircrack – decrypts the WEP keys
1) First of all we have to find a wireless
access point along with its bssid, essid
and channel number. To do this we will run
kismet by opening up the terminal
and typing in kismet. It may ask you for
the appropriate adapter which in my
case is ath0. You can see your device’s
name by typing in the command
iwconfig.
2) To be able to do some of the later
things, your wireless adapter must be put
into monitor mode. Kismet automatically
does this and as long as you keep it
open, your wireless adapter will stay in
monitor mode
3) In kismet you will see the flags Y/N/0.
Each one stands for a different type
of encryption. In our case we will be
looking for access points with the WEP
encryption. Y=WEP N=OPEN 0=OTHER
(usually WAP).
4) Once you find an access point, open a
text document and paste in the
networks broadcast name (essid), its mac
address (bssid) and its channel
number. To get the above information, use
the arrow keys to select an access
point and hit <ENTER> to get more
information about it.
5) The next step is to start collecting data
from the access point with
airodump. Open up a new terminal and
start airodump by typing in the
command:
airodump-ng -c [channel#] -w [filename]
–bssid [bssid] [device]
In the above command airodump-ng starts
the program, the channel of your
access point goes after -c , the file you
wish to output the data goes after -w ,
and the MAC address of the access point
goes after –bssid. The command ends
with the device name. Make sure to leave
out the brackets.
6) Leave the above running and open
another terminal. Next we will generate
some fake packets to the target access
point so that the speed of the data
output will increase. Put in the following
command:
aireplay-ng -1 0 -a [bssid] -h
00:11:22:33:44:55:66 -e [essid] [device]
In the above command we are using the
airplay-ng program. The -1 tells the
program the specific attack we wish to use
which in this case is fake
authentication with the access point. The 0
cites the delay between attacks, -a
is the MAC address of the target access
point, -h is your wireless adapters MAC
address, -e is the name (essid) of the
target access point, and the command
ends with the your wireless adapters
device name.
7) Now, we will force the target access
point to send out a huge amount of
packets that we will be able to take
advantage of by using them to attempt to
crack the WEP key. Once the following
command is executed, check your
airodump-ng terminal and you should see
the ARP packet count to start to
increase. The command is:
aireplay-ng -3 -b [bssid] -h
00:11:22:33:44:5:66 [device]
In this command, the -3 tells the program
the specific type of attack which in
this case is packet injection, -b is the MAC
address of the target access point, -h
is your wireless adapters MAC address,
and the wireless adapter device name
goes at the end.
Once you have collected around 50k-500k
packets, you may begin the
attempt to break the WEP key. The
command to begin the cracking process is:
aircrack-ng -a 1 -b [bssid] -n 128
[filename].ivs
In this command the -a 1 forces the
program into the WEP attack mode, the -b
is the targets MAC address, and the -n 128
tells the program the WEP key
length. If you don’t know the -n , then
leave it out. This should crack the WEP
key within seconds. The more packets you
capture, the bigger chance you
have of cracking the WEP key.
Enjoy!!!!!
Note : Only For Educational Purpose.>!!!
1) First we need to scan for available
wireless networks.
Theres this great tool for windows to do
this.. called “NetStumbler” or Kismet
for Windows and Linux and KisMac for
Mac.
The two most common encryption types
are:
1) WEP
2) WAP
WEP i.e Wire Equivalent Privacy is not
consideres as safe as WAP
i.e Wireless Application Protocol.
WEP have many flaws that allows a hacker
to crack a WEP key easily..
whereas
WAP is currently the most secure and best
option to secure a wi-fi network..
It can’t be easily cracked as WEP because
the only way to retreive a WAP key
is to use a brute-force attack or dictionary
atack.
Here I’ll tell you how to Crack WEP
To crack WEP we will be using Live Linux
distribution called BackTrack to
crack WEP.
BackTrack have lots of preinstalled
softwares for this very purpose..
The tools we will be using on Backtrack
are:
Kismet – a wireless network detector
airodump – captures packets from a
wireless router
aireplay – forges ARP requests
aircrack – decrypts the WEP keys
1) First of all we have to find a wireless
access point along with its bssid, essid
and channel number. To do this we will run
kismet by opening up the terminal
and typing in kismet. It may ask you for
the appropriate adapter which in my
case is ath0. You can see your device’s
name by typing in the command
iwconfig.
2) To be able to do some of the later
things, your wireless adapter must be put
into monitor mode. Kismet automatically
does this and as long as you keep it
open, your wireless adapter will stay in
monitor mode
3) In kismet you will see the flags Y/N/0.
Each one stands for a different type
of encryption. In our case we will be
looking for access points with the WEP
encryption. Y=WEP N=OPEN 0=OTHER
(usually WAP).
4) Once you find an access point, open a
text document and paste in the
networks broadcast name (essid), its mac
address (bssid) and its channel
number. To get the above information, use
the arrow keys to select an access
point and hit <ENTER> to get more
information about it.
5) The next step is to start collecting data
from the access point with
airodump. Open up a new terminal and
start airodump by typing in the
command:
airodump-ng -c [channel#] -w [filename]
–bssid [bssid] [device]
In the above command airodump-ng starts
the program, the channel of your
access point goes after -c , the file you
wish to output the data goes after -w ,
and the MAC address of the access point
goes after –bssid. The command ends
with the device name. Make sure to leave
out the brackets.
6) Leave the above running and open
another terminal. Next we will generate
some fake packets to the target access
point so that the speed of the data
output will increase. Put in the following
command:
aireplay-ng -1 0 -a [bssid] -h
00:11:22:33:44:55:66 -e [essid] [device]
In the above command we are using the
airplay-ng program. The -1 tells the
program the specific attack we wish to use
which in this case is fake
authentication with the access point. The 0
cites the delay between attacks, -a
is the MAC address of the target access
point, -h is your wireless adapters MAC
address, -e is the name (essid) of the
target access point, and the command
ends with the your wireless adapters
device name.
7) Now, we will force the target access
point to send out a huge amount of
packets that we will be able to take
advantage of by using them to attempt to
crack the WEP key. Once the following
command is executed, check your
airodump-ng terminal and you should see
the ARP packet count to start to
increase. The command is:
aireplay-ng -3 -b [bssid] -h
00:11:22:33:44:5:66 [device]
In this command, the -3 tells the program
the specific type of attack which in
this case is packet injection, -b is the MAC
address of the target access point, -h
is your wireless adapters MAC address,
and the wireless adapter device name
goes at the end.
Once you have collected around 50k-500k
packets, you may begin the
attempt to break the WEP key. The
command to begin the cracking process is:
aircrack-ng -a 1 -b [bssid] -n 128
[filename].ivs
In this command the -a 1 forces the
program into the WEP attack mode, the -b
is the targets MAC address, and the -n 128
tells the program the WEP key
length. If you don’t know the -n , then
leave it out. This should crack the WEP
key within seconds. The more packets you
capture, the bigger chance you
have of cracking the WEP key.
Enjoy!!!!!