How to crack Wifi Password using Airoscript

How to Crack Wifi Password using Airoscript?

Trick level : Script Kiddies

Skills needed : Nopes

There are always two ways to achieve a task, the hard way and the easy one, and I must say that, this one is the easy one in comparison with the last one that was How to Crack Wifi Password using Backtrack 4, which comes without airoscript by default.

But in backtrack 5 R3 the airoscript was back, cracking WEP is very easy, here we will be going to need two things

1.    Backtrack 5 R3 iso Image

2.    Compatible Wireless adapter

After acquiring these two, you are all set to begin.

But During the whole process just remember that machine, wireless adapter and other circumstances always makes unique Configuration and so their unique problems.

  

Cracking WEP with Airoscript

Step 1 – Make a live pendrive (?) with backtrack 5 R3 image and boot the system from pendrive and type “startx” to get the GUI.

Step 2 – Start airoscript-ng from the “menu>system>airoscript-ng” and select the desired display resolution.

Step 3 – Now the airoscript will scan the network for the nearby access point and will ask you to select the target.

Step 4 – After selecting the target you will be asked to select the client, it’s not always necessary to select a client, so you can opt for the option “4) No select client”.

Step 5 – Now airoscript will give you a bunch of options like “Attack”, “Crack”, “Autopwn”.

Select “Autopwn” and airoscript will start the attack on the target and if you don’t see the IVS count increasing, press “a” to try another attack.

Wait for the ivs count to reach the required amount, and then

Hopefully you will find the key :)

But if not and you encounter any problem, feel free to post your question.

And do Remember the Rule......... Google IT

How to Crack Wifi WEP key using Backtrack

How to Crack Wifi Password using backtrack? 

Trick level : Script Kiddies

Skills needed : Nopes

There are few types of encryptions used in securing wifi perimeter i.e. WEP, WAP, WPA.

WEP – Wired Equivalent Privacy – This encryption is the most common and most hack-able kind of encryption which is in use today as my college also uses this type for secured and limited access in the classrooms. ;)

WAP – Wireless Application Protocol – This encryption is not that much nice to give the keys away as this is really very secured kind of encryption. Cracking this encryption can be tricky and a bit hard as we have to use the brute-force attack or the dictionary attack to crack it down.

WPA & WPA2 – Wifi Protected Access and Wifi Protected Access II – These protocols are developed by Wifi alliance when the WEP was found to be not that secure.

One thing you’ll need is Backtrack iso image, it is the best penetration testing linux distribution. And one thing more your wireless adapter (wifi card) must be compatible.

Check your cards compatibility

You need to have some details of the network you are going to attack i.e.

1. BSSID (Basic Service Set Identification)

2. ESSID (Extended Service Set Identification)

3. Channel Number.

You can obtain these details by using NetStumbler which is available for windows environment, download it and run, and it will give away a huge amount of details about the wireless access points around you.

Cracking the WEP using Backtrack

Step 1 – Make a live pendrive (?) with backtrack image downloaded and boot the system from it and type “startx” to get to the GUI in Backtrack 4.

Step 2 – Determine the appropriate adapter by typing “iwconfig” in terminal (console window), in my case it is wlan0

Step 3 – Now start Kismet (a wireless network analyzer) by typing “kismet” in the terminal and watch for the flag “Y” which means WEP and note the essid, bssid and channel number of the access point and leave this terminal open for keeping the adapter in the monitor mode.

Step 4 – Now we will start capturing data from the access point. To do this, start a new terminal and start airodump by following command :

airodump-ng -c <chnl. No.> -w <filename> --bssid <bssid> <device>

Here the channel number goes after –c and the filename in which you want store the captured data goes after –w and the bssid you had noted goes after - - bssid and the device at the end.

Step 5 – keep the airodump terminal running and open a new terminal and type the following command :

aireplay-ng -1 0 –a <bssid> -h <MAC> -e <essid> <device>

here -1 defines the type of attack and 0 gives the time delay for each attack, here the MAC is the mac address of your adapter and every thing remains same.

Step 6 – Now type the command

                           aireplay-ng -3 –b <bssid> -h <MAC> <device>

here -3 defines the attack which is Packet Injection in this case and again every thing remains the same.

This command will send very large no. of packets to the target now go to the airodump terminal and you will see the ARP packets to increase.

Step 7 – Now the final strike, when you have achieved the proper packet count i.e. 30k minimum and 50k-500k for ensuring good attack.

Type the following command to crack the key i.e. :

                           aircrack-ng –a 1 –b <bssid> -n 128 <filename>.ivs

here 1 following –a takes the cracking procedure into WEP mode 128 following –n defines the key length

There is always one element which plays important roles in cracking process i.e. luck :)
If you are lucky enough your card will be compatible and the network will be WEP and you’ll not commit any mistake.

I hope you are lucky and if not ……

Remember the golden rule of IT

“Google it”