How to Crack Wifi Password using backtrack?
Trick level : Script Kiddies
Skills needed : Nopes
WEP
– Wired Equivalent Privacy – This encryption is the most common and most hack-able
kind of encryption which is in use today as my college also uses this type for
secured and limited access in the classrooms. ;)
WAP
– Wireless Application Protocol – This encryption is not that much nice to give
the keys away as this is really very secured kind of encryption. Cracking this encryption
can be tricky and a bit hard as we have to use the brute-force attack or the
dictionary attack to crack it down.
WPA
& WPA2 – Wifi Protected Access and Wifi Protected Access II – These
protocols are developed by Wifi alliance when the WEP was found to be not that
secure.
One
thing you’ll need is Backtrack iso image, it is the best penetration testing linux distribution. And one
thing more your wireless adapter (wifi card) must be compatible.
Check
your cards compatibility
You
need to have some details of the network you are going to attack i.e.
1.
BSSID (Basic Service Set Identification)
2.
ESSID (Extended Service Set Identification)
3.
Channel Number.
You
can obtain these details by using NetStumbler which is available for windows
environment, download it and run, and it will give away a huge amount of
details about the wireless access points around you.
Cracking
the WEP using Backtrack
Step
1 – Make a live pendrive (?) with backtrack image downloaded and boot the
system from it and type “startx” to get to the GUI in Backtrack 4.
Step
2 – Determine the appropriate adapter by typing “iwconfig” in terminal (console
window), in my case it is wlan0
Step
3 – Now start Kismet (a wireless network analyzer) by typing “kismet” in the
terminal and watch for the flag “Y” which means WEP and note the essid, bssid
and channel number of the access point and leave this terminal open for keeping
the adapter in the monitor mode.
Step
4 – Now we will start capturing data from the access point. To do this, start a
new terminal and start airodump by following command :
airodump-ng -c <chnl. No.> -w
<filename> --bssid <bssid> <device>
Here
the channel number goes after –c and the filename in which you want store the
captured data goes after –w and the bssid you had noted goes after - - bssid
and the device at the end.
Step
5 – keep the airodump terminal running and open a new terminal and type the
following command :
aireplay-ng -1 0 –a <bssid> -h <MAC> -e <essid>
<device>
here
-1 defines the type of attack and 0 gives the time delay for each attack, here
the MAC is the mac address of your
adapter and every thing remains same.
Step
6 – Now type the command
aireplay-ng -3 –b <bssid> -h <MAC> <device>
here
-3 defines the attack which is Packet Injection in this case and again every
thing remains the same.
This
command will send very large no. of packets to the target now go to the
airodump terminal and you will see the ARP packets to increase.
Step
7 – Now the final strike, when you have achieved the proper packet count i.e.
30k minimum and 50k-500k for ensuring good attack.
Type
the following command to crack the key i.e. :
aircrack-ng –a 1 –b <bssid> -n 128 <filename>.ivs
here
1 following –a takes the cracking procedure into WEP mode 128 following –n
defines the key length
There
is always one element which plays important roles in cracking process i.e. luck
:)
If you are lucky enough your card will be compatible and the network will be WEP and you’ll not commit any mistake.
If you are lucky enough your card will be compatible and the network will be WEP and you’ll not commit any mistake.
I
hope you are lucky and if not ……
Remember
the golden rule of IT
“Google
it”
No comments:
Post a Comment