Hacking WEP Network with Backtrack 5
This tutorial will show you how to hack a WEP network. Its relatively easy to hack a WEP(Wired Equivalent Privacy) network than a WPA/WPA2 network. That's the reason, most people choose WPA/WPA2 to secure their wireless network. However, if you want to hack a WEP network, this tutorial will be teaching you how to do it. It takes from 30 mins to 3 hrs to hack a WEP network depending on the signal strength of the network you're trying to hack. I have posted tutorial for hacking a WPA/WPA2 secured wireless network in my previous post.
Lets get Hacking
First you will need to have a Wireless Network Adapter supporting packet injection. Download Backtrack and create a Live USB/DVD. Then, boot Backtrack.
Open a Terminal. Type in:
iwconfig
This command will show all the available interfaces in your PC. Note the interface name of your wireless network adapter. Generally it is named "wlan0". A wireless network adapter can be operated in two modes. One is the normal mode that you normally use for surfing the net. The next mode is the Monitor mode that we will be using for hacking. In monitor mode, we monitor all the available access points in the location and interfere their packets. Now lets put our network adapter to Monitor mode. For that type in:
airmon-ng start wlan0
airmon-ng start wlan0
After this command, our network adapter will be in monitor mode and the interface name is changed to "mon0". Note this that in monitor mode, your interface name will be "mon0" not "wlan0".
After enabling the monitor mode, we now search for access points in the location. For this, type in:
After enabling the monitor mode, we now search for access points in the location. For this, type in:
airodump-ng mon0
This command will monitor all the available networks in your area. And it also show many information about the access points that we'll need for later commands like the channel no. ,bssid,etc. After running airodump-ng, wait till your victim (WEP network) appears. After that, hit Ctrl + C to stop airodump-ng.
Note the channel no. and bssid of your victim. Now you need to capture the packets from the access point. Type in:
airodump-ng -c (channel no. of victim) --bssid (bssid of victim) -w (capture file name) mon0
The above command will start capturing packets from the access point you are targeting. The captured packets are saved in the caputre file (.cap). We will use this capture file to crack the password. After entering the above command, note the amount of Data that is being received. All we have to do is wait for the Data to reach about 10000 to 20000. The data rate may be slow because your network adapter is not associated with the access point. So we use "Fake Authentication" to authenticate and associate with the access point. Keep airodump-ng running, capturing data. Open a new terminal and Type:
aireplay-ng -1 0 -a (bssid of victim) mon0
This command will start a Fake Authentication with the victim's access point. On success, it will show "Association successful". Sometimes, this attack may not be successful. If so, try moving nearer to the access point and use your luck the next time. Once you're associated with your victim's access point, you send an ARP Request.
Type:
aireplay-ng -3 -b (bssid of victim) mon0
This command sends an ARP Request to the victim. An ARP Request starts a type of network communication request between two computers. If your request is acknowledged, ACK signals are received. If your ARP Request is acknowledged, you will notice that the Data received will increase rapidly. Once the data reaches 5000, start aircrack-ng. First, look up what's the name of your capture file. For that, open a new terminal, type "ls" and hit enter. And note the name of your capture file.
Type:
aircrack-ng (capture file name.cap)
Once you enter this command, it will start testing keys. Depending on the password strength of the victims' access point, it will require more packets (data) from the access point. Generally, aircrack-ng can surely crack the password if you obtain 25000 IVs (packets) from the access point. Just start aircrack-ng after receiving 5000 IVs. Even if it fails to crack password at 5000 IVs, the attack will auto-start after receiving 10000 IVs. It will keep on attacking until the password is cracked.
Once it cracks the password, it will show "Key Found![victims' password]". Remove all the ":" from the key, and now you have the password. Cheers!!
So, this is how you hack a WEP network using Backtrack 5. Please leave a Comment, rate and share my post guys!! And if you have any problem, please ask freely in the comment section below.
So, this is how you hack a WEP network using Backtrack 5. Please leave a Comment, rate and share my post guys!! And if you have any problem, please ask freely in the comment section below.
Thanks!!
No comments:
Post a Comment