FIRST I MAKE
IT CLEAR THAT WE DOES NOT MAKE PEOPLE ETHICAL HACKER HERE ALL TRICKs ARE ONLY
FOR KNOWLEDGE PURPOSE HACKING IS A CRIME DON CHEAT INNOCENT PEOPLE WITH YOUR
POWERS.
Doesn’t it
irritate when you see your laptop’s catching so many Wi-Fi signals but none of
them is accessible.. don’t you feel like “I wish I could some how break the
password and dive into the deep oceans of the information” I believe everyone
should be able to have free internet
. If someday
I make it big enough and I’ll be having ample money.. I promise I’ll provide
free Wi-Fi hotspots all over the places.. “Let there be INTERNET”.. even If I
don’t get rich.. I’ll become a politician and would make Internet a Fundamental
right to every citizen.. Now that would be something..
That’s
enough with the Castles in the air.. now lets get back to reality..
What I can
do for you right now is that I can tell you how to hack a wifi network to
access Internet.. Some would call it stealing.. some like me won’t..
I’ll call it
Sharing.. Sharing is what on which the whole Internet is build upon…
So.. Here’s
how we do it..
1) First we
need to scan for available wireless networks.
There’s this
great tool for windows to do this.. called “Nets tumbler” or Kismet for Windows
and Linux and KisMac for Mac.
The two most
common encryption types are:
1) WEP
2) WAP
WEP i.e.
Wire Equivalent Privacy is not considers as safe as WAP
i.e.
Wireless Application Protocol.
WEP have
many flaws that allows a hacker to crack a WEP key easily.. whereas
WAP is
currently the most secure and best option to secure a Wi-Fi network..
It can’t be
easily cracked as WEP because the only way to retrieve a WAP key is to use a
brute-force attack or dictionary attack.
Here I’ll
tell you how to Crack WEP
To crack WEP
we will be using Live Linux distribution called Backtrack to crack WEP.
Backtrack
have lots of preinstalled software’s for this very purpose..
The tools we
will be using on Backtrack are:
Kismet – a
wireless network detector
air dump –
captures packets from a wireless router
airplay –
forges ARP requests
air crack –
decrypts the WEP keys
1) First of
all we have to find a wireless access point along with its beside, essay and
channel number. To do this we will run kismet by opening up the terminal and
typing in kismet. It may ask you for the appropriate adapter which in my case
is ath0. You can see your device’s name by typing in the command iwconfig.
2) To be
able to do some of the later things, your wireless adapter must be put into
monitor mode. Kismet automatically does this and as long as you keep it open,
your wireless adapter will stay in monitor mode.
3) In kismet
you will see the flags Y/N/0. Each one stands for a different type of
encryption. In our case we will be looking for access points with the WEP
encryption. Y=WEP N=OPEN 0=OTHER(usually WAP).
4) Once you
find an access point, open a text document and paste in the networks broadcast
name (essid), its mac address (bssid) and its channel number. To get the above
information, use the arrow keys to select an access point and hit <ENTER>
to get more information about it.
5) The next
step is to start collecting data from the access point with airodump. Open up a
new terminal and start airodump by typing in the command:
airodump-ng
-c [channel#] -w [filename] –bssid [bssid] [device]
In the above
command airodump-ng starts the program, the channel of your access point goes
after -c , the file you wish to output the data goes after -w , and the MAC
address of the access point goes after –bssid. The command ends with the device
name. Make sure to leave out the brackets.
6) Leave the
above running and open another terminal. Next we will generate some fake
packets to the target access point so that the speed of the data output will
increase. Put in the following command:
aireplay-ng
-1 0 -a [bssid] -h 00:11:22:33:44:55:66 -e [essid] [device]
In the above
command we are using the airplay-ng program. The -1 tells the program the
specific attack we wish to use which in this case is fake authentication with
the access point. The 0 cites the delay between attacks, -a is the MAC address
of the target access point, -h is your wireless adapters MAC address, -e is the
name (essid) of the target access point, and the command ends with the your
wireless adapters device name.
7) Now, we
will force the target access point to send out a huge amount of packets that we
will be able to take advantage of by using them to attempt to crack the WEP
key. Once the following command is executed, check your airodump-ng terminal
and you should see the ARP packet count to start to increase. The command is:
aireplay-ng
-3 -b [bssid] -h 00:11:22:33:44:5:66 [device]
In this
command, the -3 tells the program the specific type of attack which in this
case is packet injection, -b is the MAC address of the target access point, -h
is your wireless adapters MAC address, and the wireless adapter device name
goes at the end.
Once you have collected around 50k-500k
packets, you may begin the attempt to break the WEP key. The command to begin
the cracking process is:
aircrack-ng
-a 1 -b [bssid] -n 128 [filename].ivs
In this
command the -a 1 forces the program into the WEP attack mode, the -b is the
targets MAC address, and the -n 128 tells the program the WEP key length. If
you don’t know the -n , then leave it out. This should crack the WEP key within
seconds. The more packets you capture, the bigger chance you have of cracking
the WEP key.
0 comments:
Post a Comment