Cracking WEP: Difference between revisions

From ITCwiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
==Introduction==
:In this lab, I will show you how to crack WEP using BackTrack 3. As you may know, WEP is a week security protocol that can be broken easily. There are dozens of articles about cracking WEP on the internet, so if this article doesn’t give you enough information, please do some online researches. The purpose of this lab is not encouraged you to be a hacker. I set this lab for educational purpose and to prove that WEP is a weak protocol that can be hacked easily.
In this lab, I will show you how to crack WEP using BackTrack 3. As you may know, WEP is a week security protocol that can be broken easily. There are dozens of articles about cracking WEP on the internet, so if this article doesn’t give you enough information, please do some online researches. The purpose of this lab is not encouraged you to be a hacker. I set this lab for educational purpose and to prove that WEP is a weak protocol that can be hacked easily.
==Hardware required==
==Hardware required==
Here is a list of equipment and hardware Requirement for this lab:
Here is a list of equipment and hardware Requirement for this lab:
*A wireless router - this could be any wireless router that supported WEP security encryption.
:*A wireless router - this could be any wireless router that supported WEP security encryption.
*A BackTrack 3 Live CD  
:*A BackTrack 3 Live CD  
*2 wireless adapters - one of them should be a compatible wireless adapter.
:*2 wireless adapters - one of them should be a compatible wireless adapter.
*At least 2 PCs – In this lab, I used a desktop and a laptop. I installed the compatible wireless adapter card in the desktop, and the other laptop has a build-in wireless adapter.
:*At least 2 PCs – In this lab, I used a desktop and a laptop. I installed the compatible wireless adapter card in the desktop, and the other laptop has a build-in wireless adapter.


==Setup the Wireless Lab==
==Setup the Wireless Lab==
[[Image:topology.jpg|thumb|This is a picture of an idea for the network topology.|320px]]
[[Image:topology.jpg|thumb|This is a picture of an idea for the network topology.|320px]]
Below are the devices and hardware that I used in this lab along with the steps that I set them up for this lab.


*The wireless router: I used the Linksys wireless router (WRT54G) as the wireless access point. I setup the wireless router as shown in the snapshot bellow.  
:Bellow are the software and hardware I used to this lab.  


*The BackTrack 3 Live CD can be downloaded at http://www.backtrack-linux.org/downloads/. After the ISO image file has been downloaded, I burn it into a blank CD. If you would like instruction information of how to burn an ISO file to a CD/DVD, click on this link http://pcsupport.about.com/od/toolsofthetrade/ht/burnisofile.htm.
:*The wireless router: I used the Linksys wireless router (WRT54G) as the wireless access point. I setup the wireless router as shown in the snapshot bellow.  


*Find a compatible wireless adapter from http://www.aircrack-ng.org/doku.php?id=compatibility_drivers#compatibility. Find one and buy it or use the one that you have. The wireless adapter I used in this lab was the Alfa AWUS036H. I bought it online for $29.
:*The BackTrack 3 Live CD can be downloaded at http://www.backtrack-linux.org/downloads/. After the ISO image file has been downloaded, I burn it into a blank CD. If you would like instruction information of how to burn an ISO file to a CD/DVD, click on this link http://pcsupport.about.com/od/toolsofthetrade/ht/burnisofile.htm.


*I inserted the Alfa AWUS036H wireless adapter into an USB port on my desktop and insert the BackTrack 3 Live CD into the CD ROM. I called this desktop the “Sniffing PC.” Boot the Sniffing PC from the CD.  
:*Find a compatible wireless adapter from http://www.aircrack-ng.org/doku.php?id=compatibility_drivers#compatibility. Find one and buy it or use the one that you have. The wireless adapter I used in this lab was the Alfa AWUS036H. I bought it online for $29.


*I made sure that the laptop (the Target PC) and the wireless router WRT54G (the Target AP) are configured and communicated with each other correctly.  
:*I inserted the Alfa AWUS036H wireless adapter into an USB port on my desktop and insert the BackTrack 3 Live CD into the CD ROM. I called this desktop the “Sniffing PC.” Boot the Sniffing PC from the CD.
 
:*I made sure that the laptop (the Target PC) and the wireless router WRT54G (the Target AP) are configured and communicated with each other correctly.  


{|
{|
Line 28: Line 28:
|}
|}


==Capturing packets and Cracking The WEP==
==Capturing Packets==
[[Image:bt01.jpg|thumb|Selecting Wireless Assistant.]]
:Follow the steps bellow to setup and capture packets using BackTrack 3.


Follow the steps bellow to capture packets and crack the WEP key.
:*On the Sniffing PC that is running BackTrack 3, select the small '''K''' icon located on the lower left hand corner. Select '''Internet''' and then click on '''Wireless Assistant'''.
 
*On the Sniffing PC, select the small '''K''' icon located on the lower left hand corner. Select '''Internet''' and then click on '''Wireless Assistant'''.
   
   
[[File:bt01.jpg]]
:When the '''Wireless Assistant''' window appear, you should see the target wireless access point that you want to hack. If you don’t have a compatible wireless adapter, it will prompt you an error massage says “No usable wireless device found.”
 
{|
When the '''Wireless Assistant''' window appear, you should see the target wireless access point you want to hack as show in the snapshot bellow. If you don’t have a compatible wireless adapter, it will prompt you an error massage says “No usable wireless device found.”
| [[Image:bt02.jpg|thumb|upright|If the device is compatible|300px]]
 
| [[Image:bt03.jpg|thumb|upright|No usable wireless device found.|250px]]
[[File:bt02.jpg]] [[File:br03.jpg]]
|}


Take note some of the information such as the BSSID, the channel number, and the MAC address of the wireless access point that you want to crack. In this lab, the SSID is Testing AR on channel 1, and MAC address is 00:13:10:3C:51:5B. When you done, close the Wireless Assistant window.
:Take note some of the information such as the BSSID, the channel number, and the MAC address of the wireless access point that you want to crack. In this lab, the SSID is Testing AR on channel 1, and MAC address is 00:13:10:3C:51:5B. When you done, close the Wireless Assistant window.


*Run Shell – Konsole window. It is a small black screen icon located on the lower left hand corner next to the small K icon.


*Enter the command bellow to find the adapter name. Once the name of your wireless adapter shown, take note of the interface name. Mine is wlan0.  
:*Run Shell – Konsole window. It is a small black screen icon located on the lower left hand corner next to the small K icon.  


:*Enter the command bellow to find the adapter name. Once the name of your wireless adapter shown, take note of the interface name. Mine is wlan0.
[[Image:bt04.jpg|thumb|Results of the commands.|220px]]
  airmon-ng
  airmon-ng


*Enter the 4 commands bellow by typing each command and press Enter key.  
:*Enter the 4 commands bellow by typing each command and press Enter key.  
 
  airmon-ng stop ''(your device Interface)''
  airmon-ng stop ''(your device Interface)''
  ifconfig ''(your device Interface)'' down
  ifconfig ''(your device Interface)'' down
Line 55: Line 55:
  airmon-ng start ''(your device Interface)''
  airmon-ng start ''(your device Interface)''


The purpose of these commands is to change the MAC Address of your wireless adapter to a fake MAC Address: 00:11:22:33:44:55.
:The purpose of these commands is to change the MAC Address of your wireless adapter to a faked MAC Address: 00:11:22:33:44:55.


All the result of the commands above should look like this.
:All the result of the commands above should look like the screenshot on the right.


[[File:br04.jpg]]


*Run the command bellow to pick up your device and see a list of the wireless access points around you. Once you see the Target AP, press Ctrl+C to stop scanning. On the list, you will see information such as the MAC Address (BBSSID), power level, channel, encryption protocol, and the name (ESSID) of each device. Write down this information of the wireless access point that you are going to hack for later use. The Target AP used in this lab is the highlighted in the snapshot bellow.
 
:*Run the command bellow to pick up your device and see a list of the wireless access points around you. Once you see the Target AP, press Ctrl+C to stop scanning. On the list, you will see information such as the MAC Address (BBSSID), power level, channel, encryption protocol, and the name (ESSID) of each device. Write down this information of the wireless access point that you are going to hack for later use. The Target AP used in this lab is the highlighted in the snapshot bellow.


  airodump-ng ''(your device Interface)''  
  airodump-ng ''(your device Interface)''  


[[File:br05.jpg]]
[[File:bt05.jpg]]


*Run the command bellow.  
:*Run the command bellow.  


  airodump-ng -c (channel) -w (file name) --bssid (bssid) (your device interface)
  airodump-ng -c (channel) -w (file name) --bssid (bssid) (your device interface)


The channel, bssid, and your device interface is the information that you noted above. The file name can be any name you want. This command will capture the packets traffic between the Target AP and any wireless client, and save them in a file. The command I used and the output is shown bellow.
:The channel, bssid, and your device interface is the information that you noted above. The file name can be any name you want. This command will capture the packets traffic between the Target AP and any wireless client, and save them in a file. The command I used and the output is shown bellow.


[[File:br06.jpg]]
[[File:bt06.jpg]]


*Now, I will use the second laptop (the Target PC) to watch some movies online on abc.com to generate more traffic between the Target AP and Target PC. Remember that the more packets traffic to the wireless access point, the more data you can capture, and the more likely you will successfully crack the key faster.
:*Now, I will use the second laptop (the Target PC) to watch some movies online on abc.com to generate more traffic between the Target AP and Target PC. Remember that the more packets traffic to the wireless access point, the more data you can capture, and the more likely you will successfully crack the key faster.


*Open a new Shell – Konsole windows (the second Shell - Konsole) without closing the first Shell - Konsole window, and then enter the following command.  
:*Open a new Shell – Konsole windows (the second Shell - Konsole) without closing the first Shell - Konsole window, and then enter the following command.  


  aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (your device interface).
  aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (your device interface).
==Cracking the WEP key==
==Conclusion==

Revision as of 09:13, 30 July 2010

In this lab, I will show you how to crack WEP using BackTrack 3. As you may know, WEP is a week security protocol that can be broken easily. There are dozens of articles about cracking WEP on the internet, so if this article doesn’t give you enough information, please do some online researches. The purpose of this lab is not encouraged you to be a hacker. I set this lab for educational purpose and to prove that WEP is a weak protocol that can be hacked easily.

Hardware required

Here is a list of equipment and hardware Requirement for this lab:

  • A wireless router - this could be any wireless router that supported WEP security encryption.
  • A BackTrack 3 Live CD
  • 2 wireless adapters - one of them should be a compatible wireless adapter.
  • At least 2 PCs – In this lab, I used a desktop and a laptop. I installed the compatible wireless adapter card in the desktop, and the other laptop has a build-in wireless adapter.

Setup the Wireless Lab

This is a picture of an idea for the network topology.
Bellow are the software and hardware I used to this lab.
  • The wireless router: I used the Linksys wireless router (WRT54G) as the wireless access point. I setup the wireless router as shown in the snapshot bellow.
  • I inserted the Alfa AWUS036H wireless adapter into an USB port on my desktop and insert the BackTrack 3 Live CD into the CD ROM. I called this desktop the “Sniffing PC.” Boot the Sniffing PC from the CD.
  • I made sure that the laptop (the Target PC) and the wireless router WRT54G (the Target AP) are configured and communicated with each other correctly.
Linksys wireless router(WRT54G)
A screenshot of BackTrack 3
Alfa Wireless Adapter (AWUS036H)

Capturing Packets

Selecting Wireless Assistant.
Follow the steps bellow to setup and capture packets using BackTrack 3.
  • On the Sniffing PC that is running BackTrack 3, select the small K icon located on the lower left hand corner. Select Internet and then click on Wireless Assistant.
When the Wireless Assistant window appear, you should see the target wireless access point that you want to hack. If you don’t have a compatible wireless adapter, it will prompt you an error massage says “No usable wireless device found.”
If the device is compatible
No usable wireless device found.
Take note some of the information such as the BSSID, the channel number, and the MAC address of the wireless access point that you want to crack. In this lab, the SSID is Testing AR on channel 1, and MAC address is 00:13:10:3C:51:5B. When you done, close the Wireless Assistant window.


  • Run Shell – Konsole window. It is a small black screen icon located on the lower left hand corner next to the small K icon.
  • Enter the command bellow to find the adapter name. Once the name of your wireless adapter shown, take note of the interface name. Mine is wlan0.
Results of the commands.
airmon-ng
  • Enter the 4 commands bellow by typing each command and press Enter key.
airmon-ng stop (your device Interface)
ifconfig (your device Interface) down
macchanger --mac 00:11:22:33:44:55 (your device Interface)
airmon-ng start (your device Interface)
The purpose of these commands is to change the MAC Address of your wireless adapter to a faked MAC Address: 00:11:22:33:44:55.
All the result of the commands above should look like the screenshot on the right.


  • Run the command bellow to pick up your device and see a list of the wireless access points around you. Once you see the Target AP, press Ctrl+C to stop scanning. On the list, you will see information such as the MAC Address (BBSSID), power level, channel, encryption protocol, and the name (ESSID) of each device. Write down this information of the wireless access point that you are going to hack for later use. The Target AP used in this lab is the highlighted in the snapshot bellow.
airodump-ng (your device Interface)

Bt05.jpg

  • Run the command bellow.
airodump-ng -c (channel) -w (file name) --bssid (bssid) (your device interface)
The channel, bssid, and your device interface is the information that you noted above. The file name can be any name you want. This command will capture the packets traffic between the Target AP and any wireless client, and save them in a file. The command I used and the output is shown bellow.

Bt06.jpg

  • Now, I will use the second laptop (the Target PC) to watch some movies online on abc.com to generate more traffic between the Target AP and Target PC. Remember that the more packets traffic to the wireless access point, the more data you can capture, and the more likely you will successfully crack the key faster.
  • Open a new Shell – Konsole windows (the second Shell - Konsole) without closing the first Shell - Konsole window, and then enter the following command.
aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (your device interface).

Cracking the WEP key

Conclusion

Retrieved from "https://wiki.ihitc.net/mediawiki/index.php?title=Cracking_WEP&oldid=2987"