- Page 1:Introduction
- Page 2:Starting from scratch
- Page 3:Packet capture with Airodump
- Page 4:Deauthentication via void11
- Page 5:Verifying the deauth
- Page 6:Packet replay via Aireplay
- Page 7:Packet replay via Aireplay - more
- Page 8:Packet capture and cracking
- Page 9:Helpful hints
- Page 10:Conclusion
- Page 11:Command Summary
This article was updated in May of 2008 to reflect changes in software availability. For example, the Auditor Security Collection CD mentioned previously in this article is no longer readily available. Instead, we recommend using Backtrack, which is based on Auditor. We are sure you will be able to get through the instructions with a little creative interpretation, which is better than having to figure out alternatives to software that is not available. In addition to dealing with software, we also checked and updated all links.
In Part 1 of How to Crack WEP, we showed the basic approach to WEP cracking, configured a practice target WLAN and configured both sniffing and attack computers. We also introduced the Backtrack Collection and used Kismet to find in-range wireless LANs.
In this article, we will describe how to use additional tools found on the Backtrack CD to capture traffic and use it to crack a WEP key. We’ll also describe how to use deauthentication and packet replay attacks to stimulate the generation of wireless traffic that is a key element of reducing the time it takes to perform a WEP key crack.
Before we get started, however, let us make a few points that may save some readers the time and effort of trying these techniques:
To successfully follow this How To, you need basic familiarity with networking terminology and principles. You should know how to ping, open a Windows Command Prompt, enter command lines and know your way around the Windows networking properties screens. Basic familiarity with Linux will be helpful too.
These procedures assume the use of specific wireless hardware described in Part 1. They will not work with other hardware types without modification.
These procedures assume that the target WLAN has at least one client associated with an AP or wireless router. They will not work with an AP that has no associated clients.
Accessing anyone else’s network other than your own without the network owner’s consent is illegal. Toms Guide, Bestofmedia and the author do not condone or approve of illegal use of this tutorial in any way
Also note that it is possible to perform WEP cracking using only one computer. But we have chosen to use two to more clearly illustrate the process and avoid some of the complications caused by using a single computer.
The four main tools used in this article are airodump, void11, aireplay and aircrack, which are included on the Backtrack CD:
Airodump scans the wireless network for packets and captures these packets into files Void11 will deauthenticate computers from a wireless access point, which will force them to reassociate to the AP, creating an ARP request Aireplay takes this ARP request and resends it to the AP, spoofing the ARP request from the valid wireless client Finally, aircrack will take the capture files generated by airodump and extract the WEP key
From your scanning with Kismet as described in Part 1, you should have written down the following four pieces of information:
MAC Address of the wireless Access Point (AP) MAC Address of the "Target" computer WEP key used Wi-Fi channel used
In the following procedures, we will call our laptops, Auditor-A and Auditor-B and call the target computer Target. Let’s get started.
|Discuss This Article!
( ) Replies