1 / 19

WEP Key Cracking With Backtrack 5

WEP Key Cracking With Backtrack 5. Wilfredo Maldonado. What you will need. Hardware. S oftware. Backtrack 5 ISO disk (http:// www.backtrack- linux.org ) Virtualization software (if you do not want to dual boot your PC) Virtual box Vmware (PC) Vmware Fusion(MAC).

joanne
Télécharger la présentation

WEP Key Cracking With Backtrack 5

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WEP Key Cracking With Backtrack 5 Wilfredo Maldonado

  2. What you will need Hardware Software Backtrack 5 ISO disk (http://www.backtrack-linux.org) Virtualization software (if you do not want to dual boot your PC) Virtual box Vmware (PC) Vmware Fusion(MAC) • PC (mac or Windows makes no difference) • Internal wireless card or USB card • Wireless access point for testing

  3. Word of caution • Make sure your wireless adapter is compatible with monitor mode. • Backtrack supports various chipsets but the main ones are: • Atheros • Realtek • Running this through Vmware may cause a problem due to your PCs wireless is seen as hardwire connection to backtrack. (Vmware thinks it is connected to your PC through a switch). • Best advice , if you use vmware use a USB wireless card (AWUS036H preferred about $30) or run live CD to get direct control of internal wireless card

  4. Backtrack 5 Applications • Airmon-ng: This app will turn the wireless card on in wireless mode. • Airodump-ng: This is the package capturing app. • Aireplay-ng: This will inject ARP packets into the network to generate traffic (not needed but good if you have a network with slow traffic). • Aircrack-ng: this will take the IVs (initialization vector) from the packet dump and use them to crack the encryption.

  5. Getting Started • Boot up Backtrack 5 however you have it installed (username root, password toor) • Go to the Gui interface by typing startx at the command prompt. (you can run all of this from command prompt but in the Gui you can have multiple console screens open doing simultaneous things) • Open a console window by clicking on the icon next to the system menu on the top left

  6. Find and start wifi card • In the console type airmon-ng(case sensitive) • This lists all the wireless cards on the PC both internal and USB • Once you decide which interface to use type the following command airmon-ng start (interface name) • This will start the interface in monitor mode

  7. Finding the correct network • Next you want to get the information for the network you want to crack. At the command line type airodump-ng (interface name) • After you have located the network you want to crack write down (or use gedit text editor) the bssidand channel of the network hit control c top stop the scan.

  8. Dumping packets • Next you want to start dumping packets and saving them to a file. • Type airodump-ng –c (channel) --bssid (bssid) –w (name of file) (interface) • The –c option is the channel • The --bssid option is the mac address of the AP • The –w option is to write the packets to a file

  9. Package injection • Next open a new console window (do not close the other one) type aireplay-ng -1 0 -a (bssid) (interface) this will send an authentication request to the AP • The -1 denotes the attack mode fake authentication • The -a sets the target mac address

  10. Packet injection cont. • Once you receive a response back from the previous command type aireplay-ng -3 -b (bssid) (interface) • The -3 is another attack mode called ARP replay • The -b sets the destination mac address • This command generates the traffic needed to collect packets quickly. • Note: I noticed in my testing the AP needs at least one device connected to it so data can be transferred

  11. Cracking the WEP • Go back to the airodump-ng screen and look at the number of packets (#data) you need a significant number so let it run for a few minutes. (the more packets the more unique IVs which make cracking faster). • Open a third console window and type aircrack-ng (file name) -01.cap • If successful aircrack will show you the hex key and ascii key to your AP • When you put in the hex key DO NOT include colons • If you are unsuccessful you probably need more packets. If you stopped aireplay you can start over if not let it keep going collecting data

  12. Research Sources http://linux.die.net/man/ http://www.backtrack-linux.org/ Safe linux channel on youtube.com

More Related