25 replies to this topic

[debratd]

I had posted for help regrading this topic earlier and I had lots of problems trying to do this but I managed atlast and I would like to share my views with you.

Firstly, I am just posting this for Information only. I do not want people asking me how they can hack into their neighbours wireless and computers. I believe this setup gives an interesting view on the weaknesses of WEP and wireless in General.

There are many tools available to do this. However I used a Live Linux Distribution, Audior and Backrtrack. You can get these downloaded from:

http://www.remote-exploit.org/index.php/Main_Page

In order to crack any WEP network. You will need to first find a network. This is the sniffing stage. You will use a program called Kismet. All the programs I have used are available on the live cd's, so you do not have to worry about installing them if you are a noob to Linux. For those who are familiar with linux you can download the software from,

http://kismetwireless.net/

Kismet will give you a list of networks available, with their SSIDs, it will tell you what encryption they are using and the power levels also. The good think about this software is that it will be able to find networks with Hidden SSID's also which is a very neat feature. You can further check in the software the MAC addresses of the Access Points and the clients associated with them. This is very important when you want to do a packet Injection in order to collect more amounts of IV's.

Well, this gives you an overview of what networks are available. You can collect data from this program itself. You can now use a program called Airodump to collect all the IV's in order for you to crack the wep. This is part of the aircrack suite of programs, which also includes aireplay for injection. This is also included in the live distributions. However if you want to install it on your version of Linux then you can get it at

http://www.aircrack-ng.org

.

You can choose to collect as much data as possible with the traffic in the network, this could take ages unless there is high amounts of data being transfered. In order to crack 64 bit WEP you probably need atleast 50000 IV's which is not very easy to get. 128 bit is worse, you would need atleast 800000 upto 2 million and sometimes you may need upto 5 million. However one important thing to know is that aircrack does not support all wireless cards, you need to go and check on their website what cards are supported. In order to capture packets you will need to have a card able to run in monitoring mode.

The concept of doing an Injection is straight forward. You are trying to capture an interesting packet (encrypted one which has some value) and then you will do a replay of this, continously throwing it back onto the network. WHy does this work? because the iplementation of WEP does not have anything to prevent this. This is the loophole that you can use to generate more IV's. This is done by the Aireplay program.

For this post I am not going to put any syntax for the softwares, It would be a good idea for you to have alook and mess around. It will better help you understand. Though it can be frustrating. But just be aware there are only some chipsets that support Injection, Including Ralink and Atheros. Intel Chipsets are very problemalistic and do not support this. And the other thing is that the chipsets supported mostly need to be patched, you need the MadWIFIdrivers for this. You can get more information on the aircrack website. However the Live cd's support some cards and you do not need to patch these. It can be quite difficult for Linux Noobs to try this out.

Once you collect enough IV's you can use the aircrack program to run the file and try and crack it, it would take seconds to do this for a 64 bit but it could take several minutes to crack a 128 bit key.

There are several other programs you can use for Injection, such as Void 11, or KisMAC (if you are using an Apple Machine). There are several live cd distributions also, Whax, Whoppix, so there is loads to explore.

Hope you guys have fun with this. Let us know how it works out for you.

Debratd

[hamm]

Is there any programs in windows used to do WEP cracking
I have trouble running linux on a propieitery Laptop I have from HP

I have done some googleing and found out about a program called
Wild Packets AiroPeek
any thoughts?

[debratd]

Well, actually Aircrack can also be used in Windows. But this can only be used to capture packets/sniffing. It does not support the Aireplay (Injection). Have you tried the live cd's? Auditor or Backtrack? I have seen those work on many Laptops. Yeah I have used Wild Packets, Airopeek, but I think this is a wireless analysis program. You can see what traffic is being sent around the networks, but I havent seen any features for wep cracking. I would say you should give the live cd's a try, the windows platform is not known to be good for these things. You can use programs like Netstumbler to find networks, but Neetstumbler wont be able to find networks with hidden SSID's, Kismet can do this. I would have suggested trying to use vmware and then have Linux loaded on this and try it out, but from what I have heard it doesn't support the wireless scanning bit.

[SyGo]

thanks a lot for that, man! these are always perls of wisdom.

Remote-Exploit's forum had a step-by-step topic on how to do this, and it's a bit different from yours so here it is: h++p://forums.remote-exploit.org/showthread.php?t=1556&highlight=kismet
(some details are wrong, but if you can't spot the mistakes you shouldn't be doing this sort of thing anyway. lol)

on another note I advise anyone interested in pen testing to give backtrack a serious test-drive, I used phlak and LAS for a few years, but back-track is the all-in-one swiss army knife of pen testing, I got it on my old celeron toshiba laptop HD on the same say I downloaded it..

[debratd]

Yeah I have seen that post,

That actually works very well. But there are many approaches to this and the best idea is to see what the program can do and decide what the best way of attack is. Messing around is the best way to Learn. Yes, I would agree, Backtrack is really good. I am also a newbie to Linux, but Backtrack is fairly easy to use and I had a good time using it. There are many videos also available which show the WEP cracking process. If more people are Interested then I will try and source them and post them on the shares. If anyones tried cracking WPA networks then let us know how thats been. It would be good to know about this also.

[oseahumen]

hello

can u pls post the video,i will really like to see it.
Thanks and cheers

Oseahumen

[xxxYxxx]

hello

can u pls post the video,i will really like to see it.
Thanks and cheers

Oseahumen

It's here:
hxxp://www.hackingdefined.com/movies/see-sec-wepcrack.zip

[oseahumen]

hey,

I downloaded the stuff with the link u posted here but to my utmost dismay i found out that the content was a musical file.pls try and check what u posted and correct or did i not download it well?

Pls i need ur help to unravel this.thanks

Oseahumen

[xxxYxxx]

hey,

I downloaded the stuff with the link u posted here but to my utmost dismay i found out that the content was a musical file.pls try and check what u posted and correct or did i not download it well?

Pls i need ur help to unravel this.thanks

Oseahumen

Well Oseahumen,
i doubled checked it, and it fine: it's a 104mb zip file,
in it you'll find the file:
WIRELESS-WEP-WHOPPIX.avi

i d/l it from a different computer and it's fine here as well.
maybe you confused it with another file?

[oseahumen]

hey,

Actually thats how the file is but when i open it,it does not diplay except for some un-audible, incoherrent sound that comes out..
can u pls help me on how to open it,i op u will not be offended.
I really want to view how wep crack is demostrated.pls i need ur help,thanks in advance.

Oseahumen.

[baggy]

hey,

Actually thats how the file is but when i open it,it does not diplay except for some un-audible, incoherrent sound that comes out..
can u pls help me on how to open it,i op u will not be offended.
I really want to view how wep crack is demostrated.pls i need ur help,thanks in advance.

Oseahumen.

If you have downloaded the file correctly and still getting only audio, then the problem may be related to codecs.
Try using Divx codecs or install the codec pack from klite

Cheers

baggy

[debratd]

I have uploaded a set of security videos which can be helpful. You can get them on this link

http://www.sadikhov....showtopic=62021

I will upload more in some time.

Debratd

[debratd]

I have uploaded one more set of videos.

http://www.sadikhov....showtopic=62021

[oseahumen]

hello debratd,

I appreciate the stuff,ur indeed a genus.I thank u very much.The problem i have now is how to study linux cos i am a novice.

Can u help with a windows compliant wep cracking tool,i just want to demostrate that wep is not secured.

I will be very happy if u can.
Cheers.

Oseahumen

[debratd]

Hi oseahumen,

Well, to be honest if you use the live versions of the cd's then you dont really need to know Linux, you wont be doing any shell programming or anything of the sort, you will just run the programs (readily installed and configured) from a console window using commands which are specified. For example, if you want to use airodump (for sniffing packets) then the command you type is airodump or airodump-ng (for the newer versions) and if you hit enter it gives you a list of options available for this command and then you can move ahead with this. If you try this approach then you will better understand the tools. But if you want to use windows then you can use aircrack windows version also which is available from their website. If you have watched the [productbanned] videos, one of the videos actually demonstartes this using aircrack in Windows to crack WEP and WPA/PSK. I would suggest you go through the video and you will get all that you need from there. But you need to make sure that you wireless card is supported and the Injection is not supprted, so you cannot use aireplay, so you will need to generate alot of traffic, using pings and downloads in order for you to collect enough data to crack the key. I think links for the [productbanned]s ara available in the shares so it will be worthwhile doing a search there.

Good Luck

[oseahumen]

Hello Debratd,
I really appreciate ur timely and logical method utilised to answer my questions,I think i have learnt a lot from u.pls can u post the link for the [productbanned] here so that i can download it.

i tried my hands on the aircrack and it looks kool and very easy to use.Many Thanks to u.pls help on the latest worry!!!

Oseahumen

[debratd]

I have posted a link for the wireless [productbanned] videos.

http://www.sadikhov....showtopic=62657

Please note that these were already available and I did not upload them, I simply searched from them through links that I found in the Share Section. My Advice is that firstly for any shares whatsoever, you need to ask at the shares section and you really need to work with your search skills. There are loads of resources available, you need to be able to hunt down anything that you need. Please do not post asking me to ulpoad them to any other share site.

Good Luck

[oseahumen]

hello Debratd,
Pls can u help me with the password for the [productbanned].
Oseahumen

[Riteconv]

Hey you guys,

Mine complements on this post. I want to test it out and like to know what the stabelest Linux flavor is to get started. Thanks in advance.

Raoul

[screeeeeem]

i found this intresting topic
hxxp://www.smallnetbuilder.com/content/view/24244/98/

[waver]

Hey you guys,

Mine complements on this post. I want to test it out and like to know what the stabelest Linux flavor is to get started. Thanks in advance.

Raoul

Google for Backtrack. It has the most comprehensive set of security tools. I have used it to audit many wireless networks. WEP is obviously very weak and can be cracked in no time.

[bighorns]

Google for Backtrack. It has the most comprehensive set of security tools. I have used it to audit many wireless networks. WEP is obviously very weak and can be cracked in no time.]

Any thoughts on experiencing using it with Linux as opposed to windows?

Edited by bighorns, 21 May 2007 - 06:15 PM.

[waver]

Yes, of course.. Things arent so simple on the linux side. You need to know at least basic commands to do things. However, linux have become quite user friendly as compared to years ago, but still not as well as windows. Troubleshooting is also alot tougher. For me, to run the wireless tools, I need to know commands on how to change drivers for a wireless card, enable different kinds of modes, packet injection etc.

[whoiam55]

A nice article to read.

http://neworder.box.sk/news/13688

[screeeeeem]

who why u are posting twice , all tht excited for this topic

[whoiam55]

I don't know, it had happen with you too many times, you better know yourself. not everyone have good internet connection at home.