Welcome back, my Friends Today we are going to learn about the hacking of Wi-Fi. It sounds cool isn't it ? :)
Now, you might be asking yourself, "Why would I want to hack Wi-Fi when I have my own Wi-Fi router and access ?"
The answer is multi-fold.
- if you hack someone else's Wi-Fi router, you can navigate around the web anonymously, or more precisely, with someone else's IP address.
- Once you hack the Wi-Fi router, you can decrypt their traffic and use a sniffing tool like Wireshark or tcpdump to capture and spy on all of their traffic.
- If you use torrents to download large files, you can use someone else's bandwidth, rather than your own. (Its sounds better :P)
Let's take a look at cracking WEP with the best wireless hacking tool available with backtrack aircrack-ng!
Step 1: Open Aircrack-Ng in BackTrack
Let's start by firing up BackTrack and make certain that our wireless adapteris recognized and operational.
- iwconfig
Let's note that our wireless adapter is recognized by BackTrack and is renamed wlan0. Yours may be wlan1 or wlan2.
Step 2: Put the Wireless Adapter into Monitor Mode
Next, we need to put the wireless adapter into monitor or promiscuous mode. We can do that by typing:
- airmon-ng start wlan0
Note that the interface's name has been changed to mon0 by airmon-ng.
Step 3: Start Capturing Traffic
We now need to start capturing traffic. We do this by using the airmon-ng command with the monitoring interface, mon0.
- airodump-ng mon0
As we can see, we are now able to see all the APs and clients within our range!
Step 4: Start a Specific Capture on the AP
As you can see from the screenshot above, there are several APs with WEP encryption. Let's target the first one from the top with the ESSID of "mandela2." Let's copy the BSSID from this AP and begin a capture on that AP.
- airodump-ng --bssid 00:25:9C:97:4F:48 -c 11 -w WEPcrack mon0
This will start capturing packets from the SSID "mandela2" on channel 11 and write them to file WEPcrack in the pcap format. This command alone will now allow us to capture packets in order to crack the WEP key, if we are VERY patient.
But we're not patient, we want it now! We want to crack this key ASAP, and to do that, we will need to inject packets into the AP.
We now need to wait for someone to connect to the AP so that we can get the MAC address from their network card. When we have their MAC address, we can spoof their MAC and inject packets into their AP. As we can see at the bottom of the screenshot, someone has connected to the "wonderhowto" AP. Now we can hasten our attack!
Step 5: Inject ARP Traffic
To spoof their MAC and inject packets, we can use the aireplay-ng command. We need the BSSID of the AP and the MAC address of the client who connected to the AP. We will be capturing an ARP packet and then replaying that ARP thousands of times in order to generate the IVs that we need to crack WEP.
- aireplay-ng -3 -b 00::09:58:6F:64:1E -h 44:60:57:c8:58:A0 mon0
Now when we inject the ARPs into the AP, we will capture the IVs that are generated in our airodump file WEPcrack.
Step 6: Crack the Password
Once we have several thousand IVs in our WEPcrack file, all we need to do is run that file against aircrack-ng, such as this:
- aircrack-ng WEPcrack-01.cap
If we have enough IVs, aircrack-ng will display the key on our screen, usually in hexadecimal format. Simply take that hex key and apply it when logging into the remote AP and you have free wireless!
If you have any dought feel free to ask in the comment section
Note: If you enjoyed this post, you might want to Follow our Twitter or become our Facebook fan. You will get all the latest updates at both the places. And also don't be selfish Share this post with your friends