WIFI ZONE Cr@k All types of WiFi by AmitAcharya8

VIEWS: 98 PAGES: 6

More Info
									This tutorial goes over an easier method to cr@ck WEP thats mostly automated and doesn't
require any coding to be typed in. This method only takes abut 5 minutes.

What you need:

- Backtrack 5 on either a DVD, flash drive, dual boot, etc. ( you can get this
from http://www.backtrack-linux.org/downloads/ - A wifi card that can inject. If you boot
backtrack off a VMware, the wifi card must be USB

1. Boot into backtrack 5. If you've never done this before, refer to the website where you can
download it. Basically you can boot directly off a flash drive (my favorite), off a DVD, or you can
setup a VMware. When you first boot up backtrack it will ask you for a username and password,
which is root // toor and then you will need to type startx 2. Once you're at the backtrack 5
desktop screen, click applications
&
amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; backtrack
&
amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; exploitation tools
&
amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; wireless exploitation
&
amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; wlan exploitation
&
amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; gerix-wifi-cracker-ng

3. Goto the config tab

4. Click on your wireless card in the top box

5. Click enable/disable monitor mode

6. This will create a new wireless device in the box; select this. (note: after selecting, you may
need to press set random mac address)

7. Choose all channels in the drop down, or if you know the channel the wifi you want to h@ck
into is on, choose that.

8. Click on rescan and click on the network you want to h@ck

9. Goto the WEP tab

10. If you have low signal, you'll want to use the chopchop options to cr@ck the WEP. If you have
a stronger signal, you'll be using the fragmentation options. Click all of the buttons in the section
you choose, starting from the top working your way down. Command windows appear, if they
ask you anything say yes.

11. You'll see your IV's going up. Wait until you have about 15,000 IV's before continuing to the
next step.

12. Goto the cr@cking tab

13. Click aircrack-ng decrypt wep password


14. You're done
WPA cr@cking method



cr@ck the WPA of a wireless network using BackTrack 4 step by step. BackTrack is a free OS
available for download at http://www.backtrack-linux.org/downloads/. This tutorial is using
BackTrack 4, but it should work similar in newer versions. Backtrack is the ultimate security
testing OS, and is preloaded with hundreds of tools you can use to hack. We're only going to be
using a couple for this tutorial. Cracking WPA isn't 100% going to work everytime. It depends on
how easy their WPA password is, and how good your dictionary file is.

What you will need:

Computer (Windows, Mac, Linux, any OS) Wireless card that supports promiscuous mode (Most
do, if yours isn't compatible you can buy one that is at any computer store. Check compatibility
here: http://www.aircrack-ng.org/doku.php?
id=compatibility_drivers&a
mp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;DokuWiki=68b8d15896f485
1257a33e8133350dd7#which_is_the_best_card_to_buy) Dictionary file (backtrack comes with a
couple) Optional: Flash drive or blank DVD

1. Download the BackTrack 4 flavor of your choice. You can either boot the OS using VMware
within windows, or you can boot backtrack straight off of a DVD or flash drive. Instructions for
each of these methods are on the backtrack website.

2. Once you have booted up backtrack, it will ask you for a username and password. username:
root password: toor 3. Now type startx and press enter. This will log you into backtrack and you
should now see the desktop.

4. Open a command terminal. You can do this by clicking the black box icon bottom left corner of
the screen.

5. type in: airmon-ng 6. Look for the name of your wireless card, its different for a lot of
computers, mine is wlan0, so for the rest of this guide thats what i'm going to use. Replace
wlan0 in all the following steps with whatever your device name is.

7. type: airmon-ng stop wlan0 8. type: macchanger --mac 00:11:22:33:44:55 wlan0 9. type:
airmon-ng start wlan0 10. type: airodump-ng wlan0 11. You will now see all of the wifi networks
in range. once you found the one you want to hack, press Ctrl + C to stop scanning. Take note of
the bssid and channel of the network you want to hack.

12. type: airodump-ng -c (put the channel # here) -w wpahack --bssid (enter bssid here) wlan0
13. Keep that window open, now open another command terminal and enter the following in the
newly opened terminal: 14. type: aireplay-ng -0 5 -a (enter bssid here) wlan0 15. type: aircrack-
ng wpahack.cap -w (path to a dictionary file) 16. You should now see it attempting to crack the
WPA key. This could take awhile depending on how big the dictionary file is, and how fast your
computer is. When its found the key, it will appear on the screen. You can now log into that

network using the WPA on the screen

NOTES:
This won't work if you dont get a WPA handshake. The command terminal will let you know if
you've received the WPA handshake or not.

H@cking WPA isn't 100% going to work every time. It will only work if their WPA password is in
the dictionary file you're using. The bigger the dictionary file, the better your chances, the longer
it will take.

It is illegal to steal wireless internet. Only try this on your own network. This guide is for
educational purposes only, as with everything in this ebook. Use at your own risk.




See page number 3 for Windows wep tutorial



WPS method




Backtrack 5 (preferrably R2, as this version comes with Reaver)

THIS WILL ONLY WORK IF WPS IS ENABLED ON THE ROUTER. (it is on most routers)

1. Boot up Backtrack 5, preferrably the latest version.

2. If you aren't using the latest backtrack, you'll need to download reaver. You can do this by
connecting to the internet and typing the following in the command terminal: apt-get install
reaver

3. Now you need to put your wireless card into monitor mode. On most PC's, your wireless card
device name will be wlan0 so thats what we'll use for this tutorial. Type the following into the
terminal: airmon-ng start wlan0

4. Next you need the mac address of the router. to get this type the following command:
airodump-ng wlan0

5. You should now see a list of routers in range and their mac address, along with channel etc.
Copy the MAC address

6. Next, you need to start up reaver. You can do this by simply typing reaver in the terminal and
pressing enter. This will show you all the available commands you can use in reaver, so feel free
to play with the options.

7. Enter the following command: reaver -i mon0 -b MACADDRESSHERE -vv

8. Now let the program do its stuff, it can take as long 40+ hours to crack a weak signal. But
usually less than 24 hours. if you need to use your pc in the mean time. you can save the work
done by reaver by pressing: CTRL+ALT+C

note: this does not seem to work on BT(British telecom) router's even if wps is enabled. This is
for educational purposes only. UPDATE: the Reaver program is now included in Backtrack 5R2
1st on ff WiFi cr@cking live os

WiFi Hack - How to Acess On Your Neighbours using

Includes:

1. Auditor-200605-02-no-ipw2100.iso This version is for systems with the Intel B/G wireless
cards (IPW2200) only.All other system should take the version below.The md5sum of auditor-
200605-02-no-ipw2100.iso is
"70a5f3e47c191c055366b
3b0a3fa2c90"

2. Auditor-200605-02-ipw2100.iso This version is for all systems except systems with the Intel
B/G wireless cards (IPW2200).The md5sum of auditor-200605-02-ipw2100.iso is
"cdec4b975c1001ddc127a
16a32ed1dd7"

Both is bootable Live CD's (no need install nothing) Image format: .ISO Burn with UltraISO,
Alcohol. Nero etc.

Description: Including everything you need to hack and crack Wifi internet connections. Basic
Directions: 1)Boot from cd 2)get the wep key 3)write it down 4)reboot into windows 5)connect
using wep key.

Auditor: The security tool collection The Auditor security collection is a GPL-licensed live CD
based on Knoppix, with more than 300 security software tools. Auditor gives you easy access to a
broad range of tools in almost no time. To get started, download the latest image of Auditor and
burn it as a bootable image. Remember to use the image option -- just copying the file will not
produce a bootable image. After you have successfully written the image to disc, you can start
Auditor directly from the CD. It will not install any permanent software on the hard disk unless
you request it to, so don't be nervous to useAuditor on a client workstation.

The md5sum of auditor-200605-02-no-ipw2100.iso is
"70a5f3e47c191c055366b
3b0a3fa2c90"

Transfertype Download link auditor-200605-02-no-ipw2100.iso

mirror.switch.ch/ftp/mirror/auditor/auditor-200605-02-no-ipw2100.iso Copy the link in your
browser and download it !!

The md5sum of auditor-200605-02-ipw2100.iso is
"cdec4b975c1001ddc127a
16a32ed1dd7"

Transfertype Download link auditor-200605-02-ipw2100.iso

mirror.switch.ch/ftp/mirror/auditor/auditor-200605-02-ipw2100.iso Copy the link in your
browser and download it !!
***Malicious Ap method *****



This tutorial will show you how to create a fake wireless network that others can connect to. You
can use this to then redirect traffic to your IP or webpage to install your server or virus, sniff
network traffic to obtain usernames and passwords, or even as your own personal secret
network.

What you need:

Backtrack 5 SET (social engineering toolkit, comes with Backtrack 5) Python (for SET, comes
with Backtrack 5) aircrack-ng suit (comes with Backtrack 5) dnsspoof (comes with Backtrack 5)
DHCP server (dhcpd)

1. Open SET by using the cd command in the terminal to: /pentest/exploits/set and then hitting
enter and typing ./set

2. Choose option 1

3. Choose option 8

4. Choose option 1

5. When it asks you to edit the DHCP config file, enter your main WiFi interface and optionally
your monitor interface.

6. IP options can be arbitrary, but this tutorial will use the 10.0.0.100:254 set

7. Interface should be your main interface (e.g. wlan0)

8. It will now start all commands for you, and since it starts dnsspoof and dhcp server, you

REALLY are like a router... to yourself

9. Enjoy your access point, you can now start using server exploits and be sure you use the
srvhost as: 10.0.0.1 (or others if the other choice was chosen) and srvport as 80.

10. Leave SET open to keep it working! To stop it, simply go back to the wireless attack menu
and choose choice 2 and enter your wireless interface.




Method for cracking a WEP In 5 Min. Or in short terms Breaking Wifi Security:

Here is how it can be done:

1. Run Kismet to find your target network. Get the SSID and the channel. 2. Run Airodump and
start capturing data. 3. With Aireplay, start replaying a packet on the target network. (You can
find a ‘good packet’ by looking at the BSSID MAC on Kismet and
comparing it to the captured packet’s BSSID MAC). 4. Watch as Airodump goes
crazy with new IVs. Thanks to Aireplay. 5. Stop Airodump when you have about 1,000 IVs. 6. Run
Aircrack on the captured file. 7. You should see the WEP key infront of you now.

List of programs used:

Kismet :- It is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection
system. It is designed for Linux. You can download it at www.kismetwireless.net A windows
version can be downloaded at http://www.renderlab.net/projects/wrt54g/kiswin.html

Aircrack (Includes Airodump, Aireplay, Aircrack and optional Airdecap for decrypting WEP/WPA
capture files)

Aircrack is the 802.11 WEP and WPA-PSK keys cracking program that can recover this keys once
enough encrypted packets have been captured with airodump.

Airdecap is used to decrypt WEP/WPA capture files.

Airmon can be used to configure the wireless card.

Aireplay is used to inject frames.

Airodump is used for packet capturing of raw 802.11 frames and is particularly suitable for
collecting WEP IVs (initialization vectors) for the intent of using them with aircrack-ng.

Download the whole suit at www.aircrack-ng.org

								
To top