What You Need To Follow The Steps In This Tutorial
You need Kali Linux
and basic knowledge of Linux. Kali Linux is a Debian-based Linux
distribution for testing network security. Kali Linux currently supports
PC’s and ARM-powered machines.
First boot kali linux on DVD or USB.To do this first download LINUX LIVE USB CREATOR.And install it on your pc.
Then follow this steps.
Keep pressing F8 on booting of your pc.Then you will se kali linux screen. Select live boot from it .
Now you are in kali linux.
If the WiFi driver is working, then the network traffic in the top right corner of the screen will show available wireless networks when you click on it.
Use kismet to find information about the WEP-secured wireless network that you want to crack. You need such information as:
The -e option specifies the network name, the -a option specifies the MAC address of the AP, and the -h option specifies the MAC address of the wireless client. You can use macchanger to view and change your MAC address, for example, macchanger -s wlan0. Then, you can associate your wireless adapter when there are no clients connected to the wireless network in the first place.
ARP injection is slow but always works. While airodump-ng is listening, open another tab in GNOME Terminal and start the ARP injection attack.
The -b option specifies the MAC address of the AP and -h specifies MAC address of the associated client. Let it run and airodump-ng will pick up traffic. If no client is connected, we can create one by fake authentication described above.
This attack generates traffic by asking the access point to resend data packets. Open another tab in GNOME Terminal and start the interactive packet replay attack.
First boot kali linux on DVD or USB.To do this first download LINUX LIVE USB CREATOR.And install it on your pc.
Then follow this steps.
- CHOOSE YOUR KEY: choose the USB drive or BLANK DVD drive.
- CHOOSE A SOURCE: choose source of our file. Here we select ISO/IMAGE.
- PERSISTENCE:leave as it is
- OPTIONS:check all the boxes.
- CREAT: Click on the lightning icon. and wait till finish.
Keep pressing F8 on booting of your pc.Then you will se kali linux screen. Select live boot from it .
Now you are in kali linux.
Let’s Crack WEP
Now open a Terminal window and type ifconfig to see if your wifi card is running. It will have a designation such as wlan0, wlan1, etc…
If you have no wlan, you may need to type the command for loading a driver for your wireless network card or USB WiFi adapter. You may have to put required firmware in /lib/firmware before trying to load the driver because Kali Linux lacks firmware for some drivers. For example, to load b43 driver, type:
If you have no wlan, you may need to type the command for loading a driver for your wireless network card or USB WiFi adapter. You may have to put required firmware in /lib/firmware before trying to load the driver because Kali Linux lacks firmware for some drivers. For example, to load b43 driver, type:
modprobe -r b43
modprobe b43
If the WiFi driver is working, then the network traffic in the top right corner of the screen will show available wireless networks when you click on it.
Use kismet to find information about the WEP-secured wireless network that you want to crack. You need such information as:
- Name of the wireless network (ESSID)
- MAC address of the access point (BSSID)
- Channel of the wireless network
- MAC address of wireless client
In Kismet, WEP-secured networks are marked with W under the C column of network list.
To put your wireless device wlan0 in monitoring mode type the following commands.
To put your wireless device wlan0 in monitoring mode type the following commands.
airmon-ng stop wlan0
airmon-ng start wlan0
Change
the MAC address of your wireless network card. This may or may not work
depending on the hardware used. In the example, the text in red is the
new MAC address for your wireless card. Usually, this MAC is the actual
MAC address of an existing wireless client associated with the target
network. With the fake MAC, we’re going to trick the access point with
one of the following attacks.
ifconfig wlan0 down
ifconfig wlan0 hw ether 6C:83:36:6C:65:CD
ifconfig -a
Start
airodump-ng which will sniff wireless traffic of the target network and
collect good IV’s (initialization vectors, part of WEP encryption
data). The logfile will be used later to find the WEP key. The number
after -c option is the channel of the wireless network to listen to. The
screen will show wireless networks and associated clients, if any, with
a set of numbers increasing. Don’t stop airodump-ng or close the
terminal yet. Just leave the terminal open
airodump-ng -w logfile -c 6 –ivs wlan0
In
the following attacks, we are going to use aireplay-ng. Aireplay-ng is a
handy tool for generating more wireless traffic in order to collect
sufficient amount of good IV’s. It does so by injecting or replaying
captured packets to fool the access point into giving us what we need.
Open another tab in GNOME Terminal. This attack will associate the
target wireless client with the access point.
aireplay-ng -1 30 -e WIFINET -a 00:23:97:26:66:A3
-h 6C:83:36:6C:65:CD wlan0
The -e option specifies the network name, the -a option specifies the MAC address of the AP, and the -h option specifies the MAC address of the wireless client. You can use macchanger to view and change your MAC address, for example, macchanger -s wlan0. Then, you can associate your wireless adapter when there are no clients connected to the wireless network in the first place.
ARP injection is slow but always works. While airodump-ng is listening, open another tab in GNOME Terminal and start the ARP injection attack.
aireplay-ng -3 -b 00:23:97:26:66:A3 -h 6C:83:36:6C:65:CD wlan0
The -b option specifies the MAC address of the AP and -h specifies MAC address of the associated client. Let it run and airodump-ng will pick up traffic. If no client is connected, we can create one by fake authentication described above.
This attack generates traffic by asking the access point to resend data packets. Open another tab in GNOME Terminal and start the interactive packet replay attack.
aireplay-ng -2 -b 00:23:97:26:66:A3 -h 6C:83:36:6C:65:CD -n 160 -p 0841 -c FF:FF:FF:FF:FF:FF wlan0
The -b option specifies the MAC address of the AP and -h specifies MAC address of the associated client.
After enough packets have been collected and saved, aircrack-ng can be used to crack the WEP key.
After enough packets have been collected and saved, aircrack-ng can be used to crack the WEP key.
aircrack-ng -a 1 -b 00:23:97:26:66:A3 -n 64 logfile-01.ivs
Replace
the filename with your log file that was previously generated with
airodump-ng. Also, specify the access point’s MAC address with -b option. The -n option specifies whether the WEP strength is 64-bit or 128-bit. The -a 1 option specifies that we’re cracking WEP.
If you still can’t crack WEP with tons of IV’s, increase the fudge factor with -f N option (N>=2). It’ll take much longer to crack but you’ll have a better chance at success.
If you still can’t crack WEP with tons of IV’s, increase the fudge factor with -f N option (N>=2). It’ll take much longer to crack but you’ll have a better chance at success.
